mirror of
https://github.com/python/cpython.git
synced 2025-12-08 06:10:17 +00:00
cec1e9dfd7
* Correctly pre-check for int-to-str conversion (#96537) Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =) The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact. The justification for the current check. The C code check is: ```c max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10 ``` In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is: $$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$ From this it follows that $$\frac{M}{3L} < \frac{s-1}{10}$$ hence that $$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$ So $$2^{L(s-1)} > 10^M.$$ But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check. <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Dickinson <dickinsm@gmail.com> |
||
|---|---|---|
| .. | ||
| c-api | ||
| data | ||
| distributing | ||
| distutils | ||
| extending | ||
| faq | ||
| howto | ||
| includes | ||
| install | ||
| installing | ||
| library | ||
| reference | ||
| tools | ||
| tutorial | ||
| using | ||
| whatsnew | ||
| about.rst | ||
| bugs.rst | ||
| conf.py | ||
| contents.rst | ||
| copyright.rst | ||
| glossary.rst | ||
| license.rst | ||
| make.bat | ||
| Makefile | ||
| README.rst | ||
| requirements.txt | ||
| runtime.txt | ||
Python Documentation README ~~~~~~~~~~~~~~~~~~~~~~~~~~~ This directory contains the reStructuredText (reST) sources to the Python documentation. You don't need to build them yourself, `prebuilt versions are available <https://docs.python.org/dev/download.html>`_. Documentation on authoring Python documentation, including information about both style and markup, is available in the "`Documenting Python <https://devguide.python.org/documenting/>`_" chapter of the developers guide. Building the docs ================= The documentation is built with several tools which are not included in this tree but are maintained separately and are available from `PyPI <https://pypi.org/>`_. * `Sphinx <https://pypi.org/project/Sphinx/>`_ * `blurb <https://pypi.org/project/blurb/>`_ * `python-docs-theme <https://pypi.org/project/python-docs-theme/>`_ The easiest way to install these tools is to create a virtual environment and install the tools into there. Using make ---------- To get started on UNIX, you can create a virtual environment and build documentation with the commands:: make venv make html The virtual environment in the ``venv`` directory will contain all the tools necessary to build the documentation downloaded and installed from PyPI. If you'd like to create the virtual environment in a different location, you can specify it using the ``VENVDIR`` variable. You can also skip creating the virtual environment altogether, in which case the Makefile will look for instances of ``sphinxbuild`` and ``blurb`` installed on your process ``PATH`` (configurable with the ``SPHINXBUILD`` and ``BLURB`` variables). On Windows, we try to emulate the Makefile as closely as possible with a ``make.bat`` file. If you need to specify the Python interpreter to use, set the PYTHON environment variable. Available make targets are: * "clean", which removes all build files and the virtual environment. * "clean-venv", which removes the virtual environment directory. * "venv", which creates a virtual environment with all necessary tools installed. * "html", which builds standalone HTML files for offline viewing. * "htmlview", which re-uses the "html" builder, but then opens the main page in your default web browser. * "htmlhelp", which builds HTML files and a HTML Help project file usable to convert them into a single Compiled HTML (.chm) file -- these are popular under Microsoft Windows, but very handy on every platform. To create the CHM file, you need to run the Microsoft HTML Help Workshop over the generated project (.hhp) file. The make.bat script does this for you on Windows. * "latex", which builds LaTeX source files as input to "pdflatex" to produce PDF documents. * "text", which builds a plain text file for each source file. * "epub", which builds an EPUB document, suitable to be viewed on e-book readers. * "linkcheck", which checks all external references to see whether they are broken, redirected or malformed, and outputs this information to stdout as well as a plain-text (.txt) file. * "changes", which builds an overview over all versionadded/versionchanged/ deprecated items in the current version. This is meant as a help for the writer of the "What's New" document. * "coverage", which builds a coverage overview for standard library modules and C API. * "pydoc-topics", which builds a Python module containing a dictionary with plain text documentation for the labels defined in `tools/pyspecific.py` -- pydoc needs these to show topic and keyword help. * "suspicious", which checks the parsed markup for text that looks like malformed and thus unconverted reST. * "check", which checks for frequent markup errors. * "serve", which serves the build/html directory on port 8000. * "dist", (Unix only) which creates distributable archives of HTML, text, PDF, and EPUB builds. Without make ------------ First, install the tool dependencies from PyPI. Then, from the ``Doc`` directory, run :: sphinx-build -b<builder> . build/<builder> where ``<builder>`` is one of html, text, latex, or htmlhelp (for explanations see the make targets above). Deprecation header ================== You can define the ``outdated`` variable in ``html_context`` to show a red banner on each page redirecting to the "latest" version. The link points to the same page on ``/3/``, sadly for the moment the language is lost during the process. Contributing ============ Bugs in the content should be reported to the `Python bug tracker <https://bugs.python.org>`_. Bugs in the toolset should be reported to the tools themselves. You can also send a mail to the Python Documentation Team at docs@python.org, and we will process your request as soon as possible. If you want to help the Documentation Team, you are always welcome. Just send a mail to docs@python.org.