Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Objects
History
Mark Dickinson b126196838
gh-95778: Correctly pre-check for int-to-str conversion (#96537) 
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)

The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.

The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```

In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$

From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
 		2022-09-04 09:21:18 -07:00
..
clinic gh-90928: Improve static initialization of keywords tuple in AC (#95907) 2022-08-13 12:09:40 +02:00
stringlib gh-90928: Improve static initialization of keywords tuple in AC (#95907) 2022-08-13 12:09:40 +02:00
README
abstract.c gh-93741: Add private C API _PyImport_GetModuleAttrString() (GH-93742) 2022-06-14 07:15:26 +03:00
asm_trampoline.S gh-96143: Allow Linux perf profiler to see Python calls (GH-96123) 2022-08-30 10:11:18 -07:00
boolobject.c GH-90699: fix ref counting of static immortal strings (gh-94850) 2022-07-20 15:23:30 +09:00
bytearrayobject.c GH-91153: Handle mutating __index__ methods in bytearray item assignment (GH-94891) 2022-07-19 09:42:40 -07:00
bytes_methods.c gh-93033: Use wmemchr in stringlib (GH-93034) 2022-05-24 10:45:31 +09:00
bytesobject.c GH-93207: Remove HAVE_STDARG_PROTOTYPES configure check for stdarg.h (#93215) 2022-05-27 13:30:45 +02:00
call.c gh-93274: Expose receiving vectorcall in the Limited API (GH-95717) 2022-08-08 14:12:05 +02:00
capsule.c bpo-45855: document that `no_block` has no use anymore in PyCapsule_Import (#29665) 2021-12-12 10:49:50 +01:00
cellobject.c gh-89653: PEP 670: Convert PyCell macros to functions (#92653) 2022-05-11 23:24:48 +02:00
classobject.c bpo-46764: Fix wrapping bound method with @classmethod (#31367) 2022-05-04 23:00:21 -05:00
codeobject.c GH-96187: Prevent _PyCode_GetExtra to return garbage for negative indexes (GH-96188) 2022-08-23 11:13:53 +01:00
complexobject.c bpo-46541: Replace core use of _Py_IDENTIFIER() with statically initialized global objects. (gh-30928) 2022-02-08 13:39:07 -07:00
descrobject.c gh-87995: Make MappingProxyType hashable (GH-94252) 2022-06-28 11:54:58 +02:00
dictnotes.txt bpo-46845: Reduce dict size when all keys are Unicode (GH-31564) 2022-03-02 08:09:28 +09:00
dictobject.c Remove dead code in _PyDict_GetItemHint and rename to _PyDict_LookupIndex (GH-95948) 2022-08-18 10:19:21 +01:00
enumobject.c bpo-46541: Replace core use of _Py_IDENTIFIER() with statically initialized global objects. (gh-30928) 2022-02-08 13:39:07 -07:00
exception_handling_notes.txt gh-96455: update example in exception_handling_notes.txt to the 3.11RC bytecode (GH-96456) 2022-09-01 14:21:39 +01:00
exceptions.c gh-96005: Handle WASI ENOTCAPABLE in getpath (GH-96006) 2022-08-16 20:20:15 +02:00
fileobject.c gh-93741: Add private C API _PyImport_GetModuleAttrString() (GH-93742) 2022-06-14 07:15:26 +03:00
floatobject.c gh-95605: Fix `float(s)` error message when `s` contains only whitespace (GH-95665) 2022-08-10 19:25:39 +01:00
frame_layout.md GH-89480: Document motivation, design and implementation of 3.11 frame stack. (GH-32304) 2022-04-11 16:05:20 +01:00
frameobject.c gh-93554: Conditional jump opcodes only jump forward (GH-96318) 2022-09-01 21:36:47 +01:00
funcobject.c Fix the closure argument to PyEval_EvalCodeEx. (GH-92175) 2022-05-02 14:08:22 -06:00
genericaliasobject.c gh-94607: Fix subclassing generics (GH-94610) 2022-07-09 12:18:01 +08:00
genobject.c GH-90997: Wrap yield from/await in a virtual try/except StopIteration (GH-96010) 2022-08-19 12:33:44 -07:00
interpreteridobject.c bpo-35081: Move interpreteridobject.h to Include/internal/ (GH-28969) 2021-10-15 11:56:34 +02:00
iterobject.c bpo-46541: Replace core use of _Py_IDENTIFIER() with statically initialized global objects. (gh-30928) 2022-02-08 13:39:07 -07:00
listobject.c gh-91247: Use memcpy for list and tuple repeat (#91482) 2022-07-25 22:10:23 -04:00
listsort.txt Fix typos in the Objects directory (GH-28766) 2021-10-06 16:57:10 -07:00
lnotab_notes.txt bpo-44525: Split calls into PRECALL and CALL (GH-30011) 2021-12-14 18:22:44 +00:00
locations.md GH-88116: Use a compact format to represent end line and column offsets. (GH-91666) 2022-04-21 16:10:37 +01:00
longobject.c gh-95778: Correctly pre-check for int-to-str conversion (#96537) 2022-09-04 09:21:18 -07:00
memoryobject.c gh-92888: Fix memoryview bad `__index__` use after free (GH-92946) 2022-06-17 23:14:53 +08:00
methodobject.c Use static inline function Py_EnterRecursiveCall() (#91988) 2022-05-04 13:30:23 +02:00
moduleobject.c no-issue: Add assertion to PyModule_GetName for understanding (GH-32236) 2022-04-02 09:56:30 +09:00
namespaceobject.c bpo-45482: Rename namespaceobject.h to pycore_namespace.h (GH-28975) 2021-10-15 15:21:21 +02:00
object.c GH-95707: Fix uses of `Py_TPFLAGS_MANAGED_DICT` (GH-95854) 2022-08-15 12:29:27 +01:00
object_layout.md GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
object_layout_312.gv GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
object_layout_312.png GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
object_layout_full_312.gv GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
object_layout_full_312.png GH-96068: Document object layout (GH-96069) 2022-08-23 13:55:43 +01:00
obmalloc.c gh-94841: Ensure arena_map_get() is inlined in PyObject_Free() (#94842) 2022-07-14 11:33:25 -07:00
odictobject.c gh-91320: Use _PyCFunction_CAST() (#92251) 2022-05-03 21:42:14 +02:00
perf_trampoline.c gh-96143: Add some comments and minor fixes missed in the original PR (#96433) 2022-08-30 19:37:22 +01:00
picklebufobject.c gh-91118: Fix docstrings that do not honor --without-doc-strings (#31769) 2022-04-17 20:39:32 -07:00
rangeobject.c GH-91432: Specialize FOR_ITER (GH-91713) 2022-06-21 11:19:26 +01:00
setobject.c gh-90861: Memory optimization for set.issubset (gh-92799) 2022-05-14 17:58:19 +09:00
sliceobject.c GH-94163: Add BINARY_SLICE and STORE_SLICE instructions. (GH-94168) 2022-06-27 12:24:23 +01:00
structseq.c gh-94673: Add Per-Interpreter tp_subclasses for Static Builtin Types (gh-95301) 2022-08-04 19:26:59 -06:00
tupleobject.c gh-91247: Use memcpy for list and tuple repeat (#91482) 2022-07-25 22:10:23 -04:00
typeobject.c gh-96046: Initialize ht_cached_keys in PyType_Ready() (GH-96047) 2022-08-21 22:24:03 -07:00
typeslots.inc bpo-41073: PyType_GetSlot() can now accept static types. (GH-21931) 2020-11-10 12:53:46 -08:00
typeslots.py bpo-41073: PyType_GetSlot() can now accept static types. (GH-21931) 2020-11-10 12:53:46 -08:00
unicodectype.c bpo-46670: Remove unused macros in the Objects directory (GH-31193) 2022-02-07 16:21:41 +01:00
unicodeobject.c GH-96458: Statically initialize utf8 representation of static strings (#96481) 2022-09-02 23:43:08 -07:00
unicodetype_db.h closes bpo-45190: Update Unicode data to version 14.0.0. (GH-28336) 2021-09-14 11:00:38 -07:00
unionobject.c gh-91603: Speed up isinstance/issubclass on union types (GH-91631) 2022-04-28 23:24:19 +08:00
weakrefobject.c gh-94673: Add Per-Interpreter tp_weaklist for Static Builtin Types (#95302) 2022-07-28 19:23:47 -06:00

README 

Source files for various builtin objects