From 9989d857ebfa6b29d724921e5fc229cd9d4dbb61 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 15 Jan 2011 16:18:57 +0000 Subject: [PATCH] Merged revisions 88022 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r88022 | antoine.pitrou | 2011-01-15 17:17:07 +0100 (sam., 15 janv. 2011) | 7 lines Issue #10916: mmap should not segfault when a file is mapped using 0 as length and a non-zero offset, and an attempt to read past the end of file is made (IndexError is raised instead). Patch by Ross Lagerwall. Requested by Georg. ........ --- Lib/test/test_mmap.py | 13 +++++++++++++ Misc/NEWS | 4 ++++ Modules/mmapmodule.c | 2 +- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py index b62ed2e351..5f540c0749 100644 --- a/Lib/test/test_mmap.py +++ b/Lib/test/test_mmap.py @@ -326,6 +326,19 @@ class MmapTests(unittest.TestCase): mf.close() f.close() + def test_length_0_offset(self): + # Issue #10916: test mapping of remainder of file by passing 0 for + # map length with an offset doesn't cause a segfault. + if not hasattr(os, "stat"): + self.skipTest("needs os.stat") + with open(TESTFN, "wb+") as f: + f.write(49152 * b'm') # Arbitrary character + + with open(TESTFN, "rb") as f: + mf = mmap.mmap(f.fileno(), 0, offset=40960, access=mmap.ACCESS_READ) + self.assertRaises(IndexError, mf.__getitem__, 45000) + mf.close() + def test_move(self): # make move works everywhere (64-bit format problem earlier) f = open(TESTFN, 'w+') diff --git a/Misc/NEWS b/Misc/NEWS index 2f17900184..00350e1b5e 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -32,6 +32,10 @@ Core and Builtins Library ------- +- Issue #10916: mmap should not segfault when a file is mapped using 0 as + length and a non-zero offset, and an attempt to read past the end of file + is made (IndexError is raised instead). Patch by Ross Lagerwall. + - Issue #10875: Update Regular Expression HOWTO; patch by 'SilentGhost'. - Issue #10827: Changed the rules for 2-digit years. The time.asctime diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c index d6d16011c6..6ca95c95f9 100644 --- a/Modules/mmapmodule.c +++ b/Modules/mmapmodule.c @@ -1164,7 +1164,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) # endif if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) { if (map_size == 0) { - map_size = st.st_size; + map_size = st.st_size - offset; } else if ((size_t)offset + (size_t)map_size > st.st_size) { PyErr_SetString(PyExc_ValueError, "mmap length is greater than file size"); -- 2.50.1