From 0bbb560183fabf0533289700845dafa94951f227 Mon Sep 17 00:00:00 2001
From: Carlton Gibson <carlton.gibson@noumenal.es>
Date: Mon, 11 Feb 2019 11:15:45 +0100
Subject: [PATCH] [1.11.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in
utils.numberformat.format().
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Backport of 402c0caa851e265410fbcaa55318f22d2bf22ee2 from master.
---
django/utils/numberformat.py | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/django/utils/numberformat.py b/django/utils/numberformat.py
index ae5a3b547410..97d112aad2d8 100644
--- a/django/utils/numberformat.py
+++ b/django/utils/numberformat.py
@@ -30,7 +30,20 @@ def format(number, decimal_sep, decimal_pos=None, grouping=0, thousand_sep='',
# sign
sign = ''
if isinstance(number, Decimal):
- str_number = '{:f}'.format(number)
+ # Format values with more than 200 digits (an arbitrary cutoff) using
+ # scientific notation to avoid high memory usage in {:f}'.format().
+ _, digits, exponent = number.as_tuple()
+ if abs(exponent) + len(digits) > 200:
+ number = '{:e}'.format(number)
+ coefficient, exponent = number.split('e')
+ # Format the coefficient.
+ coefficient = format(
+ coefficient, decimal_sep, decimal_pos, grouping,
+ thousand_sep, force_grouping,
+ )
+ return '{}e{}'.format(coefficient, exponent)
+ else:
+ str_number = '{:f}'.format(number)
else:
str_number = six.text_type(number)
if str_number[0] == '-':
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
88627dabbd3b4d7fc318734f6fb20292
>
files
>
3
