Issue 21810: SIGSEGV in PyObject_Malloc when ARENAS_USE_MMAP

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/66009

classification

Title:	SIGSEGV in PyObject_Malloc when ARENAS_USE_MMAP
Type:	crash	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	John-Mark.Bell, benjamin.peterson, neologix, python-dev
Priority:	normal	Keywords:	patch

Created on 2014-06-19 19:36 by John-Mark.Bell, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
obmalloc.diff	John-Mark.Bell, 2014-06-19 19:36

Messages (3)
msg221013 - (view)	Author: John-Mark Bell (John-Mark.Bell)	Date: 2014-06-19 19:36
In low-memory scenarios, the Python 2.7 interpreter may crash as a result of failing to correctly check the return value from mmap in new_arena(). This changeset appears to be the point at which this issue was introduced: http://hg.python.org/cpython/rev/4e43e5b3f7fc Looking at the head of the 2.7 branch in Mercurial, we see the issue is still present: http://hg.python.org/cpython/file/cf70f030a744/Objects/obmalloc.c#l595 On failure, mmap will return MAP_FAILED ((void *) -1), whereas malloc will return NULL (0). Thus, the check for allocation failure on line 601 will erroneously decide that the allocation succeeded in the mmap case. The interpreter will subsequently crash once the invalid address is accessed. I've attached a potential fix for this issue.
msg221029 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-06-19 21:45
New changeset 012b5c9c062d by Charles-François Natali in branch '2.7': Issue #21810: Backport mmap-based arena allocation failure check. http://hg.python.org/cpython/rev/012b5c9c062d
msg221030 - (view)	Author: Charles-François Natali (neologix) *	Date: 2014-06-19 21:47
Thanks for the report. The patch introducing mmap() to limit memory fragmentation was applied initially only to the Python 3 branch (3.2 at that time IIRC). This problem was spotted a couple days later, and fixed: http://hg.python.org/cpython/rev/ba8f85e16dd9 I guess the backport to Python 2.7 didn't backport the subsequent fix.

History
Date	User	Action	Args
2022-04-11 14:58:05	admin	set	github: 66009
2014-06-19 21:47:37	neologix	set	status: open -> closed resolution: fixed messages: + msg221030 stage: resolved
2014-06-19 21:45:56	python-dev	set	nosy: + python-dev messages: + msg221029
2014-06-19 20:51:09	ned.deily	set	nosy: + benjamin.peterson, neologix
2014-06-19 19:36:34	John-Mark.Bell	create