In many languages numeric types can't hold arbitrarily large values, and I for
one hadn't really previously recognized that if you read in a numeric value
with an exponent that it would be represented *exactly* in memory (and thus one
object with a very compact representation can take up huge amounts of memory).
It's also not *inconceivable* that under the hood Python would represent
fractions.Fraction("1.64E6646466664") "lazily" in some fashion so that it did
not consume all the memory on disk.It seems to me that "Hey by the way the size of this thing is unbounded and because of exponents small strings can expand to huge objects" is a good tip. On 07/17/2018 06:15 PM, Michael Selik wrote: > On Tue, Jul 17, 2018 at 4:57 PM Jussi Judin <jjudin+pyt...@iki.fi > <mailto:jjudin%2bpyt...@iki.fi>> wrote: > > Quick answer: undocumented billion laughs/exponential entity expansion > type of an attack that is accessible through web through any library that > uses fractions module to parse user input (that are actually available on > Github). > > > Are you suggesting a warning in the fractions documentation to mention that > large numbers require large amounts of memory? > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/paul%40ganssle.io >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
