This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author rosslagerwall
Recipients amaury.forgeotdarc, pitrou, rosslagerwall
Date 2011-01-20.17:00:34
SpamBayes Score 1.3603368e-10
Marked as misclassified No
Message-id <1295542835.78.0.12155244599.issue10959@psf.upfronthosting.co.za>
In-reply-to
Content 
The fix for issue10916 commited in r88022 introduces this line:

map_size = st.st_size - offset;

If offset > st.st_size, map_size is negative. This should cause the mmap system call to return -1 and set errno.

However, given a certain size of offset, since map_size is unsigned it will give a very large map_size and access the resultant mmap object results in a bus error crash. It also gives bogus len(mmap) values.

Eg (crashes on a 32bit system):
import os, mmap

with open("/tmp/rnd", "wb") as f:
    f.write(b"X" * 115699)

with open("/tmp/rnd", "w+b") as f:
    with mmap.mmap(f.fileno(), 0, offset=2147479552) as m:
        print(len(m))
        for i in m:
            print(m[i])

Attached is a patch which should fix this issue by raising a value error if offset > st.st_size.
History
Date User Action Args
2011-01-20 17:00:35rosslagerwallsetrecipients: + rosslagerwall, amaury.forgeotdarc, pitrou
2011-01-20 17:00:35rosslagerwallsetmessageid: <1295542835.78.0.12155244599.issue10959@psf.upfronthosting.co.za>
2011-01-20 17:00:34rosslagerwalllinkissue10959 messages
2011-01-20 17:00:34rosslagerwallcreate