mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[5.1.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.

Browse Source 
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
This commit is contained in:
Sarah Boyce
2024-07-12 11:38:34 +02:00
parent 2ba4f4b0b5
commit 0504af6429
4 changed files with 48 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/template_tests/filter_tests/test_floatformat.py
View File

@@ -73,6 +73,7 @@ class FunctionTests(SimpleTestCase):
self.assertEqual(floatformat(1.5e-15, 20), "0.00000000000000150000")
self.assertEqual(floatformat(1.5e-15, -20), "0.00000000000000150000")
self.assertEqual(floatformat(1.00000000000000015, 16), "1.0000000000000002")
self.assertEqual(floatformat("1e199"), "1" + "0" * 199)
def test_invalid_inputs(self):
cases = [
@@ -169,6 +170,22 @@ class FunctionTests(SimpleTestCase):
self.assertEqual(floatformat(pos_inf), "inf")
self.assertEqual(floatformat(neg_inf), "-inf")
self.assertEqual(floatformat(pos_inf / pos_inf), "nan")
self.assertEqual(floatformat("inf"), "inf")
self.assertEqual(floatformat("NaN"), "NaN")
def test_too_many_digits_to_render(self):
cases = [
"1e200",
"1E200",
"1E10000000000000000",
"-1E10000000000000000",
"1e10000000000000000",
"-1e10000000000000000",
"1" + "0" * 1_000_000,
]
for value in cases:
with self.subTest(value=value):
self.assertEqual(floatformat(value), value)
def test_float_dunder_method(self):
class FloatWrapper: