| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | [3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96502) | Gregory P. Smith | 2022-09-05 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Correctly pre-check for int-to-str conversion (#96537) Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =) The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact. The justification for the current check. The C code check is: ```c max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10 ``` In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is: $$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$ From this it follows that $$\frac{M}{3L} < \frac{s-1}{10}$$ hence that $$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$ So $$2^{L(s-1)} > 10^M.$$ But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check. <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Dickinson <dickinsm@gmail.com> | ||||
| * | bpo-46542: test_json uses support.infinite_recursion() (GH-30972) | Miss Islington (bot) | 2022-01-28 | 1 | -6/+13 |
| | | | | | | | | Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). (cherry picked from commit e7a6285f1be18992191599792524d3aa6aedfa55) Co-authored-by: Victor Stinner <vstinner@python.org> | ||||
| * | bpo-45644: Make json.tool read infile before writing to outfile (GH-29273) ↵ | Miss Islington (bot) | 2021-11-06 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | (GH-29446) so that $ python -m json.tool foo.json foo.json doesn't result in an empty foo.json. Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit 815dad42d53fc40a6dc057e067f4a8a885c3b858) Co-authored-by: Chris Wesseling <chris.wesseling@protonmail.com> | ||||
| * | bpo-45269: test wrong `markers` type to `c_make_encoder` (GH-28540) (GH-28610) | Miss Islington (bot) | 2021-09-28 | 1 | -0/+9 |
| | | | | | | (cherry picked from commit e046aabbe386fdf32bae6ffb7fae5ce479fd10c6) Co-authored-by: Nikita Sobolev <mail@sobolevn.me> | ||||
| * | bpo-40462: Fix typo in test_json (GH-20094) | Victor Stinner | 2020-05-14 | 1 | -1/+1 |
| | | |||||
| * | bpo-39828: Fix json.tool to catch BrokenPipeError (GH-18779) | Dong-hee Na | 2020-03-10 | 1 | -0/+13 |
| | | |||||
| * | bpo-39377: json: Remove the encoding option. (GH-18075) | Inada Naoki | 2020-01-20 | 1 | -4/+0 |
| | | |||||
| * | bpo-29636: json.tool: Add document for indentation options. (GH-17482) | Daniel Himmelstein | 2019-12-07 | 1 | -33/+27 |
| | | | | And updated test to use subprocess.run | ||||
| * | bpo-27413: json.tool: Add --no-ensure-ascii option. (GH-17472) | wim glenn | 2019-12-06 | 1 | -0/+22 |
| | | |||||
| * | bpo-33684: json.tool: Use utf-8 for infile and outfile. (GH-17460) | Inada Naoki | 2019-12-04 | 1 | -3/+18 |
| | | |||||
| * | bpo-29636: Add --(no-)indent arguments to json.tool (GH-345) | Daniel Himmelstein | 2019-12-04 | 1 | -0/+41 |
| | | |||||
| * | bpo-37805: Add tests for json.dump(..., skipkeys=True) (GH-15489) | Dong-hee Na | 2019-08-26 | 1 | -0/+10 |
| | | | | | | | | https://bugs.python.org/issue37805 Automerge-Triggered-By: @methane | ||||
| * | bpo-33461: emit DeprecationWarning when json.loads(encoding=...) is used ↵ | Matthias Bussonnier | 2019-04-09 | 1 | -0/+4 |
| | | | | | (GH-6762) | ||||
| * | bpo-31553: add --json-lines option to json.tool (#10051) | HongWeipeng | 2018-11-07 | 1 | -0/+29 |
| | | | | | | | | | | | * add jsonlines option to json.tool * code review * fix:avoid read infile after it close * improve doc in whatsnew 3.8 | ||||
| * | bpo-30877: Fix clearing a cache in the the JSON decoder. (GH-7048) | Serhiy Storchaka | 2018-05-22 | 1 | -1/+3 |
| | | |||||
| * | bpo-6986: Add a comment to clarify a test of _json.make_encoder(). (GH-3789) | Oren Milman | 2018-03-26 | 1 | -0/+2 |
| | | |||||
| * | bpo-24641: Improved error message for JSON unserializible keys. (#4364) | Serhiy Storchaka | 2017-11-25 | 1 | -5/+8 |
| | | | | | | Also updated an example for default() in the module docstring. Removed quotes around type name in other error messages. | ||||
| * | bpo-31505: Fix an assertion failure in json, in case _json.make_encoder() ↵ | Oren Milman | 2017-09-24 | 1 | -0/+21 |
| | | | | | received a bad encoder() argument. (#3643) | ||||
| * | bpo-30936: Fix a reference leak in json when fail to sort keys. (#2712) | Serhiy Storchaka | 2017-07-16 | 1 | -0/+4 |
| | | |||||
| * | bpo-30911: Add tests for bad boolean arguments for accelerated json (#2690) | Serhiy Storchaka | 2017-07-13 | 1 | -0/+22 |
| | | | | encoder and decoder. | ||||
| * | bpo-29919: Remove unused imports found by pyflakes (#137) | Victor Stinner | 2017-03-27 | 1 | -1/+1 |
| | | | | Make also minor PEP8 coding style fixes on modified imports. | ||||
| * | Fix stderr bug in json.tool test (#346) | Daniel Himmelstein | 2017-03-15 | 1 | -5/+4 |
| | | | | See https://github.com/python/cpython/pull/201#discussion_r103229425. | ||||
| * | Issue #28541: Improve test coverage for encoding detection in json library. | Serhiy Storchaka | 2016-10-30 | 1 | -0/+13 |
| | | | | | Original patch by Eric Appelt. | ||||
| * | Issue #17909: Accept binary input in json.loads | Nick Coghlan | 2016-09-10 | 2 | -6/+14 |
| | | | | | | | | json.loads (and hence json.load) now support binary input encoded as UTF-8, UTF-16 or UTF-32. Patch by Serhiy Storchaka. | ||||
| * | Issue #27993: Merge plural fixes from 3.5 | Martin Panter | 2016-09-07 | 1 | -1/+1 |
| |\ | |||||
| | * | Issue #27993: Fix problems with plural objects in docs and comments | Martin Panter | 2016-09-07 | 1 | -1/+1 |
| | | | |||||
| * | | Remove more unused imports in tests. | Serhiy Storchaka | 2016-04-24 | 1 | -1/+0 |
| | | | |||||
| * | | Issue #23277: Remove unused sys and os imports | Berker Peksag | 2016-04-24 | 1 | -1/+0 |
| |/ | | | | Patch by Jon Dufresne. | ||||
| * | Issue #24683: Fixed crashes in _json functions called with arguments of | Serhiy Storchaka | 2015-07-26 | 1 | -0/+6 |
| |\ | | | | | | | inappropriate type. | ||||
| | * | Issue #24683: Fixed crashes in _json functions called with arguments of | Serhiy Storchaka | 2015-07-26 | 1 | -0/+6 |
| | | | | | | | | | inappropriate type. | ||||
| * | | Issue #19235: Add new RecursionError exception. Patch by Georg Brandl. | Yury Selivanov | 2015-07-03 | 1 | -6/+6 |
| | | | |||||
| * | | Issue #9517: Move script_helper to the support package. | Berker Peksag | 2015-05-06 | 1 | -1/+1 |
| | | | | | | | | | Patch by Christie Wilson. | ||||
| * | | merge 3.4 (#24094) | Benjamin Peterson | 2015-05-03 | 1 | -0/+19 |
| |\ \ | |/ | |||||
| | * | merge 3.3 (#24094) | Benjamin Peterson | 2015-05-03 | 1 | -0/+19 |
| | |\ | |||||
| | | * | just sort the items tuple directly (closes #24094) | Benjamin Peterson | 2015-05-03 | 1 | -0/+19 |
| | | | | |||||
| * | | | merge 3.4 | Benjamin Peterson | 2015-02-02 | 1 | -1/+2 |
| |\ \ \ | |/ / | |||||
| | * | | merge 3.3 | Benjamin Peterson | 2015-02-02 | 1 | -1/+2 |
| | |\ \ | | |/ | |||||
| | | * | reduce memory usage of test (closes #23369) | Benjamin Peterson | 2015-02-02 | 1 | -1/+2 |
| | | | | |||||
| * | | | merge 3.4 | Benjamin Peterson | 2015-02-01 | 1 | -1/+0 |
| |\ \ \ | |/ / | |||||
| | * | | merge 3.3 | Benjamin Peterson | 2015-02-01 | 1 | -1/+0 |
| | |\ \ | | |/ | |||||
| | | * | remove extra ws | Benjamin Peterson | 2015-02-01 | 1 | -1/+0 |
| | | | | |||||
| * | | | merge 3.4 (#23369) | Benjamin Peterson | 2015-02-01 | 1 | -1/+8 |
| |\ \ \ | |/ / | |||||
| | * | | merge 3.3 (#23369) | Benjamin Peterson | 2015-02-01 | 1 | -1/+8 |
| | |\ \ | | |/ | |||||
| | | * | fix possible overflow in encode_basestring_ascii (closes #23369) | Benjamin Peterson | 2015-02-01 | 1 | -1/+8 |
| | | | | |||||
| * | | | Issue #19361: JSON decoder now raises JSONDecodeError instead of ValueError. | Serhiy Storchaka | 2015-01-26 | 4 | -23/+50 |
| | | | | |||||
| * | | | Issue #23206: Make ``json.dumps(..., ensure_ascii=False)`` as fast as the ↵ | Antoine Pitrou | 2015-01-11 | 1 | -3/+0 |
| | | | | | | | | | | | | | default case of ``ensure_ascii=True``. Patch by Naoki Inada. | ||||
| * | | | Issue #21650: Add an `--sort-keys` option to json.tool CLI. | Berker Peksag | 2014-11-10 | 1 | -1/+32 |
| | | | | |||||
| * | | | Closes #22002: Merge with 3.4 | Zachary Ware | 2014-07-23 | 1 | -15/+4 |
| |\ \ \ | |/ / | |||||
| | * | | Issue #22002: Make full use of test discovery in test sub-packages. | Zachary Ware | 2014-07-23 | 1 | -15/+4 |
| | | | | | | | | | | | | | | | | | | | Adds `load_package_tests` function to test.support, uses it in test_asyncio, test_email, test_json, test_tools, test_importlib and all test_importlib sub-packages to implement test discovery. | ||||
| * | | | merge 3.4 | Benjamin Peterson | 2014-04-14 | 1 | -0/+4 |
| |\ \ \ | |/ / | |||||
 |
index : cpython.git | |
| https://github.com/python/cpython.git |
| summaryrefslogtreecommitdiffstats |