Issue #10916: mmap should not segfault when a file is mapped using 0 as

length and a non-zero offset, and an attempt to read past the end of file
is made (IndexError is raised instead).  Patch by Ross Lagerwall.

Requested by Georg.

Lib/test/test_mmap.py

@@ -320,6 +320,19 @@ class MmapTests(unittest.TestCase):
             mf.close()
             f.close()
 
+    def test_length_0_offset(self):
+        # Issue #10916: test mapping of remainder of file by passing 0 for
+        # map length with an offset doesn't cause a segfault.
+        if not hasattr(os, "stat"):
+            self.skipTest("needs os.stat")
+        with open(TESTFN, "wb+") as f:
+            f.write(49152 * b'm') # Arbitrary character
+
+        with open(TESTFN, "rb") as f:
+            mf = mmap.mmap(f.fileno(), 0, offset=40960, access=mmap.ACCESS_READ)
+            self.assertRaises(IndexError, mf.__getitem__, 45000)
+            mf.close()
+
     def test_move(self):
         # make move works everywhere (64-bit format problem earlier)
         f = open(TESTFN, 'wb+')

Misc/NEWS

@@ -43,6 +43,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #10916: mmap should not segfault when a file is mapped using 0 as
+  length and a non-zero offset, and an attempt to read past the end of file
+  is made (IndexError is raised instead).  Patch by Ross Lagerwall.
+
 - Issue #10907: Warn OS X 10.6 IDLE users to use ActiveState Tcl/Tk 8.5,
   rather than the currently problematic Apple-supplied one, when running
   with the 64-/32-bit installer variant.

Modules/mmapmodule.c

@@ -1116,7 +1116,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
 #  endif
     if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) {
         if (map_size == 0) {
-            map_size = st.st_size;
+            map_size = st.st_size - offset;
         } else if ((size_t)offset + (size_t)map_size > st.st_size) {
             PyErr_SetString(PyExc_ValueError,
                             "mmap length is greater than file size");