[Git][ghc/ghc][wip/backports-9.8] 3 commits: Bump Haddock to fix #23616

Ben Gamari (@bgamari) gitlab at gitlab.haskell.org
Wed Sep 13 22:02:21 UTC 2023 


Ben Gamari pushed to branch wip/backports-9.8 at Glasgow Haskell Compiler / GHC


Commits:
364142c3 by sheaf at 2023-09-01T13:04:17+02:00
Bump Haddock to fix #23616

This commit updates the Haddock submodule to include
the fix to #23616.

- - - - -
8291f29e by Ben Gamari at 2023-09-13T18:02:11-04:00
rel-notes: Mention template variable matching proposal

- - - - -
eee6be40 by Ben Gamari at 2023-09-13T18:02:11-04:00
base: Advertise linear time of readFloat

As noted in #23538, `readFloat` has runtime that scales nonlinearly in
the size of its input. Consequently, its use on untrusted input can
be exploited as a denial-of-service vector. Point this out and suggest
use of `read` instead.

See #23538.

- - - - -


3 changed files:

- docs/users_guide/9.8.1-notes.rst
- libraries/base/Numeric.hs
- utils/haddock


Changes:

=====================================
docs/users_guide/9.8.1-notes.rst
=====================================
@@ -84,7 +84,9 @@ Compiler
   the future extension ``RequiredTypeArguments``.
 
 - Rewrite rules now support a limited form of higher order matching when a
-  pattern variable is applied to distinct locally bound variables. For example: ::
+  pattern variable is applied to distinct locally bound variables, as proposed in
+  `GHC Proposal #555 <https://github.com/ghc-proposals/ghc-proposals/blob/master/proposals/0555-template-patterns.rst>`.
+  For example: ::
 
       forall f. foo (\x -> f x)
 


=====================================
libraries/base/Numeric.hs
=====================================
@@ -117,6 +117,14 @@ readHex = readP_to_S L.readHexP
 
 -- | Reads an /unsigned/ 'RealFrac' value,
 -- expressed in decimal scientific notation.
+--
+-- Note that this function takes time linear in the magnitude of its input
+-- which can scale exponentially with input size (e.g. @"1e100000000"@ is a
+-- very large number while having a very small textual form).
+-- For this reason, users should take care to avoid using this function on
+-- untrusted input. Users needing to parse floating point values
+-- (e.g. 'Float') are encouraged to instead use 'read', which does
+-- not suffer from this issue.
 readFloat :: RealFrac a => ReadS a
 readFloat = readP_to_S readFloatP
 


=====================================
utils/haddock
=====================================
@@ -1 +1 @@
-Subproject commit 342b0b39bc4a9ac6ddfa616bf7e965263ce78b50
+Subproject commit 250d94539f110f66e24c82ff491423813fc1e8fa



View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/compare/c6da00564ca3725dd11765e8e844ba4834541c57...eee6be4040c03327db76986c4ef4c83e7f700954

-- 
View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/compare/c6da00564ca3725dd11765e8e844ba4834541c57...eee6be4040c03327db76986c4ef4c83e7f700954
You're receiving this email because of your account on gitlab.haskell.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-commits/attachments/20230913/e9823d78/attachment-0001.html>

More information about the ghc-commits mailing list