Commit Graph

7552 Commits

Author SHA1 Message Date
Mark Dickinson b126196838
gh-95778: Correctly pre-check for int-to-str conversion (#96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)

The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.

The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```

In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$

From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2022-09-04 09:21:18 -07:00
Kumar Aditya 6dab8c95bd
GH-96458: Statically initialize utf8 representation of static strings (#96481) 2022-09-02 23:43:08 -07:00
Gregory P. Smith 511ca94520
gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96499)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#). Much of that text wound up in the Issue. Backports PRs already exist. See the issue for links.
2022-09-02 09:35:08 -07:00
Irit Katriel 4c72517cad
gh-93554: Conditional jump opcodes only jump forward (GH-96318) 2022-09-01 21:36:47 +01:00
Irit Katriel a91f25577c
gh-96455: update example in exception_handling_notes.txt to the 3.11RC bytecode (GH-96456) 2022-09-01 14:21:39 +01:00
Pablo Galindo Salgado f49dd54b72
gh-96143: Add some comments and minor fixes missed in the original PR (#96433)
* gh-96132: Add some comments and minor fixes missed in the original PR

* Update Doc/using/cmdline.rst

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>

Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
2022-08-30 19:37:22 +01:00
Pablo Galindo Salgado 6d791a9736
gh-96143: Allow Linux perf profiler to see Python calls (GH-96123)
⚠️  ⚠️ Note for reviewers, hackers and fellow systems/low-level/compiler engineers ⚠️ ⚠️ 

If you have a lot of experience with this kind of shenanigans and want to improve the **first** version, **please make a PR against my branch** or **reach out by email** or **suggest code changes directly on GitHub**. 

If you have any **refinements or optimizations** please, wait until the first version is merged before starting hacking or proposing those so we can keep this PR productive.
2022-08-30 10:11:18 -07:00
Mark Shannon c09fa7542c
GH-96237: Allow non-functions as reference-holder in frames. (GH-96238) 2022-08-25 10:16:55 +01:00
Mark Shannon 575f8880bf
GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
Pablo Galindo Salgado 16ebae4cd4
GH-96187: Prevent _PyCode_GetExtra to return garbage for negative indexes (GH-96188) 2022-08-23 11:13:53 +01:00
Kumar Aditya 129998bd7b
GH-96075: move interned dict under runtime state (GH-96077) 2022-08-22 12:05:21 -07:00
Christian Heimes 53e6a9a725
gh-96046: Initialize ht_cached_keys in PyType_Ready() (GH-96047) 2022-08-21 22:24:03 -07:00
Brandt Bucher 5bfb3c372b
GH-90997: Wrap yield from/await in a virtual try/except StopIteration (GH-96010) 2022-08-19 12:33:44 -07:00
Christian Heimes d9c1b746b5
gh-96017: Fix some compiler warnings (GH-96018)
- "comparison of integers of different signs" in typeobject.c
- only define static_builtin_index_is_set in DEBUG builds
- only define recreate_gil with ifdef HAVE_FORK
2022-08-19 08:08:43 +02:00
Matthias Görgens 4a6fa89465
Remove dead code in _PyDict_GetItemHint and rename to _PyDict_LookupIndex (GH-95948) 2022-08-18 10:19:21 +01:00
Mark Shannon b73e3b6d4a
GH-95589: Dont crash when subclassing extension classes with multiple inheritance (GH-96028)
* Treat tp_weakref and tp_dictoffset like other opaque slots for multiple inheritance.

* Document Py_TPFLAGS_MANAGED_DICT and Py_TPFLAGS_MANAGED_WEAKREF in what's new.
2022-08-17 12:50:53 +01:00
Ken Jin 7276ca25f5
GH-93911: Specialize `LOAD_ATTR` for custom `__getattribute__` (GH-93988) 2022-08-17 12:37:07 +01:00
Christian Heimes 48174fa0b9
gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006)
- On WASI `ENOTCAPABLE` is now mapped to `PermissionError`.
- The `errno` modules exposes the new error number.
- `getpath.py` now ignores `PermissionError` when it cannot open landmark
  files `pybuilddir.txt` and `pyenv.cfg`.
2022-08-16 20:20:15 +02:00
Mark Shannon 5a8c15819c
GH-95245: Move weakreflist into the pre-header. (GH-95996) 2022-08-16 13:57:18 +01:00
Mark Shannon 3ef3c6306d
GH-95707: Fix uses of `Py_TPFLAGS_MANAGED_DICT` (GH-95854)
* Make sure that tp_dictoffset is correct with Py_TPFLAGS_MANAGED_DICT is set.

* Avoid traversing managed dict twice when subclassing class with Py_TPFLAGS_MANAGED_DICT set.
2022-08-15 12:29:27 +01:00
Kumar Aditya f2afdf3352
GH-95977: Speed up calling pure python descriptor __get__ with vectorcall (gh-95978) 2022-08-15 00:13:42 +09:00
Erlend E. Aasland f07adf82f3
gh-90928: Improve static initialization of keywords tuple in AC (#95907) 2022-08-13 12:09:40 +02:00
Eric Snow 6f6a4e6cc5
gh-90928: Statically Initialize the Keywords Tuple in Clinic-Generated Code (gh-95860)
We only statically initialize for core code and builtin modules.  Extension modules still create
the tuple at runtime.  We'll solve that part of interpreter isolation separately.

This change includes generated code. The non-generated changes are in:

* Tools/clinic/clinic.py
* Python/getargs.c
* Include/cpython/modsupport.h
* Makefile.pre.in (re-generate global strings after running clinic)
* very minor tweaks to Modules/_codecsmodule.c and Python/Python-tokenize.c

All other changes are generated code (clinic, global strings).
2022-08-11 15:25:49 -06:00
Mark Dickinson 97e9cfa75a
gh-95605: Fix `float(s)` error message when `s` contains only whitespace (GH-95665)
This PR fixes the error message from float(s) in the case where s contains only whitespace.
2022-08-10 19:25:39 +01:00
Petr Viktorin 71c3d649b5
gh-95504: Fix negative numbers in PyUnicode_FromFormat (GH-95848)
Co-authored-by: philg314 <110174000+philg314@users.noreply.github.com>
2022-08-10 13:12:40 +02:00
Mark Shannon 8d37c62c2a
GH-92678: Document that you shouldn't be doing your own dictionary offset calculations. (GH-95598)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Stanley <46876382+slateny@users.noreply.github.com>
2022-08-09 14:26:37 +01:00
Serhiy Storchaka 62f06508e7
gh-95781: More strict format string checking in PyUnicode_FromFormatV() (GH-95784)
An unrecognized format character in PyUnicode_FromFormat() and
PyUnicode_FromFormatV() now sets a SystemError.
In previous versions it caused all the rest of the format string to be
copied as-is to the result string, and any extra arguments discarded.
2022-08-08 19:21:07 +03:00
Petr Viktorin 656dad702d
gh-93274: Expose receiving vectorcall in the Limited API (GH-95717) 2022-08-08 14:12:05 +02:00
Tim Gates 32b49f613a
docs: Fix a few typos (#94899)
- overriden => overridden
- calcualation => calculation

Signed-off-by: Tim Gates <tim.gates@iress.com>
2022-08-08 10:02:45 +02:00
Eric Snow 87154d8dd8
gh-94673: Add Per-Interpreter tp_subclasses for Static Builtin Types (gh-95301) 2022-08-04 19:26:59 -06:00
Eric Snow bdbadb905a
gh-94673: Recover Weaklist Lookup Performance (gh-95544)
gh-95302 seems to have introduced a small performance regression. Here we make some minor changes to recover that lost performance.
2022-08-04 11:28:15 -06:00
Petr Viktorin 7b370b7305
gh-93274: Make vectorcall safe on mutable classes & inherit it by default (#95437) 2022-08-04 17:19:29 +02:00
Petr Viktorin a613fedd6e
gh-95388: Deprecate creating immutable types with mutable bases (GH-95533) 2022-08-04 16:13:45 +02:00
Ken Jin 42b102bbf9
gh-94936: C getters: co_varnames, co_cellvars, co_freevars (#95008) 2022-08-04 06:53:31 -07:00
Mark Shannon 906e450932
GH-92678: Fix tp_dictoffset inheritance. (GH-95596)
* Add test for inheriting explicit __dict__ and weakref.

* Restore 3.10 behavior for multiple inheritance of C extension classes that store their dictionary at the end of the struct.
2022-08-03 18:56:24 +01:00
Brandt Bucher c7e5bbaee8
GH-95150: Use position and exception tables for code hashing and equality (GH-95509) 2022-08-01 11:02:56 -07:00
Mark Shannon de388c0a7b
GH-95245: Store object values and dict pointers in single tagged pointer. (GH-95278) 2022-08-01 14:34:54 +01:00
Dong-hee Na fb75d015f4
gh-91146: More reduce allocation size of list from str.split/rsplit (gh-95493)
Co-authored-by: Inada Naoki <songofacandy@gmail.com>
2022-08-01 22:15:07 +09:00
Dong-hee Na 50b2261bda
gh-91146: Reduce allocation size of list from str.split()/rsplit() (gh-95473) 2022-07-31 12:14:53 +09:00
Eric Snow 3e7cad3bca
gh-94673: Add Per-Interpreter tp_weaklist for Static Builtin Types (#95302)
* Store tp_weaklist on the interpreter state for static builtin types.

* Factor out _PyStaticType_GET_WEAKREFS_LISTPTR().

* Add _PyStaticType_ClearWeakRefs().

* Add a comment about how _PyStaticType_ClearWeakRefs() loops.

* Document the change.

* Update Doc/whatsnew/3.12.rst

* Fix a typo.
2022-07-28 19:23:47 -06:00
Pamela Fox 70068b9336
Fix Unicode doc and replace use of macro with PyMem_New function (GH-94088) 2022-07-28 23:32:16 +01:00
Irit Katriel bceb197947
gh-95369: add missing decref in error case of exception group's split (GH-95370) 2022-07-28 11:38:46 +01:00
Pablo Galindo Salgado f40bc7fa49
gh-95324: Emit a warning if an object doesn't call PyObject_GC_UnTrack during deallocation in debug mode (#95325) 2022-07-27 16:03:38 +01:00
Aivars Kalvāns 8c88e360e7
gh-95005: Replace PyAccu with PyUnicodeWriter (gh-95006) 2022-07-27 17:43:34 +09:00
Eric Snow 47e75a0025
gh-94673: Add Per-Interpreter Storage for Static Builtin Types (#95255)
This is the last precursor to storing tp_subclasses (and tp_weaklist) on the interpreter state for static builtin types.

Here we add per-type storage on PyInterpreterState, but only for the static builtin types.  This involves the following:

* add PyInterpreterState.types
   * move PyInterpreterState.type_cache to it
   * add a "num_builtins_initialized" field
   * add a "builtins" field (a static array big enough for all the static builtin types)
* add _PyStaticType_GetState() to look up a static builtin type's state
* (temporarily) add PyTypeObject.tp_static_builtin_index (to hold the type's index into PyInterpreterState.types.builtins)

We will be eliminating tp_static_builtin_index in a later change.
2022-07-26 17:26:43 -06:00
Pieter Eendebak 2ef73be891
gh-91247: Use memcpy for list and tuple repeat (#91482)
* Add _Py_memory_repeat function to pycore_list

* Add _Py_RefcntAdd function to pycore_object

* Use the new functions in tuplerepeat, list_repeat, and list_inplace_repeat
2022-07-25 22:10:23 -04:00
Mark Shannon 27055d766a
GH-92678: Expose managed dict clear and visit functions (#95246) 2022-07-25 22:30:53 +01:00
Eric Snow 2d26449b06
gh-94673: Always Finalize Static Builtin Types (#95153)
Static builtin types are finalized by calling _PyStaticType_Dealloc().  Before this change, we were skipping finalizing such a type if it still had subtypes (i.e. its tp_subclasses hadn't been cleared yet).  The problem is that types hold several heap objects, which leak if we skip the type's finalization.  This change addresses that.

For context, there's an old comment (from e9e3eab0b8) that says the following:

   // If a type still has subtypes, it cannot be deallocated.
   // A subtype can inherit attributes and methods of its parent type,
   // and a type must no longer be used once it's deallocated.

However, it isn't clear that is actually still true.  Clearing tp_dict should mean it isn't a problem.

Furthermore, the only subtypes that might still be around come from extension modules that didn't clean them up when unloaded (i.e. extensions that do not implement multi-phase initialization, AKA PEP 489).  Those objects are already leaking, so this change doesn't change anything in that regard.  Instead, this change means more objects gets cleaned up that before.
2022-07-25 14:23:41 -06:00
Eric Snow 4a1dd73431
gh-94673: Add _PyStaticType_InitBuiltin() (#95152)
This is the first of several precursors to storing tp_subclasses (and tp_weaklist) on the interpreter state for static builtin types.

We do the following:

* add `_PyStaticType_InitBuiltin()`
* add `_Py_TPFLAGS_STATIC_BUILTIN`
* set it on all static builtin types in `_PyStaticType_InitBuiltin()`
* shuffle some code around to be able to use _PyStaticType_InitBuiltin()
    * rename `_PyStructSequence_InitType()` to `_PyStructSequence_InitBuiltinWithFlags()`
    * add `_PyStructSequence_InitBuiltin()`.
2022-07-25 12:47:31 -06:00
Pablo Galindo Salgado 9007dec606
gh-95173: Revert commit 51ed2c56a1 (#95176) 2022-07-24 22:33:06 +01:00