| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
| |
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit b126196838bbaf5f4d35120e0e6bcde435b0b480)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
|
| |
|
|
|
| |
(cherry picked from commit d21d2f0793ce32d72759d5cfc11622d13e3e6b81)
Co-authored-by: Matthias Görgens <matthias.goergens@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 8281cbddc6f0fbc94f0c21cacfac79a2d4057a4b)
Co-authored-by: fluesvamp <105884371+fluesvamp@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit 42b102bbf9a9ae6fae8f6710202fb7afeeac277c)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
| |
(GH-95246). (#95256)" (#95647)
This reverts commit 7f731943393d57cf26ed5f2353e6e53084cd55fd.
|
| |
|
|
|
|
| |
Co-authored-by: Brett Cannon <brett@python.org>.
(cherry picked from commit 0fe645d6fd22a6f57e777a29e65cf9a4ff9785ae)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
| |
(cherry picked from commit b8b2990fb3218cffedfe7bc92e9e7ae2275b3c98)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
|
|
|
| |
(GH-95208)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 00474472944944b346d8409cfded84bb299f601a)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
(#95256)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| | |
|
| |
|
|
|
| |
(GH-95143)
(cherry picked from commit e402b26b7fb953a2f0c17a0044bb6d6cbd726e54)
|
| |
|
|
|
| |
Co-authored-by: da-woods <dw-git@d-woods.co.uk>
(cherry picked from commit 6cbb57f62d345d7a5d6aeb1b3b5d37a845344d5e)
|
| | |
|
| | |
|
| |
|
|
|
| |
complete. (GH-94371) (#94482)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
|
| |
attempts (GH-93355) (GH-93379)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
|
| |
|
| |
* Store offset of first traceable instruction to avoid having to recompute it all the time when tracing.
|
| |
|
|
|
| |
(GH-94334)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
| |
(#93493)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Dennis Sweeney <36520290+sweeneyde@users.noreply.github.com>
|
| |
|
|
|
| |
(GH-94127)
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the follow functions and type from frameobject.h to pyframe.h,
so the standard <Python.h> provide frame getter functions:
* PyFrame_Check()
* PyFrame_GetBack()
* PyFrame_GetBuiltins()
* PyFrame_GetGenerator()
* PyFrame_GetGlobals()
* PyFrame_GetLasti()
* PyFrame_GetLocals()
* PyFrame_Type
Remove #include "frameobject.h" from many C files. It's no longer
needed.
(cherry picked from commit 27b989403356ccdd47545a93aeab8434e9c69f21)
|
| |
|
|
|
|
|
| |
UB (GH-93700)
(cherry picked from commit 65ff27c7d30b84655bf8caf6e396c65485708148)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
TypeVar and TypeVarTuple parameters (alt) (GH-93412) (GH-93746)
For example:
A[T, *Ts][*tuple[int, ...]] -> A[int, *tuple[int, ...]]
A[*Ts, T][*tuple[int, ...]] -> A[*tuple[int, ...], int]
(cherry picked from commit 3473817106c23eca7341c931453da0341c367e1d)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Fix the compatibility of the Python C API with C++ older than C++11.
* _Py_NULL is only defined as nullptr on C++11 and newer.
(cherry picked from commit 4caf5c2753f1aa28d6f4bc1aa377975fd2a62331)
* test_cppext now builds the C++ extension with setuptools.
* Add @test.support.requires_venv_with_pip.
(cherry picked from commit ca0cc9c433830e14714a5cc93fb4e7254da3dd76)
|
| |
|
|
|
|
|
|
|
|
| |
(GH-93742) (GH-93792)
It combines PyImport_ImportModule() and PyObject_GetAttrString()
and saves 4-6 lines of code on every use.
Add also _PyImport_GetModuleAttr() which takes Python strings as arguments.
(cherry picked from commit 6fd4c8ec7740523bb81191c013118d9d6959bc9d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add C++ overloads for _Py_CAST_impl() to handle 0/NULL. This will allow
C++ extensions that pass 0 or NULL to macros using _Py_CAST() to
continue to compile. Without this, you get an error like:
invalid ‘static_cast’ from type ‘int’ to type ‘_object*’
The modern way to use a NULL value in C++ is to use nullptr. However,
we want to not break extensions that do things the old way.
Co-authored-by: serge-sans-paille
(cherry picked from commit 8bcc3fa3453e28511d04eaa0aa7d8e1a3495d518)
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-92335) (#92484)
* gh-91162: Fix substitution of unpacked tuples in generic aliases (GH-92335)
(cherry picked from commit 9d25db9db1617f012d7dba118b5b8f2b9e25e116)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Regenerate ABI file
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-93306)
(cherry picked from commit caa279d6fd5f151e57f891cd4f6ba51b532501c6)
This was added for bpo-40514 (gh-84694) to test out a per-interpreter GIL. However, it has since proven unnecessary to keep the experiment in the repo. (It can be done as a branch in a fork like normal.) So here we are removing:
* the configure option
* the macro
* the code enabled by the macro
Automerge-Triggered-By: GH:ericsnowcurrently
|
| |
|
|
|
|
|
| |
* Add StrongRef class.
* Rename and reformat functions of the _Py_CAST() implementation.
(cherry picked from commit 20d30ba2ccf9182e4f08db112f428c909148a40b)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-93145)
Also while there, clarify a few things about why we reduce the hash to 32 bits.
Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
|
| |
|
|
| |
(gh-92951) (gh-93049)
|
| |
|
|
|
| |
(cherry picked from commit 137fd3d88aa46669f5717734e823f4c594ab2843)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
| |
_Py_CAST() cannot be used with a constant type: use _Py_STATIC_CAST()
instead.
(cherry picked from commit e6fd7992a92879103215b3e9f218fe07212af9b1)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
| |
Avoid mixing declarations and code in the C API to fix the compiler
warning: "ISO C90 forbids mixed declarations and code"
[-Werror=declaration-after-statement].
(cherry picked from commit 90e72300730189c4a48529baaad9b0005d40731c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use _Py_CAST() and _Py_STATIC_CAST() in macros wrapping static inline
functions of unicodeobject.h.
Change also the kind type from unsigned int to int: same parameter
type than PyUnicode_FromKindAndData().
The limited API version 3.11 no longer casts arguments to expected
types.
(cherry picked from commit d0c9353a79c2003385c83892db5dfd4e443474c9)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the PyObject* type for parameters of static inline functions:
* Py_SIZE(): same parameter type than PyObject_Size()
* PyList_GET_SIZE(), PyList_SET_ITEM(): same parameter type than
PyList_Size() and PyList_SetItem()
* PyTuple_GET_SIZE(), PyTuple_SET_ITEM(): same parameter type than
PyTuple_Size() and PyTuple_SetItem().
(cherry picked from commit 6de78ef96afbaa127472bb9dc0a4e41e44555d00)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The limited API version 3.11 no longer casts arguments to expected
types of functions of functions:
* PyList_GET_SIZE(), PyList_SET_ITEM()
* PyTuple_GET_SIZE(), PyTuple_SET_ITEM()
* PyWeakref_GET_OBJECT()
(cherry picked from commit 7d3b469e475e6e52ce4f0bad7198bb05ead77b1d)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fix typo in pymacro.h
* Update Include/pymacro.h
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit 4e6da502f42e3cbdffbe850833d2b04996232f0d)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
(#92566)
(cherry picked from commit f0614ca9801d0768094570b784d2b26936bcca34)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
