| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
(GH-96353)
(cherry picked from commit b9634ac776c24bc4d4a57859d884a94cdfe16043)
Co-authored-by: philg314 <110174000+philg314@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit b126196838bbaf5f4d35120e0e6bcde435b0b480)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
|
| |
|
|
|
|
|
| |
bytecode (GH-96456)
(cherry picked from commit a91f25577c71ab8797a4b42f22c43bbaffc2604d)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(GH-96188)
(cherry picked from commit 16ebae4cd4029205d932751f26c719c6cb8a6e92)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 53e6a9a7254bdcd0538580ba7d799cd453e2dca5)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
(GH-95665) (GH-95858)
This PR fixes the error message from float(s) in the case where s contains only whitespace.
(cherry picked from commit 97e9cfa75a80b54a0630b7371f35e368a12749d1)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
calculations. (GH-95598) (GH-95821)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
| |
(cherry picked from commit 42b102bbf9a9ae6fae8f6710202fb7afeeac277c)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
| |
(GH-95246). (#95256)" (#95647)
This reverts commit 7f731943393d57cf26ed5f2353e6e53084cd55fd.
|
| |
|
|
|
| |
* Add test for inheriting explicit __dict__ and weakref.
* Restore 3.10 behavior for multiple inheritance of C extension classes that store their dictionary at the end of the struct.
|
| |
|
|
|
|
|
| |
(GH-95509)
(cherry picked from commit c7e5bbaee88a71dc6e633e3cd451ed1798436382)
Co-authored-by: Brandt Bucher <brandtbucher@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit bceb197947bbaebb11e01195bdce4f240fdf9332)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| |
|
|
|
| |
PyObject_GC_UnTrack during deallocation in debug mode (GH-95325) (#95336)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
| |
(#95256)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit 9007dec606b790c05e158e588b696f3c210c2795)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-95110)
(cherry picked from commit e4d3a96a113070fde433834a6c9fb79ebeebad4a)
Co-authored-by: Brandt Bucher <brandtbucher@microsoft.com>
|
| |
|
|
|
| |
(GH-95143)
(cherry picked from commit e402b26b7fb953a2f0c17a0044bb6d6cbd726e54)
|
| |
|
|
|
|
| |
(cherry picked from commit a6daaf2a132efbb1965b4502ff8a8cf3b5afed0e)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
| |
(cherry picked from commit 1834133e66d95a143c9df5f068b3109927aefd65)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
(GH-94891)
(cherry picked from commit f36589510b8708fa224d799d5b328deab558aa4e)
Co-authored-by: Brandt Bucher <brandtbucher@microsoft.com>
|
| |
|
|
|
| |
(cherry picked from commit 9b3f7792093c533608f70043aa2a7daf7f903a16)
Co-authored-by: neonene <53406459+neonene@users.noreply.github.com>
|
| |
|
|
|
|
| |
Co-authored-by: Serhiy Storchaka <3659035+serhiy-storchaka@users.noreply.github.com>
(cherry picked from commit 6442a9dd212fa18343db21849cf05c0181662c1f)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
POP_EXCEPT cases are no longer reachable (GH-94582) (GH-94595)
(cherry picked from commit 50b9a7762f06335277d9962edc8d39498601a4e4)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| |
|
|
|
| |
complete. (GH-94371) (#94482)
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
| |
* Account for NULLs on evaluation stack when jumping lines.
|
| |
|
| |
* Store offset of first traceable instruction to avoid having to recompute it all the time when tracing.
|
| |
|
|
|
|
|
| |
(GH-94375)
(cherry picked from commit c485ec014ce174bb3f5ae948151dc40e0f6d5f7f)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| |
|
| |
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
| |
(#93493)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Dennis Sweeney <36520290+sweeneyde@users.noreply.github.com>
|
| |
|
|
|
| |
(GH-94127)
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
| |
Because of the way wrap_descr_get is written, the second argument
to __get__ methods implemented through the wrapper is always
optional.
(cherry picked from commit 4e08fbcfdfa57ea94091aabdd09413708e3fb2bf)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
(GH-94032)
(cherry picked from commit 1603a1029f44f0fdc87c65b02063229962194f84)
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the follow functions and type from frameobject.h to pyframe.h,
so the standard <Python.h> provide frame getter functions:
* PyFrame_Check()
* PyFrame_GetBack()
* PyFrame_GetBuiltins()
* PyFrame_GetGenerator()
* PyFrame_GetGlobals()
* PyFrame_GetLasti()
* PyFrame_GetLocals()
* PyFrame_Type
Remove #include "frameobject.h" from many C files. It's no longer
needed.
(cherry picked from commit 27b989403356ccdd47545a93aeab8434e9c69f21)
|
| |
|
|
|
| |
(cherry picked from commit 774ef28814d0d9d57ec813cb31b0a7af6c476127)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 726448ebe15cd78e180c29c9858cb6c10a581524)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
list[int].__class__ returned type, and isinstance(list[int], type)
returned True. It caused numerous problems in code that checks
isinstance(x, type).
(cherry picked from commit f9433fff476aa13af9cb314fcc6962055faa4085)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
| |
Co-authored-by: chilaxan <35645806+chilaxan@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <3659035+serhiy-storchaka@users.noreply.github.com>
(cherry picked from commit 11190c4ad0d3722b8d263758ac802985131a5462)
Co-authored-by: Ken Jin <kenjin@python.org>
|
| |
|
|
|
| |
(cherry picked from commit 8a6af5a34642f5564220eb50d72caada8f17fc78)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
| |
Classes ReferenceType, ProxyType and CallableProxyType have now correct
atrtributes __module__, __name__ and __qualname__.
It makes them (types, not instances) pickleable.
(cherry picked from commit 8352e322e87ba39c71e578b65ad8ae156ca3e0c7)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
TypeVar and TypeVarTuple parameters (alt) (GH-93412) (GH-93746)
For example:
A[T, *Ts][*tuple[int, ...]] -> A[int, *tuple[int, ...]]
A[*Ts, T][*tuple[int, ...]] -> A[*tuple[int, ...], int]
(cherry picked from commit 3473817106c23eca7341c931453da0341c367e1d)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
| |
(cherry picked from commit e12f34b6d8200508bd50cdc9c6c5637732ff56e7)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
| |
(GH-93346)
For example: tuple[*Ts, list[T]][int, str, bool]
(cherry picked from commit f545fc955aeb701ae4e73b07ff2283f823d857b8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-92335) (#92484)
* gh-91162: Fix substitution of unpacked tuples in generic aliases (GH-92335)
(cherry picked from commit 9d25db9db1617f012d7dba118b5b8f2b9e25e116)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* Regenerate ABI file
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-93306)
(cherry picked from commit caa279d6fd5f151e57f891cd4f6ba51b532501c6)
This was added for bpo-40514 (gh-84694) to test out a per-interpreter GIL. However, it has since proven unnecessary to keep the experiment in the repo. (It can be done as a branch in a fork like normal.) So here we are removing:
* the configure option
* the macro
* the code enabled by the macro
Automerge-Triggered-By: GH:ericsnowcurrently
|
| |
|
|
|
| |
(cherry picked from commit d923fdf54bc97baece879179ba4971f632b9722b)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
|
| |
|
| |
merge_freemem(): set keys to NULL do it's harmless to call this again.
|
| | |
|
| | |
|
