Segv in mmap.move()

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • magnus.lycka@gmail.com
    #1

    Segv in mmap.move()

    Does anyone recognize this little Python crasher?

    I'll file a bug report unless someone notices it as an already
    documented bug. I found some open mmap bugs, but it wasn't
    obvious to me that this problem was one of those...

    Python 2.5.2 (r252:60911, Apr 21 2008, 11:12:42)
    [GCC 4.2.3 (Ubuntu 4.2.3-2ubuntu7)] on linux2
    Type "help", "copyright" , "credits" or "license" for more information.
    >>import mmap
    >>data = mmap.mmap(-1, 1)
    >>data.move(1,1 ,-1)
    Segmenteringsfe l (core dumped)

    I first noticed the problem under Windows in 2.5.1.


    Tags: None
    • Terry Reedy
      #2
      Re: Segv in mmap.move()



      magnus.lycka@gm ail.com wrote:
      Does anyone recognize this little Python crasher?
      >
      I'll file a bug report unless someone notices it as an already
      documented bug. I found some open mmap bugs, but it wasn't
      obvious to me that this problem was one of those...
      >
      Python 2.5.2 (r252:60911, Apr 21 2008, 11:12:42)
      [GCC 4.2.3 (Ubuntu 4.2.3-2ubuntu7)] on linux2
      Type "help", "copyright" , "credits" or "license" for more information.
      >>>import mmap
      >>>data = mmap.mmap(-1, 1)
      >>>data.move(1, 1,-1)
      Segmenteringsfe l (core dumped)
      >
      I first noticed the problem under Windows in 2.5.1.
      On WinXP Py3.0b2, I see two bugs here.

      1. For a length 1 sequence, the only offsets allowed should be 0.
      However, I can index to what I suspect is a null terminator byte at
      offset len(seq). This should be internally accessible only just as for
      regular strings and bytes (which also have null terminators, I believe).
      Indexing any farther past what should be the end gives the IndexError
      I expected when indexing just past the end. (Slicing and iterating,
      however, work correctly.)
      >>import mmap
      >>d=mmap.mmap (-1,5)
      >>d[:]=b'abcde'
      >>d[0], d[4],d[5]
      (97, 101, 0)

      2. Running your code, or d.move(1,2,-1), I get python.exe 'encountered a
      problem ...shutting down ... Send report?' (yes) and window closed.
      Running IDLE, same msg, but after send report, IDLE shell restarted. Cute.

      Modules/mmapmodule.c - mmap_move_metho d declares count as unsigned.
      Further experimentation shows that the problem is telling it to move
      exactly -1 bytes, which I am sure gets translated to 2**32-1 = 4294967295 by
      PyArg_ParseTupl e(args, "kkk:move", &dest, &src, &count)
      Passing 2**32-1 also crashes, while 2*32-2 and other bad values give
      >>d.move(1,2,2* *32-2)
      Traceback (most recent call last):
      File "<pyshell#5 1>", line 1, in <module>
      d.move(1,2,2**3 2-2)
      ValueError: source or destination out of range

      I suspect the 2**32-1 bug is in C memmove, perhap inherited from a
      common source.

      I think either a)the docs should warn that a count of -1== 4294967295
      (on 32bit machines) and just that may crash the interpreter or b) the
      wrapper of the underlying C function should raise ValueError for -1
      also. The goal of 'no crashes' suggests the latter if sensibly possible.

      Terry Jan Reedy

        Comment

        Previous template Next
        Working...