Merged revisions 70800 via svnmerge from

author Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>

Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)

committer Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>

Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)
author Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>
Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)
committer Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>
Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)
diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py

index 31daa8df11d09708ab087a4831140b4fb167b85a..a73dfedaa3cdec57fa9620e8d68c01c8f203592e 100644 (file)
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -338,6 +338,23 @@ class MmapTests(unittest.TestCase):
          mf.close()
          f.close()
  
+        # more excessive test
+        data = "0123456789"
+        for dest in range(len(data)):
+            for src in range(len(data)):
+                for count in range(len(data) - max(dest, src)):
+                    expected = data[:dest] + data[src:src+count] + data[dest+count:]
+                    m = mmap.mmap(-1, len(data))
+                    m[:] = data
+                    m.move(dest, src, count)
+                    self.assertEqual(m[:], expected)
+                    m.close()
+
+        # should not crash
+        m = mmap.mmap(-1, 1)
+        self.assertRaises(ValueError, m.move, 1, 1, -1)
+        m.close()
+
      def test_anonymous(self):
          # anonymous mmap.mmap(-1, PAGE)
          m = mmap.mmap(-1, PAGESIZE)
diff --git a/Misc/NEWS b/Misc/NEWS

index d49fc0d2e96da8f5991ad04efa1fb3b79bd7a8b7..2b3e3b8348af1f76bf8971107e89f59912a93405 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -92,6 +92,8 @@ Core and Builtins
  Library
  -------
  
+- Issue #5387: Fixed mmap.move crash by integer overflow.
+
  - Issue #5261: Patch multiprocessing's semaphore.c to support context
    manager use: "with multiprocessing.Lock()" works now.
  
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c

index 95dcfbe630564a9c52b2b24d85827a727ffcb91e..d191c1e6fb122ed47e6113834052508f06db3913 100644 (file)
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -612,10 +612,8 @@ mmap_move_method(mmap_object *self, PyObject *args)
                 return NULL;
         } else {
                 /* bounds check the values */
-               if (/* end of source after end of data?? */
-                       ((src+count) > self->size)
-                       /* dest will fit? */
-                       || (dest+count > self->size)) {
+               unsigned long pos = src > dest ? src : dest;
+               if (self->size >= pos && count > self->size - pos) {
                         PyErr_SetString(PyExc_ValueError,
                                         "source or destination out of range");
                         return NULL;
author	Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>
	Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)
committer	Hirokazu Yamamoto <ocean-city@m2.ccsnet.ne.jp>
	Tue, 31 Mar 2009 13:22:01 +0000 (13:22 +0000)
Lib/test/test_mmap.py		patch \| blob \| history
Misc/NEWS		patch \| blob \| history
Modules/mmapmodule.c		patch \| blob \| history