[3.13] gh-149079: Fix O(n^2) canonical ordering in unicodedata.normalize() (GH-149080)#150780
Merged
Merged
Conversation
…normalize() (pythonGH-149080) Replace the insertion sort used for canonical ordering of combining characters with a hybrid approach: insertion sort for short runs (< 20) and counting sort for longer runs, reducing worst-case complexity from O(n^2) to O(n). This prevents denial of service via crafted Unicode strings with many combining characters in alternating CCC order. (cherry picked from commit 991224b) Co-authored-by: Seth Larson <seth@python.org> Co-authored-by: ch4n3-yoon <ch4n3.yoon@gmail.com> Co-authored-by: Seokchan Yoon <13852925+ch4n3-yoon@users.noreply.github.com> Co-authored-by: Stan Ulbrych <stan@python.org> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Maurycy Pawłowski-Wieroński <maurycy@maurycy.com>
encukou
added
needs backport to 3.10
Documentation build overview
454 files changed ·
|
Member
|
Oh, ya' beat me to it! :-) I just wrote the same PR. |
StanFromIreland
approved these changes
Jun 2, 2026
Member
Author
|
Sorry! |
Member
Oh no worries, I'm the one who's sorry! |
|
Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11, 3.12. |
|
Sorry, @encukou, I could not cleanly backport this to |
|
Sorry, @encukou, I could not cleanly backport this to |
|
Sorry, @encukou, I could not cleanly backport this to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replace the insertion sort used for canonical ordering of combining
characters with a hybrid approach: insertion sort for short runs (< 20)
and counting sort for longer runs, reducing worst-case complexity from
O(n^2) to O(n). This prevents denial of service via crafted Unicode
strings with many combining characters in alternating CCC order.
(cherry picked from commit 991224b)
Co-authored-by: Seth Larson seth@python.org
Co-authored-by: ch4n3-yoon ch4n3.yoon@gmail.com
Co-authored-by: Seokchan Yoon 13852925+ch4n3-yoon@users.noreply.github.com
Co-authored-by: Stan Ulbrych stan@python.org
Co-authored-by: Bénédikt Tran 10796600+picnixz@users.noreply.github.com
Co-authored-by: Petr Viktorin encukou@gmail.com
Co-authored-by: Serhiy Storchaka storchaka@gmail.com
Co-authored-by: Maurycy Pawłowski-Wieroński maurycy@maurycy.com
unicodedata.normalize("NFC")canonical ordering #149079