python3-cbor2: patch CVE-2026-26209

Backport the patch[1] which fixes this vulnerability as mentioned in the comment[3]. Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209 [1] https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b [2] https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824 (pre patch) [3] https://github.com/agronholm/cbor2/pull/275 Dropped changes to the changelog from the original commit. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Hitendra Prajapati <hprajapati@mvista.com> 2026-03-31 11:45:06 +0530
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-04-03 15:00:47 +0530
commit: 4810cd8c5bbc0b4349a78eac85a6a882bc0b03a2 (patch)
tree: 772d54d051e1374ce4d971d0673a17a39bcf91e2 /meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch
parent: b13ae5a8eb286f8f4e53c290d5b09e15c303289c (diff)
download: meta-openembedded-4810cd8c5bbc0b4349a78eac85a6a882bc0b03a2.tar.gz
1 files changed, 415 insertions, 0 deletions
diff --git a/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch
new file mode 100644
index 0000000000..1a9c5a3995
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch
@@ -0,0 +1,415 @@
+From e61a5f365ba610d5907a0ae1bc72769bba34294b Mon Sep 17 00:00:00 2001
+From: Andreas Eriksen <andreer@vespa.ai>
+Date: Sat, 28 Feb 2026 22:21:06 +0100
+Subject: [PATCH] Set default read_size to 1 for backwards compatibility (#275)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. This changes the default back to 1 (matching 5.7.1 behavior) while allowing users to opt-in to faster decoding by passing read_size=4096.
+Implementation details:
+- Use function pointer dispatch to eliminate runtime checks for read_size=1
+- Skip buffer allocation entirely for unbuffered path
+- Add read_size parameter to load() and loads() for API completeness
+CVE: CVE-2026-26209
+Upstream-Status: Backport [https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ cbor2/_decoder.py     | 33 ++++++++++++++++--
+ docs/usage.rst        | 11 ++++++
+ source/decoder.c      | 78 +++++++++++++++++++++++++++++--------------
+ source/decoder.h      | 16 +++++++--
+ tests/test_decoder.py | 15 +++++++++
+ 5 files changed, 123 insertions(+), 30 deletions(-)
+diff --git a/cbor2/_decoder.py b/cbor2/_decoder.py
+index 4aeadcf..5a1f65b 100644
+--- a/cbor2/_decoder.py
+++ b/cbor2/_decoder.py
+@@ -72,6 +72,7 @@ class CBORDecoder:
+         tag_hook: Callable[[CBORDecoder, CBORTag], Any] | None = None,
+         object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] | None = None,
+         str_errors: Literal["strict", "error", "replace"] = "strict",
+        read_size: int = 1,
+     ):
+         """
+         :param fp:
+@@ -90,6 +91,13 @@ class CBORDecoder:
+         :param str_errors:
+             determines how to handle unicode decoding errors (see the `Error Handlers`_
+             section in the standard library documentation for details)
+        :param read_size:
+            the minimum number of bytes to read at a time.
+            Setting this to a higher value like 4096 improves performance,
+            but is likely to read past the end of the CBOR value, advancing the stream
+            position beyond the decoded data. This only matters if you need to reuse the
+            stream after decoding.
+            Ignored in the pure Python implementation, but included for API compatibility.
+ 
+         .. _Error Handlers: https://docs.python.org/3/library/codecs.html#error-handlers
+ 
+@@ -813,6 +821,7 @@ def loads(
+     tag_hook: Callable[[CBORDecoder, CBORTag], Any] | None = None,
+     object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] | None = None,
+     str_errors: Literal["strict", "error", "replace"] = "strict",
+    read_size: int = 1,
+ ) -> Any:
+     """
+     Deserialize an object from a bytestring.
+@@ -831,6 +840,10 @@ def loads(
+     :param str_errors:
+         determines how to handle unicode decoding errors (see the `Error Handlers`_
+         section in the standard library documentation for details)
+    :param read_size:
+        the minimum number of bytes to read at a time.
+        Setting this to a higher value like 4096 improves performance.
+        Ignored in the pure Python implementation, but included for API compatibility.
+     :return:
+         the deserialized object
+ 
+@@ -839,7 +852,11 @@ def loads(
+     """
+     with BytesIO(s) as fp:
+         return CBORDecoder(
+-            fp, tag_hook=tag_hook, object_hook=object_hook, str_errors=str_errors
+            fp,
+            tag_hook=tag_hook,
+            object_hook=object_hook,
+            str_errors=str_errors,
+            read_size=read_size,
+         ).decode()
+ 
+ 
+@@ -848,6 +865,7 @@ def load(
+     tag_hook: Callable[[CBORDecoder, CBORTag], Any] | None = None,
+     object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] | None = None,
+     str_errors: Literal["strict", "error", "replace"] = "strict",
+    read_size: int = 1,
+ ) -> Any:
+     """
+     Deserialize an object from an open file.
+@@ -866,6 +884,13 @@ def load(
+     :param str_errors:
+         determines how to handle unicode decoding errors (see the `Error Handlers`_
+         section in the standard library documentation for details)
+    :param read_size:
+        the minimum number of bytes to read at a time.
+        Setting this to a higher value like 4096 improves performance,
+        but is likely to read past the end of the CBOR value, advancing the stream
+        position beyond the decoded data. This only matters if you need to reuse the
+        stream after decoding.
+        Ignored in the pure Python implementation, but included for API compatibility.
+     :return:
+         the deserialized object
+ 
+@@ -873,5 +898,9 @@ def load(
+ 
+     """
+     return CBORDecoder(
+-        fp, tag_hook=tag_hook, object_hook=object_hook, str_errors=str_errors
+        fp,
+        tag_hook=tag_hook,
+        object_hook=object_hook,
+        str_errors=str_errors,
+        read_size=read_size,
+     ).decode()
+diff --git a/docs/usage.rst b/docs/usage.rst
+index 797db59..6f53174 100644
+--- a/docs/usage.rst
+++ b/docs/usage.rst
+@@ -74,6 +74,17 @@ instead encodes a reference to the nth sufficiently long string already encoded.
+ .. warning:: Support for string referencing is rare in other CBOR implementations, so think carefully
+     whether you want to enable it.
+ 
+Performance tuning
+------------------
+
+By default, the decoder only reads the exact amount of bytes it needs. But this can negatively
+impact the performance due to the potentially large number of individual read operations.
+To make it faster, you can pass a different ``read_size`` parameter (say, 4096), to :func:`load`,
+:func:`loads` or :class:`CBORDecoder`.
+
+.. warning:: If the input stream contains data other than the CBOR stream, that data (or parts of)
+    may be lost.
+
+ Tag support
+ -----------
+ 
+diff --git a/source/decoder.c b/source/decoder.c
+index 9cd1596..f8adc93 100644
+--- a/source/decoder.c
+++ b/source/decoder.c
+@@ -47,6 +47,10 @@ static int _CBORDecoder_set_tag_hook(CBORDecoderObject *, PyObject *, void *);
+ static int _CBORDecoder_set_object_hook(CBORDecoderObject *, PyObject *, void *);
+ static int _CBORDecoder_set_str_errors(CBORDecoderObject *, PyObject *, void *);
+ 
+// Forward declarations for read dispatch functions
+static int fp_read_unbuffered(CBORDecoderObject *, char *, Py_ssize_t);
+static int fp_read_buffered(CBORDecoderObject *, char *, Py_ssize_t);
+
+ static PyObject * decode(CBORDecoderObject *, DecodeOptions);
+ static PyObject * decode_bytestring(CBORDecoderObject *, uint8_t);
+ static PyObject * decode_string(CBORDecoderObject *, uint8_t);
+@@ -155,6 +159,7 @@ CBORDecoder_new(PyTypeObject *type, PyObject *args, PyObject *kwargs)
+         self->readahead_size = 0;
+         self->read_pos = 0;
+         self->read_len = 0;
+        self->fp_read = fp_read_unbuffered;  // default, will be set properly in init
+     }
+     return (PyObject *) self;
+ error:
+@@ -164,7 +169,7 @@ error:
+ 
+ 
+ // CBORDecoder.__init__(self, fp=None, tag_hook=None, object_hook=None,
+-//                      str_errors='strict', read_size=4096)
+//                      str_errors='strict', read_size=1)
+ int
+ CBORDecoder_init(CBORDecoderObject *self, PyObject *args, PyObject *kwargs)
+ {
+@@ -233,7 +238,8 @@ _CBORDecoder_set_fp_with_read_size(CBORDecoderObject *self, PyObject *value, Py_
+         return -1;
+     }
+ 
+-    if (self->readahead == NULL || self->readahead_size != read_size) {
+    // Skip buffer allocation for read_size=1 (direct read path doesn't use buffer)
+    if (read_size > 1 && (self->readahead == NULL || self->readahead_size != read_size)) {
+         new_buffer = (char *)PyMem_Malloc(read_size);
+         if (!new_buffer) {
+             Py_DECREF(read);
+@@ -254,8 +260,15 @@ _CBORDecoder_set_fp_with_read_size(CBORDecoderObject *self, PyObject *value, Py_
+     if (new_buffer) {
+         PyMem_Free(self->readahead);
+         self->readahead = new_buffer;
+-        self->readahead_size = read_size;
+    } else if (read_size == 1 && self->readahead != NULL) {
+        // Free existing buffer when switching to direct read path (read_size=1)
+        PyMem_Free(self->readahead);
+        self->readahead = NULL;
+     }
+    self->readahead_size = read_size;
+
+    // Set read dispatch function - eliminates runtime check on every read
+    self->fp_read = (read_size == 1) ? fp_read_unbuffered : fp_read_buffered;
+ 
+     return 0;
+ }
+@@ -447,9 +460,25 @@ fp_read_bytes(CBORDecoderObject *self, char *buf, Py_ssize_t size)
+     return bytes_read;
+ }
+ 
+-// Read into caller's buffer using the readahead buffer
+// Unbuffered read - used when read_size=1 (backwards compatible mode)
+// This matches the 5.7.1 behavior with no runtime overhead
+static int
+fp_read_unbuffered(CBORDecoderObject *self, char *buf, Py_ssize_t size)
+{
+    Py_ssize_t bytes_read = fp_read_bytes(self, buf, size);
+    if (bytes_read == size)
+        return 0;
+    if (bytes_read >= 0)
+        PyErr_Format(
+            _CBOR2_CBORDecodeEOF,
+            "premature end of stream (expected to read %zd bytes, "
+            "got %zd instead)", size, bytes_read);
+    return -1;
+}
+
+// Buffered read - used when read_size > 1 for improved performance
+ static int
+-fp_read(CBORDecoderObject *self, char *buf, const Py_ssize_t size)
+fp_read_buffered(CBORDecoderObject *self, char *buf, Py_ssize_t size)
+ {
+     Py_ssize_t available, to_copy, remaining, total_copied;
+ 
+@@ -507,7 +536,7 @@ fp_read_object(CBORDecoderObject *self, const Py_ssize_t size)
+     if (!ret)
+         return NULL;
+ 
+-    if (fp_read(self, PyBytes_AS_STRING(ret), size) == -1) {
+    if (self->fp_read(self, PyBytes_AS_STRING(ret), size) == -1) {
+         Py_DECREF(ret);
+         return NULL;
+     }
+@@ -528,7 +557,7 @@ CBORDecoder_read(CBORDecoderObject *self, PyObject *length)
+         return NULL;
+     ret = PyBytes_FromStringAndSize(NULL, len);
+     if (ret) {
+-        if (fp_read(self, PyBytes_AS_STRING(ret), len) == -1) {
+        if (self->fp_read(self, PyBytes_AS_STRING(ret), len) == -1) {
+             Py_DECREF(ret);
+             ret = NULL;
+         }
+@@ -576,19 +605,19 @@ decode_length(CBORDecoderObject *self, uint8_t subtype,
+         if (subtype < 24) {
+             *length = subtype;
+         } else if (subtype == 24) {
+-            if (fp_read(self, value.u8.buf, sizeof(uint8_t)) == -1)
+            if (self->fp_read(self, value.u8.buf, sizeof(uint8_t)) == -1)
+                 return -1;
+             *length = value.u8.value;
+         } else if (subtype == 25) {
+-            if (fp_read(self, value.u16.buf, sizeof(uint16_t)) == -1)
+            if (self->fp_read(self, value.u16.buf, sizeof(uint16_t)) == -1)
+                 return -1;
+             *length = be16toh(value.u16.value);
+         } else if (subtype == 26) {
+-            if (fp_read(self, value.u32.buf, sizeof(uint32_t)) == -1)
+            if (self->fp_read(self, value.u32.buf, sizeof(uint32_t)) == -1)
+                 return -1;
+             *length = be32toh(value.u32.value);
+         } else {
+-            if (fp_read(self, value.u64.buf, sizeof(uint64_t)) == -1)
+            if (self->fp_read(self, value.u64.buf, sizeof(uint64_t)) == -1)
+                 return -1;
+             *length = be64toh(value.u64.value);
+         }
+@@ -752,7 +781,7 @@ decode_indefinite_bytestrings(CBORDecoderObject *self)
+     list = PyList_New(0);
+     if (list) {
+         while (1) {
+-            if (fp_read(self, &lead.byte, 1) == -1)
+            if (self->fp_read(self, &lead.byte, 1) == -1)
+                 break;
+             if (lead.major == 2 && lead.subtype != 31) {
+                 ret = decode_bytestring(self, lead.subtype);
+@@ -959,7 +988,7 @@ decode_indefinite_strings(CBORDecoderObject *self)
+     list = PyList_New(0);
+     if (list) {
+         while (1) {
+-            if (fp_read(self, &lead.byte, 1) == -1)
+            if (self->fp_read(self, &lead.byte, 1) == -1)
+                 break;
+             if (lead.major == 3 && lead.subtype != 31) {
+                 ret = decode_string(self, lead.subtype);
+@@ -2040,7 +2069,7 @@ CBORDecoder_decode_simple_value(CBORDecoderObject *self)
+     PyObject *tag, *ret = NULL;
+     uint8_t buf;
+ 
+-    if (fp_read(self, (char*)&buf, sizeof(uint8_t)) == 0) {
+    if (self->fp_read(self, (char*)&buf, sizeof(uint8_t)) == 0) {
+         tag = PyStructSequence_New(&CBORSimpleValueType);
+         if (tag) {
+             PyStructSequence_SET_ITEM(tag, 0, PyLong_FromLong(buf));
+@@ -2066,7 +2095,7 @@ CBORDecoder_decode_float16(CBORDecoderObject *self)
+         char buf[sizeof(uint16_t)];
+     } u;
+ 
+-    if (fp_read(self, u.buf, sizeof(uint16_t)) == 0)
+    if (self->fp_read(self, u.buf, sizeof(uint16_t)) == 0)
+         ret = PyFloat_FromDouble(unpack_float16(u.i));
+     set_shareable(self, ret);
+     return ret;
+@@ -2084,7 +2113,7 @@ CBORDecoder_decode_float32(CBORDecoderObject *self)
+         char buf[sizeof(float)];
+     } u;
+ 
+-    if (fp_read(self, u.buf, sizeof(float)) == 0) {
+    if (self->fp_read(self, u.buf, sizeof(float)) == 0) {
+         u.i = be32toh(u.i);
+         ret = PyFloat_FromDouble(u.f);
+     }
+@@ -2104,7 +2133,7 @@ CBORDecoder_decode_float64(CBORDecoderObject *self)
+         char buf[sizeof(double)];
+     } u;
+ 
+-    if (fp_read(self, u.buf, sizeof(double)) == 0) {
+    if (self->fp_read(self, u.buf, sizeof(double)) == 0) {
+         u.i = be64toh(u.i);
+         ret = PyFloat_FromDouble(u.f);
+     }
+@@ -2133,7 +2162,7 @@ decode(CBORDecoderObject *self, DecodeOptions options)
+     if (Py_EnterRecursiveCall(" in CBORDecoder.decode"))
+         return NULL;
+ 
+-    if (fp_read(self, &lead.byte, 1) == 0) {
+    if (self->fp_read(self, &lead.byte, 1) == 0) {
+         switch (lead.major) {
+             case 0: ret = decode_uint(self, lead.subtype);       break;
+             case 1: ret = decode_negint(self, lead.subtype);     break;
+@@ -2387,13 +2416,12 @@ PyDoc_STRVAR(CBORDecoder__doc__,
+ "    :class:`dict` object. The return value is substituted for the dict\n"
+ "    in the deserialized output.\n"
+ ":param read_size:\n"
+-"    the size of the read buffer (default 4096). The decoder reads from\n"
+-"    the stream in chunks of this size for performance. This means the\n"
+-"    stream position may advance beyond the bytes actually decoded. For\n"
+-"    large values (bytestrings, text strings), reads may be larger than\n"
+-"    ``read_size``. Code that needs to read from the stream after\n"
+-"    decoding should use :meth:`decode_from_bytes` instead, or set\n"
+-"    ``read_size=1`` to disable buffering (at a performance cost).\n"
+"    the minimum number of bytes to read at a time.\n"
+"    Setting this to a higher value like 4096 improves performance,\n"
+"    but is likely to read past the end of the CBOR value, advancing the stream\n"
+"    position beyond the decoded data. This only matters if you need to reuse the\n"
+"    stream after decoding.\n"
+"    Ignored in the pure Python implementation, but included for API compatibility.\n"
+ "\n"
+ ".. _CBOR: https://cbor.io/\n"
+ );
+diff --git a/source/decoder.h b/source/decoder.h
+index a2f4bf1..3efff8b 100644
+--- a/source/decoder.h
+++ b/source/decoder.h
+@@ -3,10 +3,17 @@
+ #include <stdbool.h>
+ #include <stdint.h>
+ 
+-// Default readahead buffer size for streaming reads
+-#define CBOR2_DEFAULT_READ_SIZE 4096
+// Default readahead buffer size for streaming reads.
+// Set to 1 for backwards compatibility (no buffering).
+#define CBOR2_DEFAULT_READ_SIZE 1
+ 
+-typedef struct {
+// Forward declaration for function pointer typedef
+struct CBORDecoderObject_;
+
+// Function pointer type for read dispatch (eliminates runtime check)
+typedef int (*fp_read_fn)(struct CBORDecoderObject_ *, char *, Py_ssize_t);
+
+typedef struct CBORDecoderObject_ {
+     PyObject_HEAD
+     PyObject *read;    // cached read() method of fp
+     PyObject *tag_hook;
+@@ -23,6 +30,9 @@ typedef struct {
+     Py_ssize_t readahead_size;  // size of allocated buffer
+     Py_ssize_t read_pos;        // current position in buffer
+     Py_ssize_t read_len;        // valid bytes in buffer
+
+    // Read dispatch - points to unbuffered or buffered implementation
+    fp_read_fn fp_read;
+ } CBORDecoderObject;
+ 
+ extern PyTypeObject CBORDecoderType;
+diff --git a/tests/test_decoder.py b/tests/test_decoder.py
+index 9bf5a10..c5d1a9c 100644
+--- a/tests/test_decoder.py
+++ b/tests/test_decoder.py
+@@ -123,6 +123,21 @@ def test_load(impl):
+         assert impl.load(fp=stream) == 1
+ 
+ 
+def test_stream_position_after_decode(impl):
+    """Test that stream position is exactly at end of decoded CBOR value."""
+    # CBOR: integer 1 (1 byte: 0x01) followed by extra data
+    cbor_data = b"\x01"
+    extra_data = b"extra"
+    with BytesIO(cbor_data + extra_data) as stream:
+        decoder = impl.CBORDecoder(stream)
+        result = decoder.decode()
+        assert result == 1
+        # Stream position should be exactly at end of CBOR data
+        assert stream.tell() == len(cbor_data)
+        # Should be able to read the extra data
+        assert stream.read() == extra_data
+
+
+ @pytest.mark.parametrize(
+     "payload, expected",
+     [
+-- 
+2.50.1
author	Hitendra Prajapati <hprajapati@mvista.com>	2026-03-31 11:45:06 +0530
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-04-03 15:00:47 +0530
commit	4810cd8c5bbc0b4349a78eac85a6a882bc0b03a2 (patch)
tree	772d54d051e1374ce4d971d0673a17a39bcf91e2 /meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch
parent	b13ae5a8eb286f8f4e53c290d5b09e15c303289c (diff)
download	meta-openembedded-4810cd8c5bbc0b4349a78eac85a6a882bc0b03a2.tar.gz

diff --git a/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch new file mode 100644 index 0000000000..1a9c5a3995 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2026-26209.patch
@@ -0,0 +1,415 @@
	1	From e61a5f365ba610d5907a0ae1bc72769bba34294b Mon Sep 17 00:00:00 2001
	2	From: Andreas Eriksen <andreer@vespa.ai>
	3	Date: Sat, 28 Feb 2026 22:21:06 +0100
	4	Subject: [PATCH] Set default read_size to 1 for backwards compatibility (#275)
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. This changes the default back to 1 (matching 5.7.1 behavior) while allowing users to opt-in to faster decoding by passing read_size=4096.
	10
	11	Implementation details:
	12	- Use function pointer dispatch to eliminate runtime checks for read_size=1
	13	- Skip buffer allocation entirely for unbuffered path
	14	- Add read_size parameter to load() and loads() for API completeness
	15
	16	CVE: CVE-2026-26209
	17	Upstream-Status: Backport [https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b]
	18	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	19	---
	20	cbor2/_decoder.py \| 33 ++++++++++++++++--
	21	docs/usage.rst \| 11 ++++++
	22	source/decoder.c \| 78 +++++++++++++++++++++++++++++--------------
	23	source/decoder.h \| 16 +++++++--
	24	tests/test_decoder.py \| 15 +++++++++
	25	5 files changed, 123 insertions(+), 30 deletions(-)
	26
	27	diff --git a/cbor2/_decoder.py b/cbor2/_decoder.py
	28	index 4aeadcf..5a1f65b 100644
	29	--- a/cbor2/_decoder.py
	30	+++ b/cbor2/_decoder.py
	31	@@ -72,6 +72,7 @@ class CBORDecoder:
	32	tag_hook: Callable[[CBORDecoder, CBORTag], Any] \| None = None,
	33	object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] \| None = None,
	34	str_errors: Literal["strict", "error", "replace"] = "strict",
	35	+ read_size: int = 1,
	36	):
	37	"""
	38	:param fp:
	39	@@ -90,6 +91,13 @@ class CBORDecoder:
	40	:param str_errors:
	41	determines how to handle unicode decoding errors (see the `Error Handlers`_
	42	section in the standard library documentation for details)
	43	+ :param read_size:
	44	+ the minimum number of bytes to read at a time.
	45	+ Setting this to a higher value like 4096 improves performance,
	46	+ but is likely to read past the end of the CBOR value, advancing the stream
	47	+ position beyond the decoded data. This only matters if you need to reuse the
	48	+ stream after decoding.
	49	+ Ignored in the pure Python implementation, but included for API compatibility.
	50
	51	.. _Error Handlers: https://docs.python.org/3/library/codecs.html#error-handlers
	52
	53	@@ -813,6 +821,7 @@ def loads(
	54	tag_hook: Callable[[CBORDecoder, CBORTag], Any] \| None = None,
	55	object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] \| None = None,
	56	str_errors: Literal["strict", "error", "replace"] = "strict",
	57	+ read_size: int = 1,
	58	) -> Any:
	59	"""
	60	Deserialize an object from a bytestring.
	61	@@ -831,6 +840,10 @@ def loads(
	62	:param str_errors:
	63	determines how to handle unicode decoding errors (see the `Error Handlers`_
	64	section in the standard library documentation for details)
	65	+ :param read_size:
	66	+ the minimum number of bytes to read at a time.
	67	+ Setting this to a higher value like 4096 improves performance.
	68	+ Ignored in the pure Python implementation, but included for API compatibility.
	69	:return:
	70	the deserialized object
	71
	72	@@ -839,7 +852,11 @@ def loads(
	73	"""
	74	with BytesIO(s) as fp:
	75	return CBORDecoder(
	76	- fp, tag_hook=tag_hook, object_hook=object_hook, str_errors=str_errors
	77	+ fp,
	78	+ tag_hook=tag_hook,
	79	+ object_hook=object_hook,
	80	+ str_errors=str_errors,
	81	+ read_size=read_size,
	82	).decode()
	83
	84
	85	@@ -848,6 +865,7 @@ def load(
	86	tag_hook: Callable[[CBORDecoder, CBORTag], Any] \| None = None,
	87	object_hook: Callable[[CBORDecoder, dict[Any, Any]], Any] \| None = None,
	88	str_errors: Literal["strict", "error", "replace"] = "strict",
	89	+ read_size: int = 1,
	90	) -> Any:
	91	"""
	92	Deserialize an object from an open file.
	93	@@ -866,6 +884,13 @@ def load(
	94	:param str_errors:
	95	determines how to handle unicode decoding errors (see the `Error Handlers`_
	96	section in the standard library documentation for details)
	97	+ :param read_size:
	98	+ the minimum number of bytes to read at a time.
	99	+ Setting this to a higher value like 4096 improves performance,
	100	+ but is likely to read past the end of the CBOR value, advancing the stream
	101	+ position beyond the decoded data. This only matters if you need to reuse the
	102	+ stream after decoding.
	103	+ Ignored in the pure Python implementation, but included for API compatibility.
	104	:return:
	105	the deserialized object
	106
	107	@@ -873,5 +898,9 @@ def load(
	108
	109	"""
	110	return CBORDecoder(
	111	- fp, tag_hook=tag_hook, object_hook=object_hook, str_errors=str_errors
	112	+ fp,
	113	+ tag_hook=tag_hook,
	114	+ object_hook=object_hook,
	115	+ str_errors=str_errors,
	116	+ read_size=read_size,
	117	).decode()
	118	diff --git a/docs/usage.rst b/docs/usage.rst
	119	index 797db59..6f53174 100644
	120	--- a/docs/usage.rst
	121	+++ b/docs/usage.rst
	122	@@ -74,6 +74,17 @@ instead encodes a reference to the nth sufficiently long string already encoded.
	123	.. warning:: Support for string referencing is rare in other CBOR implementations, so think carefully
	124	whether you want to enable it.
	125
	126	+Performance tuning
	127	+------------------
	128	+
	129	+By default, the decoder only reads the exact amount of bytes it needs. But this can negatively
	130	+impact the performance due to the potentially large number of individual read operations.
	131	+To make it faster, you can pass a different ``read_size`` parameter (say, 4096), to :func:`load`,
	132	+:func:`loads` or :class:`CBORDecoder`.
	133	+
	134	+.. warning:: If the input stream contains data other than the CBOR stream, that data (or parts of)
	135	+ may be lost.
	136	+
	137	Tag support
	138	-----------
	139
	140	diff --git a/source/decoder.c b/source/decoder.c
	141	index 9cd1596..f8adc93 100644
	142	--- a/source/decoder.c
	143	+++ b/source/decoder.c
	144	@@ -47,6 +47,10 @@ static int _CBORDecoder_set_tag_hook(CBORDecoderObject , PyObject , void *);
	145	static int _CBORDecoder_set_object_hook(CBORDecoderObject , PyObject , void *);
	146	static int _CBORDecoder_set_str_errors(CBORDecoderObject , PyObject , void *);
	147
	148	+// Forward declarations for read dispatch functions
	149	+static int fp_read_unbuffered(CBORDecoderObject , char , Py_ssize_t);
	150	+static int fp_read_buffered(CBORDecoderObject , char , Py_ssize_t);
	151	+
	152	static PyObject * decode(CBORDecoderObject *, DecodeOptions);
	153	static PyObject * decode_bytestring(CBORDecoderObject *, uint8_t);
	154	static PyObject * decode_string(CBORDecoderObject *, uint8_t);
	155	@@ -155,6 +159,7 @@ CBORDecoder_new(PyTypeObject type, PyObject args, PyObject *kwargs)
	156	self->readahead_size = 0;
	157	self->read_pos = 0;
	158	self->read_len = 0;
	159	+ self->fp_read = fp_read_unbuffered; // default, will be set properly in init
	160	}
	161	return (PyObject *) self;
	162	error:
	163	@@ -164,7 +169,7 @@ error:
	164
	165
	166	// CBORDecoder.__init__(self, fp=None, tag_hook=None, object_hook=None,
	167	-// str_errors='strict', read_size=4096)
	168	+// str_errors='strict', read_size=1)
	169	int
	170	CBORDecoder_init(CBORDecoderObject self, PyObject args, PyObject *kwargs)
	171	{
	172	@@ -233,7 +238,8 @@ _CBORDecoder_set_fp_with_read_size(CBORDecoderObject self, PyObject value, Py_
	173	return -1;
	174	}
	175
	176	- if (self->readahead == NULL \|\| self->readahead_size != read_size) {
	177	+ // Skip buffer allocation for read_size=1 (direct read path doesn't use buffer)
	178	+ if (read_size > 1 && (self->readahead == NULL \|\| self->readahead_size != read_size)) {
	179	new_buffer = (char *)PyMem_Malloc(read_size);
	180	if (!new_buffer) {
	181	Py_DECREF(read);
	182	@@ -254,8 +260,15 @@ _CBORDecoder_set_fp_with_read_size(CBORDecoderObject self, PyObject value, Py_
	183	if (new_buffer) {
	184	PyMem_Free(self->readahead);
	185	self->readahead = new_buffer;
	186	- self->readahead_size = read_size;
	187	+ } else if (read_size == 1 && self->readahead != NULL) {
	188	+ // Free existing buffer when switching to direct read path (read_size=1)
	189	+ PyMem_Free(self->readahead);
	190	+ self->readahead = NULL;
	191	}
	192	+ self->readahead_size = read_size;
	193	+
	194	+ // Set read dispatch function - eliminates runtime check on every read
	195	+ self->fp_read = (read_size == 1) ? fp_read_unbuffered : fp_read_buffered;
	196
	197	return 0;
	198	}
	199	@@ -447,9 +460,25 @@ fp_read_bytes(CBORDecoderObject self, char buf, Py_ssize_t size)
	200	return bytes_read;
	201	}
	202
	203	-// Read into caller's buffer using the readahead buffer
	204	+// Unbuffered read - used when read_size=1 (backwards compatible mode)
	205	+// This matches the 5.7.1 behavior with no runtime overhead
	206	+static int
	207	+fp_read_unbuffered(CBORDecoderObject self, char buf, Py_ssize_t size)
	208	+{
	209	+ Py_ssize_t bytes_read = fp_read_bytes(self, buf, size);
	210	+ if (bytes_read == size)
	211	+ return 0;
	212	+ if (bytes_read >= 0)
	213	+ PyErr_Format(
	214	+ _CBOR2_CBORDecodeEOF,
	215	+ "premature end of stream (expected to read %zd bytes, "
	216	+ "got %zd instead)", size, bytes_read);
	217	+ return -1;
	218	+}
	219	+
	220	+// Buffered read - used when read_size > 1 for improved performance
	221	static int
	222	-fp_read(CBORDecoderObject self, char buf, const Py_ssize_t size)
	223	+fp_read_buffered(CBORDecoderObject self, char buf, Py_ssize_t size)
	224	{
	225	Py_ssize_t available, to_copy, remaining, total_copied;
	226
	227	@@ -507,7 +536,7 @@ fp_read_object(CBORDecoderObject *self, const Py_ssize_t size)
	228	if (!ret)
	229	return NULL;
	230
	231	- if (fp_read(self, PyBytes_AS_STRING(ret), size) == -1) {
	232	+ if (self->fp_read(self, PyBytes_AS_STRING(ret), size) == -1) {
	233	Py_DECREF(ret);
	234	return NULL;
	235	}
	236	@@ -528,7 +557,7 @@ CBORDecoder_read(CBORDecoderObject self, PyObject length)
	237	return NULL;
	238	ret = PyBytes_FromStringAndSize(NULL, len);
	239	if (ret) {
	240	- if (fp_read(self, PyBytes_AS_STRING(ret), len) == -1) {
	241	+ if (self->fp_read(self, PyBytes_AS_STRING(ret), len) == -1) {
	242	Py_DECREF(ret);
	243	ret = NULL;
	244	}
	245	@@ -576,19 +605,19 @@ decode_length(CBORDecoderObject *self, uint8_t subtype,
	246	if (subtype < 24) {
	247	*length = subtype;
	248	} else if (subtype == 24) {
	249	- if (fp_read(self, value.u8.buf, sizeof(uint8_t)) == -1)
	250	+ if (self->fp_read(self, value.u8.buf, sizeof(uint8_t)) == -1)
	251	return -1;
	252	*length = value.u8.value;
	253	} else if (subtype == 25) {
	254	- if (fp_read(self, value.u16.buf, sizeof(uint16_t)) == -1)
	255	+ if (self->fp_read(self, value.u16.buf, sizeof(uint16_t)) == -1)
	256	return -1;
	257	*length = be16toh(value.u16.value);
	258	} else if (subtype == 26) {
	259	- if (fp_read(self, value.u32.buf, sizeof(uint32_t)) == -1)
	260	+ if (self->fp_read(self, value.u32.buf, sizeof(uint32_t)) == -1)
	261	return -1;
	262	*length = be32toh(value.u32.value);
	263	} else {
	264	- if (fp_read(self, value.u64.buf, sizeof(uint64_t)) == -1)
	265	+ if (self->fp_read(self, value.u64.buf, sizeof(uint64_t)) == -1)
	266	return -1;
	267	*length = be64toh(value.u64.value);
	268	}
	269	@@ -752,7 +781,7 @@ decode_indefinite_bytestrings(CBORDecoderObject *self)
	270	list = PyList_New(0);
	271	if (list) {
	272	while (1) {
	273	- if (fp_read(self, &lead.byte, 1) == -1)
	274	+ if (self->fp_read(self, &lead.byte, 1) == -1)
	275	break;
	276	if (lead.major == 2 && lead.subtype != 31) {
	277	ret = decode_bytestring(self, lead.subtype);
	278	@@ -959,7 +988,7 @@ decode_indefinite_strings(CBORDecoderObject *self)
	279	list = PyList_New(0);
	280	if (list) {
	281	while (1) {
	282	- if (fp_read(self, &lead.byte, 1) == -1)
	283	+ if (self->fp_read(self, &lead.byte, 1) == -1)
	284	break;
	285	if (lead.major == 3 && lead.subtype != 31) {
	286	ret = decode_string(self, lead.subtype);
	287	@@ -2040,7 +2069,7 @@ CBORDecoder_decode_simple_value(CBORDecoderObject *self)
	288	PyObject tag, ret = NULL;
	289	uint8_t buf;
	290
	291	- if (fp_read(self, (char*)&buf, sizeof(uint8_t)) == 0) {
	292	+ if (self->fp_read(self, (char*)&buf, sizeof(uint8_t)) == 0) {
	293	tag = PyStructSequence_New(&CBORSimpleValueType);
	294	if (tag) {
	295	PyStructSequence_SET_ITEM(tag, 0, PyLong_FromLong(buf));
	296	@@ -2066,7 +2095,7 @@ CBORDecoder_decode_float16(CBORDecoderObject *self)
	297	char buf[sizeof(uint16_t)];
	298	} u;
	299
	300	- if (fp_read(self, u.buf, sizeof(uint16_t)) == 0)
	301	+ if (self->fp_read(self, u.buf, sizeof(uint16_t)) == 0)
	302	ret = PyFloat_FromDouble(unpack_float16(u.i));
	303	set_shareable(self, ret);
	304	return ret;
	305	@@ -2084,7 +2113,7 @@ CBORDecoder_decode_float32(CBORDecoderObject *self)
	306	char buf[sizeof(float)];
	307	} u;
	308
	309	- if (fp_read(self, u.buf, sizeof(float)) == 0) {
	310	+ if (self->fp_read(self, u.buf, sizeof(float)) == 0) {
	311	u.i = be32toh(u.i);
	312	ret = PyFloat_FromDouble(u.f);
	313	}
	314	@@ -2104,7 +2133,7 @@ CBORDecoder_decode_float64(CBORDecoderObject *self)
	315	char buf[sizeof(double)];
	316	} u;
	317
	318	- if (fp_read(self, u.buf, sizeof(double)) == 0) {
	319	+ if (self->fp_read(self, u.buf, sizeof(double)) == 0) {
	320	u.i = be64toh(u.i);
	321	ret = PyFloat_FromDouble(u.f);
	322	}
	323	@@ -2133,7 +2162,7 @@ decode(CBORDecoderObject *self, DecodeOptions options)
	324	if (Py_EnterRecursiveCall(" in CBORDecoder.decode"))
	325	return NULL;
	326
	327	- if (fp_read(self, &lead.byte, 1) == 0) {
	328	+ if (self->fp_read(self, &lead.byte, 1) == 0) {
	329	switch (lead.major) {
	330	case 0: ret = decode_uint(self, lead.subtype); break;
	331	case 1: ret = decode_negint(self, lead.subtype); break;
	332	@@ -2387,13 +2416,12 @@ PyDoc_STRVAR(CBORDecoder__doc__,
	333	" :class:`dict` object. The return value is substituted for the dict\n"
	334	" in the deserialized output.\n"
	335	":param read_size:\n"
	336	-" the size of the read buffer (default 4096). The decoder reads from\n"
	337	-" the stream in chunks of this size for performance. This means the\n"
	338	-" stream position may advance beyond the bytes actually decoded. For\n"
	339	-" large values (bytestrings, text strings), reads may be larger than\n"
	340	-" ``read_size``. Code that needs to read from the stream after\n"
	341	-" decoding should use :meth:`decode_from_bytes` instead, or set\n"
	342	-" ``read_size=1`` to disable buffering (at a performance cost).\n"
	343	+" the minimum number of bytes to read at a time.\n"
	344	+" Setting this to a higher value like 4096 improves performance,\n"
	345	+" but is likely to read past the end of the CBOR value, advancing the stream\n"
	346	+" position beyond the decoded data. This only matters if you need to reuse the\n"
	347	+" stream after decoding.\n"
	348	+" Ignored in the pure Python implementation, but included for API compatibility.\n"
	349	"\n"
	350	".. _CBOR: https://cbor.io/\n"
	351	);
	352	diff --git a/source/decoder.h b/source/decoder.h
	353	index a2f4bf1..3efff8b 100644
	354	--- a/source/decoder.h
	355	+++ b/source/decoder.h
	356	@@ -3,10 +3,17 @@
	357	#include <stdbool.h>
	358	#include <stdint.h>
	359
	360	-// Default readahead buffer size for streaming reads
	361	-#define CBOR2_DEFAULT_READ_SIZE 4096
	362	+// Default readahead buffer size for streaming reads.
	363	+// Set to 1 for backwards compatibility (no buffering).
	364	+#define CBOR2_DEFAULT_READ_SIZE 1
	365
	366	-typedef struct {
	367	+// Forward declaration for function pointer typedef
	368	+struct CBORDecoderObject_;
	369	+
	370	+// Function pointer type for read dispatch (eliminates runtime check)
	371	+typedef int (fp_read_fn)(struct CBORDecoderObject_ , char *, Py_ssize_t);
	372	+
	373	+typedef struct CBORDecoderObject_ {
	374	PyObject_HEAD
	375	PyObject *read; // cached read() method of fp
	376	PyObject *tag_hook;
	377	@@ -23,6 +30,9 @@ typedef struct {
	378	Py_ssize_t readahead_size; // size of allocated buffer
	379	Py_ssize_t read_pos; // current position in buffer
	380	Py_ssize_t read_len; // valid bytes in buffer
	381	+
	382	+ // Read dispatch - points to unbuffered or buffered implementation
	383	+ fp_read_fn fp_read;
	384	} CBORDecoderObject;
	385
	386	extern PyTypeObject CBORDecoderType;
	387	diff --git a/tests/test_decoder.py b/tests/test_decoder.py
	388	index 9bf5a10..c5d1a9c 100644
	389	--- a/tests/test_decoder.py
	390	+++ b/tests/test_decoder.py
	391	@@ -123,6 +123,21 @@ def test_load(impl):
	392	assert impl.load(fp=stream) == 1
	393
	394
	395	+def test_stream_position_after_decode(impl):
	396	+ """Test that stream position is exactly at end of decoded CBOR value."""
	397	+ # CBOR: integer 1 (1 byte: 0x01) followed by extra data
	398	+ cbor_data = b"\x01"
	399	+ extra_data = b"extra"
	400	+ with BytesIO(cbor_data + extra_data) as stream:
	401	+ decoder = impl.CBORDecoder(stream)
	402	+ result = decoder.decode()
	403	+ assert result == 1
	404	+ # Stream position should be exactly at end of CBOR data
	405	+ assert stream.tell() == len(cbor_data)
	406	+ # Should be able to read the extra data
	407	+ assert stream.read() == extra_data
	408	+
	409	+
	410	@pytest.mark.parametrize(
	411	"payload, expected",
	412	[
	413	--
	414	2.50.1
	415