| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Correctly pre-check for int-to-str conversion
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
objects (GH-27678) (GH-27721)
(cherry picked from commit bfc2d5a5c4550ab3a2fadeb9459b4bd948ff61a2)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Accessing the following attributes will now fire PEP 578 style audit hooks as (object.__getattr__, obj, name):
* PyTracebackObject: tb_frame
* PyFrameObject: f_code
* PyGenObject: gi_code, gi_frame
* PyCoroObject: cr_code, cr_frame
* PyAsyncGenObject: ag_code, ag_frame
(cherry picked from commit bb2f3ff7a8f0c3565ccc1946dba7e09a3f7dc209)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
| |
_PyInterpreterState_IDIncref() now calls
_PyInterpreterState_IDInitref() and always increments id_refcount.
(cherry picked from commit 32c5a174445ec93747240cd8472012276ed27acf)
|
| |
|
|
|
|
|
| |
Before, using the * operator to repeat a bytearray would copy data from the start of
the internal buffer (ob_bytes) and not from the start of the actual data (ob_start).
(cherry picked from commit 61d8c54f43a7871d016f98b38f86858817d927d5)
Co-authored-by: Tobias Holl <TobiasHoll@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-24906)
Python no longer fails at startup with a fatal error if a command
line argument contains an invalid Unicode character.
The Py_DecodeLocale() function now escapes byte sequences which would
be decoded as Unicode characters outside the [U+0000; U+10ffff]
range.
Use MAX_UNICODE constant in unicodeobject.c.
(cherry picked from commit 9976834f807ea63ca51bc4f89be457d734148682)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-24120)
Co-Authored-By: Andreas Schneider <asn@cryptomilk.org>
Co-Authored-By: Antoine Pitrou <antoine@python.org>.
Co-authored-by: Petr Viktorin <encukou@gmail.com>
(cherry picked from commit 056c08211b402b4dbc1530a9de9d00ad5309909f)
https://bugs.python.org/issue40052
|
| |
|
|
|
|
| |
(GH-23446). (GH-24025)
(cherry picked from commit ed1007c0d74e658d1e6c9b51b12ce7501eb8cbf9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several built-in and standard library types now ensure that their internal result tuples are always tracked by the garbage collector:
- collections.OrderedDict.items
- dict.items
- enumerate
- functools.reduce
- itertools.combinations
- itertools.combinations_with_replacement
- itertools.permutations
- itertools.product
- itertools.zip_longest
- zip
Previously, they could have become untracked by a prior garbage collection.
(cherry picked from commit 226a012d1cd61f42ecd3056c554922f359a1a35d)
|
| |
|
|
|
|
|
|
|
|
|
| |
PyType_FromModuleAndSpec() (GH-23410)
* There were leaks if Py_tp_bases is used more than once or if some call is
failed before setting tp_bases.
* There was a crash if the bases argument or the Py_tp_bases slot is not a tuple.
* The documentation was not accurate.
(cherry picked from commit 1db76394ea79030aa4ed5349c950f6c6da51450f)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
| |
func object (GH-22953)
func_dealloc() does not handle partially-created objects. Best not to give it any.
(cherry picked from commit 350526105fa9b131d8b941ae753378b741dabb2f)
Co-authored-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-19940)
(cherry picked from commit 3635388f52b42e5280229104747962117104c453)
Co-authored-by: Max Bernstein <tekknolagi@users.noreply.github.com>
|
| |
|
| |
(cherry picked from commit c13b847a6f913b72eeb71651ff626390b738d973)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-22551)
Enable recursion checks which were disabled when get __bases__ of
non-type objects in issubclass() and isinstance() and when intern
strings. It fixes a stack overflow when getting __bases__ leads
to infinite recursion.
Originally recursion checks was disabled for PyDict_GetItem() which
silences all errors including the one raised in case of detected
recursion and can return incorrect result. But now the code uses
PyDict_GetItemWithError() and PyDict_SetDefault() instead.
(cherry picked from commit 9ece9cd65cdeb0a1f6e60475bbd0219161c348ac)
|
| |
|
|
| |
warning (GH-22102)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
subclasses (GH-22020) (GH-22046)
When allocating MemoryError classes, there is some logic to use
pre-allocated instances in a freelist only if the type that is being
allocated is not a subclass of MemoryError. Unfortunately in the
destructor this logic is not present so the freelist is altered even
with subclasses of MemoryError..
(cherry picked from commit 9b648a95ccb4c3b14f1e87158f5c9f5dbb2f62c0)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>.
(cherry picked from commit 87e91ae2e5f81e096c32839f211c68a749a4435a)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
|
| |
Walk down the MRO backwards to find the type that originally defined the final `tp_setattro`, then make sure we are not jumping over intermediate C-level bases with the Python-level call.
Automerge-Triggered-By: @gvanrossum
(cherry picked from commit c53b310e5926266ce267c44a168165cacd786d6e)
Co-authored-by: scoder <stefan_ml@behnel.de>
|
| |
|
|
|
|
|
|
|
|
| |
(GH-21240)
The issue is triggered by the bytearray() + bytearray() operation.
Detected by GCC 10 static analysis tool.
(cherry picked from commit 61fc23ca106bc82955b0e59d1ab42285b94899e2)
Co-authored-by: stratakis <cstratak@redhat.com>
|
| |
|
|
|
| |
"tp_setattro()" (GH-21092) (GH-21339)
Backport to Py3.8.
|
| |
|
|
|
|
|
|
|
|
| |
(GH-20537)
Unexpected errors in calling the __iter__ method are no longer
masked by TypeError in the "in" operator and functions
operator.contains(), operator.indexOf() and operator.countOf().
(cherry picked from commit cafe1b6e9d3594a34aba50e872d4198296ffaadf)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit c81609e44eed641d3b8a137daa31ef35501c1f85)
Co-authored-by: Hai Shi <shihai1992@gmail.com>
|
| |
|
|
|
|
| |
PyDescr_NewMethod() and PyCFunction_NewEx() now include the method
name in the SystemError "bad call flags" error message to ease debug.
(cherry picked from commit c7d2d69d95b263ee5f83511bc6fbe53acdc24ea3)
|
| |
|
|
|
|
| |
is called with invalid base. (GH-18863). (GH-18954)
(cherry picked from commit e5ccc94bbb153431698b2391df625e8d47a93276)
|
| |
|
|
|
|
|
|
| |
tp_traverse and tp_clear (GH-18749) (GH-18756)
Objects do not own weak references to them directly through the __weakref__ list so these
do not need to be traversed by the GC.
(cherry picked from commit 0c2b509)
|
| |
|
|
|
|
| |
(cherry picked from commit ee3bac4cba56b51ce924f13d77b97131eec1a865)
Authored-by: Stefan Krah <skrah@bytereef.org>
|
| |
|
|
|
|
|
| |
Hold reference of __bases__ tuple until tuple item is done with, because by
dropping the reference the item may be destroyed.
(cherry picked from commit 1c56f8ffad44478b4214a2bf8eb7cf51c28a347a)
Co-authored-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
|
| |
|
|
| |
(GH-18204)
|
| |
|
|
|
|
|
|
| |
*. (GH-18511)
(cherry picked from commit 7386a70746cf9aaf2d95db75d9201fb124f085df)
Co-authored-by: Andy Lester <andy@petdance.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-18475) (GH-18501)
The fix for [bpo-39386](https://bugs.python.org/issue39386) attempted to make it so you couldn't reuse a
agen.aclose() coroutine object. It accidentally also prevented you
from calling aclose() at all on an async generator that was already
closed or exhausted. This commit fixes it so we're only blocking the
actually illegal cases, while allowing the legal cases.
The new tests failed before this patch. Also confirmed that this fixes
the test failures we were seeing in Trio with Python dev builds:
https://github.com/python-trio/trio/pull/1396
https://bugs.python.org/issue39606
(cherry picked from commit 925dc7fb1d0db85dc137afa4cd14211bf0d67414)
Co-authored-by: Nathaniel J. Smith <njs@pobox.com>
https://bugs.python.org/issue39606
Automerge-Triggered-By: @njsmith
|
| |
|
|
|
| |
(cherry picked from commit 95905ce0f41fd42eb1ef60ddb83f057401c3d52f)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc -Wcast-qual turns up a number of instances of casting away constness of pointers. Some of these can be safely modified, by either:
Adding the const to the type cast, as in:
- return _PyUnicode_FromUCS1((unsigned char*)s, size);
+ return _PyUnicode_FromUCS1((const unsigned char*)s, size);
or, Removing the cast entirely, because it's not necessary (but probably was at one time), as in:
- PyDTrace_FUNCTION_ENTRY((char *)filename, (char *)funcname, lineno);
+ PyDTrace_FUNCTION_ENTRY(filename, funcname, lineno);
These changes will not change code, but they will make it much easier to check for errors in consts
(cherry picked from commit e6be9b59a911626d6597fe148c32f0342bd2bd24)
Co-authored-by: Andy Lester <andy@petdance.com>
|
| |
|
|
|
|
|
|
| |
Improvements in listsort.txt and a comment in sortperf.py.
Automerge-Triggered-By: @csabella
(cherry picked from commit 24e5ad4689de9adc8e4a7d8c08fe400dcea668e6)
Co-authored-by: Stefan Pochmann <stefan.pochmann@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugs.python.org/issue39425
Automerge-Triggered-By: @pablogsal
(cherry picked from commit 14d80d0b605d8b148e14458e4c1853a940071462)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
|
| |
|
|
|
|
|
| |
floatobject.c. (GH-18105)
(cherry picked from commit 0d5eac8c327251f8edde5261cee43975d81311f6)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit a96e06db77dcbd3433d39761ddb4615d7d96284a)
Co-authored-by: Andrew Svetlov <andrew.svetlov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(GH-16630)
Some objects like Py_None are not initialized with conventional means
that prepare the circular linked list pointers, leaving them unlinked
from the rest of the objects. For those objects, NULL pointers does
not mean that they are freed, so we need to skip the check in those
cases.
(cherry picked from commit 36e33c360ed7716a2b5ab2b53210da81f8ce1295)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 22424c02e51fab3b62cbe255d0b87d1b55b9a6c3)
Co-authored-by: Anthony Sottile <asottile@umich.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-17764)
* [3.8] bpo-38588: Fix possible crashes in dict and list when calling PyObject_RichCompareBool (GH-17734)
Take strong references before calling PyObject_RichCompareBool to protect against the case
where the object dies during the call.
(cherry picked from commit 2d5bf568eaa5059402ccce9ba5a366986ba27c8a)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
* Update Objects/listobject.c
@methane's suggestion
Co-Authored-By: Inada Naoki <songofacandy@gmail.com>
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
|
| |
|
|
|
|
| |
Hold strong references to list elements while calling PyObject_RichCompareBool().
(cherry picked from commit d9e561d23d994e3ed15f4fcbd7ee5c8fe50f190b)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
|
| |
|
|
|
|
|
| |
(GH-17702)
(cherry picked from commit c0052f3fe3d19820b2d4f76e383035439affe32c)
Co-authored-by: Batuhan Taşkaya <47358913+isidentical@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
called (GH-17394)
(cherry picked from commit c7c01ab1e5415b772c68e15f1aba51e520010830)
Co-authored-by: Steve Dower <steve.dower@python.org>
|
| |
|
|
|
|
|
|
| |
Ignore `GeneratorExit` exceptions when throwing an exception into the `aclose` coroutine of an asynchronous generator.
https://bugs.python.org/issue35409
(cherry picked from commit 8e0de2a4808d7c2f4adedabff89ee64e0338790a)
Co-authored-by: Vincent Michel <vxgmichel@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 2e3d873d3bd0ef4708c4fa06b6cd6972574cb9af)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
| |
dict (GH-16846)
The reverse iterator for empty dictionaries was not handling correctly shared-key dictionaries.
(cherry picked from commit 24dc2f8c56697f9ee51a4887cf0814b6600c1815)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* bpo-36389: _PyObject_CheckConsistency() available in release mode (GH-16612)
bpo-36389, bpo-38376: The _PyObject_CheckConsistency() function is
now also available in release mode. For example, it can be used to
debug a crash in the visit_decref() function of the GC.
Modify the following functions to also work in release mode:
* _PyDict_CheckConsistency()
* _PyObject_CheckConsistency()
* _PyType_CheckConsistency()
* _PyUnicode_CheckConsistency()
Other changes:
* _PyMem_IsPtrFreed(ptr) now also returns 1 if ptr is NULL
(equals to 0).
* _PyBytesWriter_CheckConsistency() now returns 1 and is only used
with assert().
* Reorder _PyObject_Dump() to write safe fields first, and only
attempt to render repr() at the end.
(cherry picked from commit 6876257eaabdb30f27ebcbd7d2557278ce2e5705)
* bpo-36389: Fix _PyBytesWriter in release mode (GH-16624)
Fix _PyBytesWriter API when Python is built in release mode with
assertions.
(cherry picked from commit 60ec6efd96d95476fe5e38c491491add04f026e5)
* bpo-38070: Enhance visit_decref() debug trace (GH-16631)
subtract_refs() now pass the parent object to visit_decref() which
pass it to _PyObject_ASSERT(). So if the "is freed" assertion fails,
the parent is used in debug trace, rather than the freed object. The
parent object is more likely to contain useful information. Freed
objects cannot be inspected are are displayed as "<object at xxx is
freed>" with no other detail.
(cherry picked from commit 4d5f94b8cd20f804c7868c5395a15aa6032f874c)
* Fix also a typo in PYMEM_DEADBYTE macro comment
* bpo-36389: Add newline to _PyObject_AssertFailed() (GH-16629)
Add a newline between the verbose object dump and the Py_FatalError()
logs for readability.
(cherry picked from commit 7775349895088a7ae68cecf0c74cf817f15e2c74)
|
| |
|
|
|
| |
(cherry picked from commit c39d1ddc012987e2159a997e27665d2d579c0ce0)
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
|
| |
|
| |
(cherry picked from commit 09895c27cd8ff60563a794016e8c099bc897cc74)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The implementation of weakref.proxy's methods call back into the Python
API using a borrowed references of the weakly referenced object
(acquired via PyWeakref_GET_OBJECT). This API call may delete the last
reference to the object (either directly or via GC), leaving a dangling
pointer, which can be subsequently dereferenced.
To fix this, claim a temporary ownership of the referenced object when
calling the appropriate method. Some functions because at the moment they
do not need to access the borrowed referent, but to protect against
future changes to these functions, ownership need to be fixed in
all potentially affected methods..
(cherry picked from commit 10cd00a9e3c22af37c748ea5a417f6fb66601e21)
Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
|
| |
|
|
|
|
|
| |
bytearray. (GH-16603)
(cherry picked from commit 24ddd9c2d6ab61cbce7e68d6de36d4df9bd2c3fb)
Co-authored-by: Hai Shi <shihai1992@gmail.com>
|
