[3.13] gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146...

gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)

* Remove quadratic behavior in node ID cache clearing

* Add news fragment

---------
(cherry picked from commit 08d8e18ad81cd45bc4a27d6da478b51ea49486e4)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com>
Origin: upstream, https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964

Gbp-Pq: Name CVE-2025-12084.patch

diff --git a/Lib/test/test_minidom.py b/Lib/test/test_minidom.py
index 5f52ed1de302f18b91530b11d90e0dc071fb97f2..840a3f5a11224a232bcdeb596b2c86b60f26a030 100644 (file)
--- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py
@@ -2,6 +2,7 @@
 
 import copy
 import pickle
+import time
 import io
 from test import support
 import unittest
@@ -163,6 +164,23 @@ class MinidomTest(unittest.TestCase):
         self.confirm(dom.documentElement.childNodes[-1].data == "Hello")
         dom.unlink()
 
+    def testAppendChildNoQuadraticComplexity(self):
+        impl = getDOMImplementation()
+
+        newdoc = impl.createDocument(None, "some_tag", None)
+        top_element = newdoc.documentElement
+        children = [newdoc.createElement(f"child-{i}") for i in range(1, 2 ** 15 + 1)]
+        element = top_element
+
+        start = time.time()
+        for child in children:
+            element.appendChild(child)
+            element = child
+        end = time.time()
+
+        # This example used to take at least 30 seconds.
+        self.assertLess(end - start, 10)
+
     def testAppendChildFragment(self):
         dom, orig, c1, c2, c3, frag = self._create_fragment_test_nodes()
         dom.documentElement.appendChild(frag)

diff --git a/Lib/xml/dom/minidom.py b/Lib/xml/dom/minidom.py
index d09ef5e7d0371ae3e7c6d56fb89faf8bb401bc49..3a9129596280bcb3e334c8184574011b3d9bd10d 100644 (file)
--- a/Lib/xml/dom/minidom.py
+++ b/Lib/xml/dom/minidom.py
@@ -292,13 +292,6 @@ def _append_child(self, node):
     childNodes.append(node)
     node.parentNode = self
 
-def _in_document(node):
-    # return True iff node is part of a document tree
-    while node is not None:
-        if node.nodeType == Node.DOCUMENT_NODE:
-            return True
-        node = node.parentNode
-    return False
 
 def _write_data(writer, data):
     "Writes datachars to writer."
@@ -1537,7 +1530,7 @@ def _clear_id_cache(node):
     if node.nodeType == Node.DOCUMENT_NODE:
         node._id_cache.clear()
         node._id_search_stack = None
-    elif _in_document(node):
+    elif node.ownerDocument:
         node.ownerDocument._id_cache.clear()
         node.ownerDocument._id_search_stack= None
 

diff --git a/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
new file mode 100644 (file)
index 0000000..440bc77
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-12-01-09-36-45.gh-issue-142145.tcAUhg.rst
@@ -0,0 +1 @@
+Remove quadratic behavior in ``xml.minidom`` node ID cache clearing.