diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py index b62ed2e3518..5f540c0749b 100644 --- a/Lib/test/test_mmap.py +++ b/Lib/test/test_mmap.py @@ -326,6 +326,19 @@ class MmapTests(unittest.TestCase): mf.close() f.close() + def test_length_0_offset(self): + # Issue #10916: test mapping of remainder of file by passing 0 for + # map length with an offset doesn't cause a segfault. + if not hasattr(os, "stat"): + self.skipTest("needs os.stat") + with open(TESTFN, "wb+") as f: + f.write(49152 * b'm') # Arbitrary character + + with open(TESTFN, "rb") as f: + mf = mmap.mmap(f.fileno(), 0, offset=40960, access=mmap.ACCESS_READ) + self.assertRaises(IndexError, mf.__getitem__, 45000) + mf.close() + def test_move(self): # make move works everywhere (64-bit format problem earlier) f = open(TESTFN, 'w+') diff --git a/Misc/NEWS b/Misc/NEWS index 2f17900184c..00350e1b5e0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -32,6 +32,10 @@ Core and Builtins Library ------- +- Issue #10916: mmap should not segfault when a file is mapped using 0 as + length and a non-zero offset, and an attempt to read past the end of file + is made (IndexError is raised instead). Patch by Ross Lagerwall. + - Issue #10875: Update Regular Expression HOWTO; patch by 'SilentGhost'. - Issue #10827: Changed the rules for 2-digit years. The time.asctime diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c index d6d16011c68..6ca95c95f9e 100644 --- a/Modules/mmapmodule.c +++ b/Modules/mmapmodule.c @@ -1164,7 +1164,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict) # endif if (fd != -1 && fstat(fd, &st) == 0 && S_ISREG(st.st_mode)) { if (map_size == 0) { - map_size = st.st_size; + map_size = st.st_size - offset; } else if ((size_t)offset + (size_t)map_size > st.st_size) { PyErr_SetString(PyExc_ValueError, "mmap length is greater than file size");