classification
Title: mmap crash
Type: crash Stage: resolved
Components: Versions: Python 3.1, Python 3.2, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: amaury.forgeotdarc, georg.brandl, pitrou, rosslagerwall
Priority: normal Keywords: patch

Created on 2011-01-20 17:00 by rosslagerwall, last changed 2011-01-20 21:20 by pitrou. This issue is now closed.

Files
File name Uploaded Description Edit
mmap_issue.patch rosslagerwall, 2011-01-20 17:00
mmap_10959.patch pitrou, 2011-01-20 20:50
Messages (3)
msg126629 - (view) Author: Ross Lagerwall (rosslagerwall) (Python committer) Date: 2011-01-20 17:00
The fix for issue10916 commited in r88022 introduces this line:

map_size = st.st_size - offset;

If offset > st.st_size, map_size is negative. This should cause the mmap system call to return -1 and set errno.

However, given a certain size of offset, since map_size is unsigned it will give a very large map_size and access the resultant mmap object results in a bus error crash. It also gives bogus len(mmap) values.

Eg (crashes on a 32bit system):
import os, mmap

with open("/tmp/rnd", "wb") as f:
    f.write(b"X" * 115699)

with open("/tmp/rnd", "w+b") as f:
    with mmap.mmap(f.fileno(), 0, offset=2147479552) as m:
        print(len(m))
        for i in m:
            print(m[i])

Attached is a patch which should fix this issue by raising a value error if offset > st.st_size.
msg126645 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-01-20 20:50
Here is an updated patch which also caters to the Windows side of things.
msg126646 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-01-20 21:20
Fixed in r88131 (3.2), r88132 (3.1) and r88133 (2.7). Thank you!
History
Date User Action Args
2011-01-20 21:20:49pitrousetstatus: open -> closed
nosy: georg.brandl, amaury.forgeotdarc, pitrou, rosslagerwall
messages: + msg126646

resolution: fixed
stage: patch review -> resolved
2011-01-20 20:50:20pitrousetfiles: + mmap_10959.patch
nosy: georg.brandl, amaury.forgeotdarc, pitrou, rosslagerwall
messages: + msg126645
2011-01-20 20:27:11pitrousetnosy: + georg.brandl

stage: patch review
2011-01-20 17:00:34rosslagerwallcreate