Address review comments.

serhiy-storchaka · serhiy-storchaka · commit 82093fbcca03 · 2025-12-01T16:28:30.000+02:00
diff --git a/Lib/plistlib.py b/Lib/plistlib.py
@@ -75,7 +75,7 @@
 
 # Data larger than this will be read in chunks, to prevent extreme
 # overallocation.
-_SAFE_BUF_SIZE = 1 << 20
+_MIN_READ_BUF_SIZE = 1 << 20
 
 class UID:
     def __init__(self, data):
@@ -512,7 +512,7 @@ def _get_size(self, tokenL):
         return tokenL
 
     def _read(self, size):
-        cursize = min(size, _SAFE_BUF_SIZE)
+        cursize = min(size, _MIN_READ_BUF_SIZE)
         data = self._fp.read(cursize)
         while True:
             if len(data) != cursize:
diff --git a/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst b/Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst
@@ -1,6 +1,5 @@
-Fix a potential denial of service in the :mod:`plistlib` module.
+Fix a potential memory denial of service in the :mod:`plistlib` module.
 When reading a Plist file received from untrusted source, it could cause
 an arbitrary amount of memory to be allocated.
-In best case this could lead to a :exc:`MemoryError` or other process crash.
-In worst case it could lead to swapping which would dramatically slow down the
-whole system and make it less responcible.
+This could have led to symptoms including a :exc:`MemoryError`, swapping, out
+of memory (OOM) killed processes or containers, or even system crashes.
