nascheme

==1275635== Memcheck, a memory error detector
==1275635== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==1275635== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
==1275635== Command: ./Programs/_testembed test_repeated_simple_init
==1275635== Parent PID: 1251833
==1275635== 
==1275635== 
==1275635== HEAP SUMMARY:
==1275635==     in use at exit: 5,882,804 bytes in 114,206 blocks
==1275635==   total heap usage: 1,266,263 allocs, 1,152,057 frees, 154,833,783 bytes allocated

nascheme

# script to generate GC summary from statistics gathered with
# https://github.com/python/cpython/pull/100958

import sys
import pandas as pd
import numpy as np
import argparse


def get_gc_summary(df):

nascheme

Why is considered a security bug?
---------------------------------

Or, certain computing operations can take a long time, depending on the size of
input data.  Why is this specific issue considered a security bug?

It is quite common for Python code implementing network protocols and data
serialization to do int(untrusted_string_or_bytes_value) on input to get a
numeric value, without having limited the input length or to do log("processing
thing id %s", unknowingly_huge_integer) or any similar concept to convert an

nascheme

def _str_to_int_inner(s):
    DIGLIM = 2048

    w5pow = {}
    w = len(s)
    while w >= DIGLIM:
        w2 = w >> 1
        if w & 1:
            w5pow[w2 + 1] = None
        w5pow[w2] = None

nascheme

/* In-place path normalisation. Returns the start of the normalized
   path, which will be within the original buffer. Guaranteed to not
   make the path longer, and will not fail. 'size' is the length of
   the path, if known. If -1, the first null character will be assumed
   to be the end of the path. */
wchar_t *
_Py_normpath(wchar_t *path, Py_ssize_t size)
{
    if (!path[0] || size == 0) {
        return path;

nascheme

From 57b03a632906c762c84316d39fb7eddc7eff9145 Mon Sep 17 00:00:00 2001
From: Neil Schemenauer <nas@arctrix.com>
Date: Thu, 21 Oct 2021 08:10:41 -0700
Subject: [PATCH] Remove use of ifeq in Makefile.

---
 Makefile.pre.in | 48 ++++++++++++++++++++----------------------------
 configure       |  7 +++++--
 configure.ac    |  3 ++-
 3 files changed, 27 insertions(+), 31 deletions(-)

nascheme

bench-py-base.json
==================

Performance version: 1.0.2
Report on Linux-5.10.0-8-amd64-x86_64-with-glibc2.31
Number of logical CPUs: 4
Start date: 2021-10-18 20:07:44.427781
End date: 2021-10-18 20:26:28.404799

bench-py-mimalloc.json

nascheme

#!/bin/sh
# Embedded archive in shell script.
# To create script:
#   cat <this script>.sh <archive file>  > <script>.run
#   chmod +x <script>.run

archive () {
        # lines of script to skip (computed automatically)
        skip=$(awk '/^__ARCHIVE_FOLLOWS__/ { print NR + 1; exit 0; }' $0)
        tail -n +${skip} $0

nascheme

py-base
=======

Performance version: 0.6.1
Report on Linux-4.9.0-4-amd64-x86_64-with-debian-buster-sid
Number of logical CPUs: 4
Start date: 2017-12-02 17:30:30.244152
End date: 2017-12-02 17:37:46.889962

py-unwind

nascheme

     0 python(6402): => <module> in <frozen importlib._bootstrap>:25
    11 python(6402):  => _DeadlockError in <frozen importlib._bootstrap>:48
    14 python(6402):  <= _DeadlockError in <frozen importlib._bootstrap>:49
    43 python(6402):  => _ModuleLock in <frozen importlib._bootstrap>:52
    46 python(6402):  <= _ModuleLock in <frozen importlib._bootstrap>:116
    64 python(6402):  => _DummyModuleLock in <frozen importlib._bootstrap>:120
    66 python(6402):  <= _DummyModuleLock in <frozen importlib._bootstrap>:137
    80 python(6402):  => _ModuleLockManager in <frozen importlib._bootstrap>:141
    82 python(6402):  <= _ModuleLockManager in <frozen importlib._bootstrap>:151
    97 python(6402):  => _installed_safely in <frozen importlib._bootstrap>:305