Message126629
The fix for issue10916 commited in r88022 introduces this line:
map_size = st.st_size - offset;
If offset > st.st_size, map_size is negative. This should cause the mmap system call to return -1 and set errno.
However, given a certain size of offset, since map_size is unsigned it will give a very large map_size and access the resultant mmap object results in a bus error crash. It also gives bogus len(mmap) values.
Eg (crashes on a 32bit system):
import os, mmap
with open("/tmp/rnd", "wb") as f:
f.write(b"X" * 115699)
with open("/tmp/rnd", "w+b") as f:
with mmap.mmap(f.fileno(), 0, offset=2147479552) as m:
print(len(m))
for i in m:
print(m[i])
Attached is a patch which should fix this issue by raising a value error if offset > st.st_size. |
|
Date |
User |
Action |
Args |
2011-01-20 17:00:35 | rosslagerwall | set | recipients:
+ rosslagerwall, amaury.forgeotdarc, pitrou |
2011-01-20 17:00:35 | rosslagerwall | set | messageid: <1295542835.78.0.12155244599.issue10959@psf.upfronthosting.co.za> |
2011-01-20 17:00:34 | rosslagerwall | link | issue10959 messages |
2011-01-20 17:00:34 | rosslagerwall | create | |
|