Merged revisions 70052 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r70052 | hirokazu.yamamoto | 2009-02-28 19:31:54 +0900 | 2 lines
Issue #5386: mmap.write_byte didn't check map size, so it could cause buffer
overrun.
........
diff --git a/Lib/test/test_mmap.py b/Lib/test/test_mmap.py
index 8b7e3e2..59b2374 100644
--- a/Lib/test/test_mmap.py
+++ b/Lib/test/test_mmap.py
@@ -466,6 +466,44 @@
self.assert_(issubclass(mmap.error, EnvironmentError))
self.assert_("mmap.error" in str(mmap.error))
+ def test_io_methods(self):
+ data = b"0123456789"
+ open(TESTFN, "wb").write(b"x"*len(data))
+ f = open(TESTFN, "r+b")
+ m = mmap.mmap(f.fileno(), len(data))
+ f.close()
+ # Test write_byte()
+ for i in range(len(data)):
+ self.assertEquals(m.tell(), i)
+ m.write_byte(data[i:i+1])
+ self.assertEquals(m.tell(), i+1)
+ self.assertRaises(ValueError, m.write_byte, b"x")
+ self.assertEquals(m[:], data)
+ # Test read_byte()
+ m.seek(0)
+ for i in range(len(data)):
+ self.assertEquals(m.tell(), i)
+ # XXX: Disable this test for now because it's not clear
+ # which type of object m.read_byte returns. Currently, it
+ # returns 1-length str (unicode).
+ if 0:
+ self.assertEquals(m.read_byte(), data[i:i+1])
+ else:
+ m.read_byte()
+ self.assertEquals(m.tell(), i+1)
+ self.assertRaises(ValueError, m.read_byte)
+ # Test read()
+ m.seek(3)
+ self.assertEquals(m.read(3), b"345")
+ self.assertEquals(m.tell(), 6)
+ # Test write()
+ m.seek(3)
+ m.write(b"bar")
+ self.assertEquals(m.tell(), 6)
+ self.assertEquals(m[:], b"012bar6789")
+ m.seek(8)
+ self.assertRaises(ValueError, m.write, b"bar")
+
def test_main():
run_unittest(MmapTests)
diff --git a/Misc/NEWS b/Misc/NEWS
index d354be8..ff271b9 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -173,6 +173,9 @@
Library
-------
+- Issue #5386: mmap.write_byte didn't check map size, so it could cause buffer
+ overrun.
+
- Issue #1533164: Installed but not listed *.pyo was breaking Distutils
bdist_rpm command.
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index 7fa1037..db94406 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -376,10 +376,17 @@
if (!is_writable(self))
return NULL;
- *(self->data+self->pos) = value;
- self->pos += 1;
- Py_INCREF(Py_None);
- return Py_None;
+
+ if (self->pos < self->size) {
+ *(self->data+self->pos) = value;
+ self->pos += 1;
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+ else {
+ PyErr_SetString(PyExc_ValueError, "write byte out of range");
+ return NULL;
+ }
}
static PyObject *