From: Antoine Pitrou <solipsis@pitrou.net>
Date: Sat, 15 Jan 2011 16:17:07 +0000 (+0000)
Subject: Issue #10916: mmap should not segfault when a file is mapped using 0 as
X-Git-Tag: v3.2rc1~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=85f461550057e2a797cf7015c31f1a6d63553493;p=python

Issue #10916: mmap should not segfault when a file is mapped using 0 as
length and a non-zero offset, and an attempt to read past the end of file
is made (IndexError is raised instead).  Patch by Ross Lagerwall.

Requested by Georg.
---

diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py
index abfde01ae4..c7b8d60d1e 100644
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -320,6 +320,19 @@ class MmapTests(unittest.TestCase):
             mf.close()
             f.close()
 
+    def test_length_0_offset(self):
+        # Issue #10916: test mapping of remainder of file by passing 0 for
+        # map length with an offset doesn't cause a segfault.
+        if not hasattr(os, "stat"):
+            self.skipTest("needs os.stat")
+        with open(TESTFN, "wb+") as f:
+            f.write(49152 * b'm') # Arbitrary character
+
+        with open(TESTFN, "rb") as f:
+            mf = mmap.mmap(f.fileno(), 0, offset=40960, access=mmap.ACCESS_READ)
+            self.assertRaises(IndexError, mf.__getitem__, 45000)
+            mf.close()
+
     def test_move(self):
         # make move works everywhere (64-bit format problem earlier)
         f = open(TESTFN, 'wb+')
diff --git a/Misc/NEWS b/Misc/NEWS
index 68aae79c9b..6524dcf0d7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -43,6 +43,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #10916: mmap should not segfault when a file is mapped using 0 as
+  length and a non-zero offset, and an attempt to read past the end of file
+  is made (IndexError is raised instead).  Patch by Ross Lagerwall.
+
 - Issue #10907: Warn OS X 10.6 IDLE users to use ActiveState Tcl/Tk 8.5,
   rather than the currently problematic Apple-supplied one, when running
   with the 64-/32-bit installer variant.
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index 8a227527a5..ef026b260f 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -1116,7 +1116,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
 #  endif
     if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) {
         if (map_size == 0) {
-            map_size = st.st_size;
+            map_size = st.st_size - offset;
         } else if ((size_t)offset + (size_t)map_size > st.st_size) {
             PyErr_SetString(PyExc_ValueError,
                             "mmap length is greater than file size");