Movatterモバイル変換

[Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED

• Previous message:[Python-Dev] hash randomization in the 2.6 branch
• Next message:[Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On Tue, 21 Feb 2012 02:44:32 +0100barry.warsaw <python-checkins at python.org> wrote:> +   This is intended to provide protection against a denial-of-service caused by> +   carefully-chosen inputs that exploit the worst case performance of a dict> +   insertion, O(n^2) complexity.  See> +http://www.ocert.org/advisories/ocert-2011-003.html for details.The worst case performance of a dict insertion is O(n) (not countingpotential resizes, whose cost is amortized by the overallocationheuristic). It's dict construction that has O(n**2) worst casecomplexity.> @@ -1232,9 +1233,9 @@>      flags__doc__,       /* doc */>      flags_fields,       /* fields */>  #ifdef RISCOS> +    17> +#else>      16> -#else> -    15>  #endifChanging the sequence size of sys.flags can break existing code (e.g.tuple-unpacking).RegardsAntoine.

• Previous message:[Python-Dev] hash randomization in the 2.6 branch
• Next message:[Python-Dev] cpython (2.6): - Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
• Messages sorted by:[ date ][ thread ][ subject ][ author ]