[issue23262] webbrowser module broken with Firefox 36+

Oleg Broytman added the comment: > I'm not sure that we can break the compatibility with old browser I agree with this. -- ___ Python tracker ___

[issue28617] Why isn't "in" called a comparison operation?

Raymond Hettinger added the comment: newpatch.diff looks fine. -- ___ Python tracker ___ ___ Python-bugs-list

[issue23218] Modernize the IDLE Find/Replace/Find in Files dialogs

Al Sweigart added the comment: *Bump* Just wanted to bring attention to this issue. We could keep "Regular expression" instead of "Regex" for the label (Sublime Text and other editors have "Regular expression") I think Mark's patch would be better over mine. --

[issue28620] Build Memory Leak

Honor added the comment: Hmmm, Ok. Thanks a lot. On Sat, Nov 5, 2016 at 4:50 PM, Xiang Zhang wrote: > > Xiang Zhang added the comment: > > This seems a same problem as in #27780. > > -- > nosy: +xiang.zhang > > ___ > Python

[issue28563] Arbitrary code execution in gettext.c2py

Xiang Zhang added the comment: > '1?2:3?4:5' -> '(2 if 1 else 3)?4:5' -> '(4 if (2 if 1 else 3) else 5' This is not right. It's right associative so it should be 1?2:(3?4:5) -> 1?2:(4 if 3 else 5) -> 2 if 1 else (4 if 3 else 5) > It would be nice to make c2py() working with any expressions,

[issue28620] Build Memory Leak

Changes by R. David Murray : -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> memory leaks in pgen build step abort build with address sanitizer enabled ___ Python tracker

[issue28619] [Patch] Stop using inet_ntoa() when possible.

New submission from Ed Schouten: Modern C code should use inet_ntop()/inet_pton() as opposed to inet_addr()/inet_aton()/inet_ntoa(). Though the former functions may typically act as drop-in replacements for the latter, the inet_addr()/inet_aton() functions still have the advantage over

[issue19569] Use __attribute__((deprecated)) to warn usage of deprecated functions and macros

Serhiy Storchaka added the comment: Proposed patch marks most deprecated functions. Code is rewritten for using non-deprecated functions if possible. Unfortunately some deprecated function still are used in the code and can't be easier replaced. They are left not marked. *

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

STINNER Victor added the comment: Antoine Pitrou added the comment: > Can you compare against a PGO build? Do you mean comparison between current Python with PGO and patched Python without PGO? The hot attribute is ignored by GCC when PGO compilation is used. > Ubuntu 14.04 is old, and I

[issue28610] Provide PDB hook to customize how to find source files

Xavier de Gaye added the comment: This patch is an attempt at allowing the source debugging of scripts executed by the Python exec() function. It misses tests and documentation. You may use it using the idiom given in the following example to avoid stepping into the pdb code on the first

[issue28620] Build Memory Leak

Xiang Zhang added the comment: This seems a same problem as in #27780. -- nosy: +xiang.zhang ___ Python tracker ___

[issue1647489] zero-length match confuses re.finditer()

Changes by irdb : -- nosy: +irdb ___ Python tracker ___ ___ Python-bugs-list mailing

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

Serhiy Storchaka added the comment: > Moreover, I like the idea of getting a fast(er) Python even when no advanced optimization techniques like LTO or PGO is used. Seconded. -- nosy: +serhiy.storchaka ___ Python tracker

[issue28563] Arbitrary code execution in gettext.c2py

Xiang Zhang added the comment: Christian, I think our patches are quite similar in function. They only allow limited tokens. > I consider it a superior solution and a fix for more generic attacks Mine now still allows **. But it can be easily fixed. But both our patches still translate a C

[issue1647489] zero-length match confuses re.finditer()

Changes by Mark Lawrence : -- nosy: -BreamoreBoy ___ Python tracker ___ ___

[issue28563] Arbitrary code execution in gettext.c2py

Carl Ekerot added the comment: > The gettext module might be vulnerable to f-string attacks It is. See the example in the first comment: gettext.c2py('f"{os.system(\'sh\')}"')(0) This vulnerability seems to be solved in Xiang's patch. The DoS aspect is interesting though, since there's no

[issue28563] Arbitrary code execution in gettext.c2py

Christian Heimes added the comment: The gettext module might be vulnerable to f-string attacks, too. Also see #18317. -- nosy: +christian.heimes ___ Python tracker

[issue26935] android: test_os fails

Xavier de Gaye added the comment: New patch. Thanks for the review Martin! -- Added file: http://bugs.python.org/file45368/test_urandom_fd_reopened_3.patch ___ Python tracker

[issue28621] Refactor duplicate code calculating digit's bit length

New submission from Adrian Wielgosik: The attached patch uses an existing function bits_in_digit() in two other functions: - in long_bit_length() - it already had identical logic - in _PyLong_NumBits() - it used a naive, slower way of calculating bit length, so as an added bonus the patch

[issue28621] Refactor duplicate code calculating digit's bit length

Changes by Adrian Wielgosik : -- keywords: +patch Added file: http://bugs.python.org/file45367/bit_length.patch ___ Python tracker

[issue28563] Arbitrary code execution in gettext.c2py

Christian Heimes added the comment: Argh, sorry. I meant to write "The gettext module might be vulnerable to more than f-string attacks.". May I suggest that you have a look at my old patch? It uses an AST visitor to inspect the AST of a gettext plural expression. It allows only a limited set

[issue28542] document cross compilation

Xavier de Gaye added the comment: Yes, I was not aware of DESTDIR. The 2.7 README contains also useful information on the build process, for example about some use cases of the '*shared*' entries in the Setup files (for when setup.py cannot detect/build an extension module) or about the

[issue28563] Arbitrary code execution in gettext.c2py

Xiang Zhang added the comment: > gettext.c2py("n()")(lambda: os.system("sh")) > gettext.c2py("1()")(0) Empty parentheses should be disallowed. Function calls are not allowed in plural expression. And non-integer argument should be disallowed either, just as Serhiy's example shows. > What if

[issue28563] Arbitrary code execution in gettext.c2py

Serhiy Storchaka added the comment: > How does it work for '1?2:3?4:5'? '1?2:3?4:5' -> '(2 if 1 else 3)?4:5' -> '(4 if (2 if 1 else 3) else 5' But there are other problems. Precedence of some operators is different in C and Python. Chained comparison in Python cause different result that in C

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

STINNER Victor added the comment: Oh, I forgot to mention that I compiled Python with "./configure -C". The purpose of the patch is to optimize Python when LTO and/or PGO compilation are not explicitly used. -- ___ Python tracker

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

STINNER Victor added the comment: I ran benchmarks. Globally, it seems like the impact of the patch is positive. regex_v8 and call_simple are slower, but these benchmarks are microbenchmarks impacted by low level stuff like CPU L1 cache. Well, my patch was supposed to optimize CPython for

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

Antoine Pitrou added the comment: Le 05/11/2016 à 16:37, STINNER Victor a écrit : > > Antoine Pitrou added the comment: >> Can you compare against a PGO build? > > Do you mean comparison between current Python with PGO and patched > Python without PGO? Yes. >> Ubuntu 14.04 is old, and I

[issue28621] Refactor duplicate code calculating digit's bit length

Changes by SilentGhost : -- nosy: +mark.dickinson stage: -> patch review ___ Python tracker ___

[issue28524] Set default argument of logging.disable() to logging.CRITICAL

Al Sweigart added the comment: Setting up different configurations for dev/prod is a bit more complicated than I'd like for most projects. I'd instead just call logging.disable(logging.CRITICAL). The entire point of this is just for the convenience of being able to disable logging messages

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

STINNER Victor added the comment: Antoine Pitrou added the comment: >> Do you mean comparison between current Python with PGO and patched >> Python without PGO? > > Yes. Oh ok, sure. I will try to run these 2 benchmarks. >>> Ubuntu 14.04 is old, and I don't think this is something we should

[issue28563] Arbitrary code execution in gettext.c2py

Carl Ekerot added the comment: Verified gettext.c2py with gettext_c2py.patch applied agains the plural forms actually used in localization, listed over at http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html. I tested all of the none-trivial forms, and

[issue28618] Decorate hot functions using __attribute__((hot)) to optimize Python

Antoine Pitrou added the comment: Can you compare against a PGO build? Ubuntu 14.04 is old, and I don't think this is something we should worry about. Overall I think this manual approach is really the wrong way to look at it. Compilers can do better than us. -- nosy: +pitrou

[issue28620] Build Memory Leak

New submission from Honor: Hi, I am compiling python from source code with clang compiler. as follows result: ==5284==ERROR: LeakSanitizer: detected memory leaks Direct leak of 11776 byte(s) in 8 object(s) allocated from: #0 0x49ccbe (/home/y/Downloads/Python-3.5.2/Parser/pgen+0x49ccbe)