From 85f461550057e2a797cf7015c31f1a6d63553493 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 15 Jan 2011 16:17:07 +0000 Subject: [PATCH] Issue #10916: mmap should not segfault when a file is mapped using 0 as length and a non-zero offset, and an attempt to read past the end of file is made (IndexError is raised instead). Patch by Ross Lagerwall. Requested by Georg. --- Lib/test/test_mmap.py | 13 +++++++++++++ Misc/NEWS | 4 ++++ Modules/mmapmodule.c | 2 +- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py index abfde01ae49..c7b8d60d1e5 100644 --- a/Lib/test/test_mmap.py +++ b/Lib/test/test_mmap.py @@ -320,6 +320,19 @@ class MmapTests(unittest.TestCase): mf.close() f.close() + def test_length_0_offset(self): + # Issue #10916: test mapping of remainder of file by passing 0 for + # map length with an offset doesn't cause a segfault. + if not hasattr(os, "stat"): + self.skipTest("needs os.stat") + with open(TESTFN, "wb+") as f: + f.write(49152 * b'm') # Arbitrary character + + with open(TESTFN, "rb") as f: + mf = mmap.mmap(f.fileno(), 0, offset=40960, access=mmap.ACCESS_READ) + self.assertRaises(IndexError, mf.__getitem__, 45000) + mf.close() + def test_move(self): # make move works everywhere (64-bit format problem earlier) f = open(TESTFN, 'wb+') diff --git a/Misc/NEWS b/Misc/NEWS index 68aae79c9bf..6524dcf0d73 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -43,6 +43,10 @@ Core and Builtins Library ------- +- Issue #10916: mmap should not segfault when a file is mapped using 0 as + length and a non-zero offset, and an attempt to read past the end of file + is made (IndexError is raised instead). Patch by Ross Lagerwall. + - Issue #10907: Warn OS X 10.6 IDLE users to use ActiveState Tcl/Tk 8.5, rather than the currently problematic Apple-supplied one, when running with the 64-/32-bit installer variant. diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c index 8a227527a54..ef026b260ff 100644 --- a/Modules/mmapmodule.c +++ b/Modules/mmapmodule.c @@ -1116,7 +1116,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) # endif if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) { if (map_size == 0) { - map_size = st.st_size; + map_size = st.st_size - offset; } else if ((size_t)offset + (size_t)map_size > st.st_size) { PyErr_SetString(PyExc_ValueError, "mmap length is greater than file size");