`pyexpat.c`: Unbounded C recursion in `conv_content_model` causes crash (CVE 2026-4224)

[StanFromIreland]

Crash report

What happened?

Please see PR for more information.

CPython versions tested on:

3.10, 3.11, 3.12, 3.13, 3.14, 3.15, CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

No response

Linked PRs

• gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) #145987
• [3.14] gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) (GH-145987) #145995
• [3.13] gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) (GH-145987) #145996
• [3.12] gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) (GH-145987) #145999
• [3.11] gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) (GH-145987) #146000
• [3.10] gh-145986: Avoid unbound C recursion in conv_content_model in pyexpat.c (CVE 2026-4224) (GH-145987) #146002