| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-93066) (#93148)
Also while there, clarify a few things about why we reduce the hash to 32 bits.
Co-authored-by: Eli Libman <eli@hyro.ai>
Co-authored-by: Yury Selivanov <yury@edgedb.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
(cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
|
| |
|
|
|
|
| |
This reverts commit e5f711f5eeb6db4290db1b747f42f5d723d12ed3.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
_PyInterpreterState_IDIncref() now calls
_PyInterpreterState_IDInitref() and always increments id_refcount.
(cherry picked from commit 32c5a174445ec93747240cd8472012276ed27acf)
|
|
|
|
|
|
| |
Signed-off-by: Andrew V. Jones <andrew.jones@vector.com>
(cherry picked from commit 54db51c9114ac49030832f5134979ca866ffd21c)
Co-authored-by: Andrew V. Jones <andrewvaughanj@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
wchar_t (GH-24350) (GH-24397)
(cherry picked from commit 42b1806af90b86ec393ca7da14e99ce95ec6c53b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
(GH-24120)
Co-Authored-By: Andreas Schneider <asn@cryptomilk.org>
Co-Authored-By: Antoine Pitrou <antoine@python.org>.
Co-authored-by: Petr Viktorin <encukou@gmail.com>
(cherry picked from commit 056c08211b402b4dbc1530a9de9d00ad5309909f)
https://bugs.python.org/issue40052
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-23349)
bpo-41686, bpo-41713: On Windows, the SIGINT event,
_PyOS_SigintEvent(), is now created even if Python is configured to
not install signal handlers (PyConfig.install_signal_handlers=0 or
Py_InitializeEx(0)).
(cherry picked from commit 05a5d697f4f097f37c5c1e2ed0e2338a33c3fb6a)
|
|
|
|
|
|
|
| |
limited API (GH-22621)
(cherry picked from commit 637a09b0d6e3ad4e34e0b5e0fc82f5afeae6f74b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
PyUnicodeEncodeError_Create has been deprecated with
`Py_DEPRECATED` macro. But it was not documented.
(cherry picked from commit 46e19b61d31ba99f049258efa4ff1334856a3643)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
|
| |
|
|
|
|
| |
Contains security fixes for CVE-2019-20907, CVE-2020-15801, and BPO-39603.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-40826: Fix GIL usage in PyOS_Readline() (GH-20579)
Fix GIL usage in PyOS_Readline(): lock the GIL to set an exception.
Pass tstate to my_fgets() and _PyOS_WindowsConsoleReadline(). Cleanup
these functions.
(cherry picked from commit c353764fd564e401cf47a5d9efab18c72c60014e)
* bpo-40826: Add _PyOS_InterruptOccurred(tstate) function (GH-20599)
my_fgets() now calls _PyOS_InterruptOccurred(tstate) to check for
pending signals, rather calling PyOS_InterruptOccurred().
my_fgets() is called with the GIL released, whereas
PyOS_InterruptOccurred() must be called with the GIL held.
test_repl: use text=True and avoid SuppressCrashReport in
test_multiline_string_parsing().
Fix my_fgets() on Windows: fgets(fp) does crash if fileno(fp) is closed.
(cherry picked from commit fa7ab6aa0f9a4f695e5525db5a113cd21fa93787)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-19835)
The constant values of future flags in the __future__ module
is updated in order to prevent collision with compiler flags.
Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing
with CO_FUTURE_DIVISION..
(cherry picked from commit 4454057269b995341b04d13f0bf97f96080f27d0)
Co-authored-by: Batuhan Taşkaya <batuhanosmantaskaya@gmail.com>
|
| |
|
| |
|
|
|
|
|
|
| |
(cherry picked from commit ac2cfe6631b77a2005d8f16f034dbb6154f04ab2)
Co-authored-by: Jimmy Yang <codingExpert123@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
PyThreadState.frame is a borrowed reference, not a strong reference:
PyThreadState_Clear() must not call Py_CLEAR(tstate->frame).
Remove test_threading.test_warnings_at_exit(): we cannot warranty
that the Python thread state of daemon threads is cleared in a
reliable way during Python shutdown.
(cherry picked from commit 5804f878e779712e803be927ca8a6df389d82cdf)
|
| |
|
| |
|