Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-134873: Fix a DOS issue in idlelib#134874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
johnzhou721 wants to merge7 commits intopython:main
base:main
Choose a base branch
Loading
fromjohnzhou721:idledos

Conversation

johnzhou721
Copy link
Contributor

@johnzhou721johnzhou721 commentedMay 29, 2025
edited by bedevere-appbot
Loading

A DOS by Quadratic complexity issue is fixed in idlelib. Part of (but does not fix)#134873.

@terryjreedyterryjreedy moved this toIn Progress inIDLE IssuesMay 29, 2025
@terryjreedyterryjreedy self-assigned thisMay 29, 2025
@terryjreedy
Copy link
Member

I believe that the 6 lines from 1205 to 1210 can be replaced by 2 lines -- an re.match and an f-string. I will submit an alternate proposal later. I believe that the inputvevent name should have either no <>s or 2 of each, with maybe the latter for back compatibility (I will test). But I will may stick with the more general code to not break buggy extensions.

Copy link
Member

@ZeroIntensityZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Assuming this is the fix that we go with, let's add a test case.

@ZeroIntensityZeroIntensity added type-securityA security issue needs backport to 3.9only security fixes needs backport to 3.10only security fixes needs backport to 3.11only security fixes needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes needs backport to 3.14bugs and security fixes labelsMay 29, 2025
@johnzhou721
Copy link
ContributorAuthor

johnzhou721 commentedMay 29, 2025 via email

@terryjreedy so should I leave the code for now, or should I go aheadand replace with the re.match thing you are going to propose?@ZeroIntensity so do you mean that active voice is preferred inrelease notes? I can replace this specific case with the change thatyou are suggesting, but I'm asking for advice in this aspect forfuture News.

@johnzhou721
Copy link
ContributorAuthor

johnzhou721 commentedMay 29, 2025 via email

Yes, I think it can be. Will fix.
Message ID: ***@***.***>

@kexinoh
Copy link

@johnzhou721
I would greatly appreciate it if you could kindly address the issue located at

whileTrue:
chars=chars[:-1]
ncharsdeleted=ncharsdeleted+1
have=len(chars.expandtabs(tabwidth))
ifhave<=wantorchars[-1]notin"\t":
break
. I sincerely apologize for overlooking this in my previous message.

As an example, I successfully utilized Gemini 2.5 Pro to generate a reasonable fix for this problem. Could you give it a try?

@johnzhou721
Copy link
ContributorAuthor

@kexinoh Yes, I would give it a try once I have time; however, I am working on something else right now -- is it acceptable if I delay this by about a day or so?

(if anyone else has a fix ready before I get to this, feel free to make a pr onto the branch of my pr and I'll merge it into my PR)

…dziqkQ.rstCo-authored-by: Peter Bierma <zintensitydev@gmail.com>
@johnzhou721
Copy link
ContributorAuthor

@kexinoh I have a small amount of time not enough to work on anything else before I end my day so I attempted the issue you pointed out -- but can't test though.

@johnzhou721
Copy link
ContributorAuthor

Assuming this is the fix that we go with, let's add a test case.

Where? How? For what? Thanks!@ZeroIntensity

@ZeroIntensity
Copy link
Member

Where? How? For what?

We need a test case intest_idlelib that results in DOS/extreme slowness off main. Basically, just do something to prove that this PR fixes it (probably just testing with large amounts of data).

@picnixzpicnixz changed the titlegh-134873: Fix a DOS issue in idlelib.gh-134873: Fix a DOS issue in idlelibMay 30, 2025
have = len(chars.expandtabs(tabwidth))

for i in range(len(chars) - 1, -1, -1):
if have <= want or chars[i] not in " \t":
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

have <= want is now a constant condition buthave previoulsy was recomputed at every iteration.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I just pushed another change. Not sure if I got the logic right here.

if have <= want or chars[-1] not in " \t":
have = len(chars.expandtabs(tabwidth))

for i in range(len(chars) - 1, -1, -1):
Copy link
Member

@picnixzpicnixzMay 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Why not usingrfind(' ') andrfind('\t') to locate the rightmost ' \t'?

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'm sorry for being so inexperienced but could you please elaborate on your approach using rfind? I personally do not see how it could simplify matters, but if you could, I'd like for you to take some time to explain it. Thank you!

Copy link
ContributorAuthor

@johnzhou721johnzhou721 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Probably got somehting wrong in the latest commit...

have = len(chars.expandtabs(tabwidth))

for i in range(len(chars) - 1, -1, -1):
if have <= want or chars[i] not in " \t":
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I just pushed another change. Not sure if I got the logic right here.

if have <= want or chars[-1] not in " \t":
have = len(chars.expandtabs(tabwidth))

for i in range(len(chars) - 1, -1, -1):
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'm sorry for being so inexperienced but could you please elaborate on your approach using rfind? I personally do not see how it could simplify matters, but if you could, I'd like for you to take some time to explain it. Thank you!

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

@picnixzpicnixzpicnixz left review comments

@terryjreedyterryjreedyAwaiting requested review from terryjreedyterryjreedy is a code owner

@zwarezwareAwaiting requested review from zware

@ZeroIntensityZeroIntensityAwaiting requested review from ZeroIntensity

Assignees

@terryjreedyterryjreedy

Labels
awaiting reviewneeds backport to 3.9only security fixesneeds backport to 3.10only security fixesneeds backport to 3.11only security fixesneeds backport to 3.12only security fixesneeds backport to 3.13bugs and security fixesneeds backport to 3.14bugs and security fixestype-securityA security issue
Projects
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

6 participants
@johnzhou721@terryjreedy@kexinoh@ZeroIntensity@zware@picnixz
[8]ページ先頭
©2009-2025 Movatter.jp