All commit authors signed the Contributor License Agreement.

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phraseI have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

Can you also check whether_hmac suffers from that? I don't remember whether I actually C/Ced this code or if I used another refcounting approach.

Can you also check whether_hmac suffers from that? I don't remember whether I actually C/Ced this code or if I used another refcounting approach.

I checked the HMAC implementation in_hashopenssl.c. It uses the samestate->hashtable that is initialized bypy_hashentry_table_new(). There's no separate hashtable for HMAC. So this fix covers both hash functions and HMAC.

I'm sorry, I meant thehmacmodule.c

I'm sorry, I meant thehmacmodule.c

Yes,hmacmodule.c has the same issue inpy_hmac_hinfo_ht_new().

I can suggest the following solution:

#define Py_HMAC_HINFO_LINK(KEY)                                 \        do {                                                    \            int rc = py_hmac_hinfo_ht_add(table, KEY, value);   \            if (rc < 0) {                                       \+                if (value->refcnt == 0) {                      \                    PyMem_Free(value);                          \+                }                                              \                goto error;                                     \            }                                                   \            else if (rc == 1) {                                 \                value->refcnt++;                                \            }                                                   \        } while (0)        Py_HMAC_HINFO_LINK(e->name);        Py_HMAC_HINFO_LINK(e->hashlib_name);#undef Py_HMAC_HINFO_LINK

Should I include this fix in the same PR or create a separate one?

Yes, please do so, and put a comment as well.

Please add the test repro as a regression test.

I investigated adding a regression test using_testcapi.set_nomemory, but found it's not feasible for this specific bug.

Theset_nomemory() approach from the issue report triggers allocation failures globally, and the exact allocation number that hits our specific code path varies by platform/configuration.

Do you have any suggestions for how to reliably test this?

Do you have any suggestions for how to reliably test this?

You have an ASASN reproducer, why not use it?

Do you have any suggestions for how to reliably test this?

You have an ASASN reproducer, why not use it?

I think that testing usingset_nomemory(40, 41) is a bad idea because the number of memory allocations differs across platforms, and we cannot guarantee that allocations 40-41 will always occur inpy_hashentry_table_new on all platforms.

I believe this is whythe macOS Intel test crashes.

I don't know how to write a regression test for this scenario. I would suggest removing the test, since the fix is simple, comments have been left, and a regression seems unlikely to happen.

Oo for removig the test.

I have made the requested changes; please review again

Thanks for making the requested changes!

@picnixz: please review the changes made to this pull request.