summaryrefslogtreecommitdiff
path: root/Modules/mmapmodule.c
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2016-10-05 21:45:48 -0700
committerBenjamin Peterson <benjamin@python.org>2016-10-05 21:45:48 -0700
commitcd04db03debaead0abd1bff149389445284f88e2 (patch)
tree98fad3f687343fb125e7f0fef3dd57cf36df6265 /Modules/mmapmodule.c
parent92e7c7f99c51419e1b4aa5eaaa22b7aeb6154ffd (diff)
downloadcpython-git-cd04db03debaead0abd1bff149389445284f88e2.tar.gz
mmap: do all internal arithmetic with Py_ssize_t while being very careful about overflow
Diffstat (limited to 'Modules/mmapmodule.c')
-rw-r--r--Modules/mmapmodule.c187
1 files changed, 78 insertions, 109 deletions
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index bb98a99427..6e2db6134c 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c
@@ -90,8 +90,8 @@ typedef enum
typedef struct {
PyObject_HEAD
char * data;
- size_t size;
- size_t pos; /* relative to offset */
+ Py_ssize_t size;
+ Py_ssize_t pos; /* relative to offset */
#ifdef MS_WINDOWS
PY_LONG_LONG offset;
#else
@@ -210,33 +210,32 @@ mmap_read_byte_method(mmap_object *self,
PyObject *unused)
{
CHECK_VALID(NULL);
- if (self->pos < self->size) {
- char value = self->data[self->pos];
- self->pos += 1;
- return Py_BuildValue("B", (unsigned char)value);
- } else {
+ if (self->pos >= self->size) {
PyErr_SetString(PyExc_ValueError, "read byte out of range");
return NULL;
}
+ return PyLong_FromLong((unsigned char)self->data[self->pos++]);
}
static PyObject *
mmap_read_line_method(mmap_object *self,
PyObject *unused)
{
- char *start = self->data+self->pos;
- char *eof = self->data+self->size;
- char *eol;
+ Py_ssize_t remaining;
+ char *start, *eol;
PyObject *result;
CHECK_VALID(NULL);
- eol = memchr(start, '\n', self->size - self->pos);
+ remaining = (self->pos < self->size) ? self->size - self->pos : 0;
+ if (!remaining)
+ return PyBytes_FromString("");
+ start = self->data + self->pos;
+ eol = memchr(start, '\n', remaining);
if (!eol)
- eol = eof;
+ eol = self->data + self->size;
else
- ++eol; /* we're interested in the position after the
- newline. */
+ ++eol; /* advance past newline */
result = PyBytes_FromStringAndSize(start, (eol - start));
self->pos += (eol - start);
return result;
@@ -268,7 +267,7 @@ static PyObject *
mmap_read_method(mmap_object *self,
PyObject *args)
{
- Py_ssize_t num_bytes = -1, n;
+ Py_ssize_t num_bytes, remaining;
PyObject *result;
CHECK_VALID(NULL);
@@ -276,20 +275,10 @@ mmap_read_method(mmap_object *self,
return(NULL);
/* silently 'adjust' out-of-range requests */
- assert(self->size >= self->pos);
- n = self->size - self->pos;
- /* The difference can overflow, only if self->size is greater than
- * PY_SSIZE_T_MAX. But then the operation cannot possibly succeed,
- * because the mapped area and the returned string each need more
- * than half of the addressable memory. So we clip the size, and let
- * the code below raise MemoryError.
- */
- if (n < 0)
- n = PY_SSIZE_T_MAX;
- if (num_bytes < 0 || num_bytes > n) {
- num_bytes = n;
- }
- result = PyBytes_FromStringAndSize(self->data+self->pos, num_bytes);
+ remaining = (self->pos < self->size) ? self->size - self->pos : 0;
+ if (num_bytes < 0 || num_bytes > remaining)
+ num_bytes = remaining;
+ result = PyBytes_FromStringAndSize(&self->data[self->pos], num_bytes);
self->pos += num_bytes;
return result;
}
@@ -317,14 +306,14 @@ mmap_gfind(mmap_object *self,
start += self->size;
if (start < 0)
start = 0;
- else if ((size_t)start > self->size)
+ else if (start > self->size)
start = self->size;
if (end < 0)
end += self->size;
if (end < 0)
end = 0;
- else if ((size_t)end > self->size)
+ else if (end > self->size)
end = self->size;
start_p = self->data + start;
@@ -394,18 +383,17 @@ mmap_write_method(mmap_object *self,
if (!PyArg_ParseTuple(args, "y*:write", &data))
return(NULL);
- if (!is_writable(self)) {
- PyBuffer_Release(&data);
+ if (!is_writable(self))
return NULL;
- }
- if ((self->pos + data.len) > self->size) {
- PyErr_SetString(PyExc_ValueError, "data out of range");
+ if (self->pos > self->size || self->size - self->pos < data.len) {
PyBuffer_Release(&data);
+ PyErr_SetString(PyExc_ValueError, "data out of range");
return NULL;
}
- memcpy(self->data + self->pos, data.buf, data.len);
- self->pos = self->pos + data.len;
+
+ memcpy(&self->data[self->pos], data.buf, data.len);
+ self->pos += data.len;
PyBuffer_Release(&data);
Py_INCREF(Py_None);
return Py_None;
@@ -425,8 +413,7 @@ mmap_write_byte_method(mmap_object *self,
return NULL;
if (self->pos < self->size) {
- *(self->data+self->pos) = value;
- self->pos += 1;
+ self->data[self->pos++] = value;
Py_INCREF(Py_None);
return Py_None;
}
@@ -495,8 +482,14 @@ mmap_resize_method(mmap_object *self,
if (!PyArg_ParseTuple(args, "n:resize", &new_size) ||
!is_resizeable(self)) {
return NULL;
+ }
+ if (new_size < 0 || PY_SSIZE_T_MAX - new_size < self->offset) {
+ PyErr_SetString(PyExc_ValueError, "new size out of range");
+ return NULL;
+ }
+
+ {
#ifdef MS_WINDOWS
- } else {
DWORD dwErrCode = 0;
DWORD off_hi, off_lo, newSizeLow, newSizeHigh;
/* First, unmap the file view */
@@ -546,15 +539,13 @@ mmap_resize_method(mmap_object *self,
#ifdef UNIX
#ifndef HAVE_MREMAP
- } else {
PyErr_SetString(PyExc_SystemError,
"mmap: resizing not available--no mremap()");
return NULL;
#else
- } else {
void *newmap;
- if (ftruncate(self->fd, self->offset + new_size) == -1) {
+ if (self->fd != -1 && ftruncate(self->fd, self->offset + new_size) == -1) {
PyErr_SetFromErrno(PyExc_OSError);
return NULL;
}
@@ -562,11 +553,11 @@ mmap_resize_method(mmap_object *self,
#ifdef MREMAP_MAYMOVE
newmap = mremap(self->data, self->size, new_size, MREMAP_MAYMOVE);
#else
- #if defined(__NetBSD__)
- newmap = mremap(self->data, self->size, self->data, new_size, 0);
- #else
- newmap = mremap(self->data, self->size, new_size, 0);
- #endif /* __NetBSD__ */
+#if defined(__NetBSD__)
+ newmap = mremap(self->data, self->size, self->data, new_size, 0);
+#else
+ newmap = mremap(self->data, self->size, new_size, 0);
+#endif /* __NetBSD__ */
#endif
if (newmap == (void *)-1)
{
@@ -597,7 +588,7 @@ mmap_flush_method(mmap_object *self, PyObject *args)
CHECK_VALID(NULL);
if (!PyArg_ParseTuple(args, "|nn:flush", &offset, &size))
return NULL;
- if ((size_t)(offset + size) > self->size) {
+ if (size < 0 || offset < 0 || self->size - offset < size) {
PyErr_SetString(PyExc_ValueError, "flush values out of range");
return NULL;
}
@@ -630,20 +621,18 @@ mmap_seek_method(mmap_object *self, PyObject *args)
if (!PyArg_ParseTuple(args, "n|i:seek", &dist, &how))
return NULL;
else {
- size_t where;
+ Py_ssize_t where;
switch (how) {
case 0: /* relative to start */
- if (dist < 0)
- goto onoutofrange;
where = dist;
break;
case 1: /* relative to current position */
- if ((Py_ssize_t)self->pos + dist < 0)
+ if (PY_SSIZE_T_MAX - self->pos < dist)
goto onoutofrange;
where = self->pos + dist;
break;
case 2: /* relative to end */
- if ((Py_ssize_t)self->size + dist < 0)
+ if (PY_SSIZE_T_MAX - self->size < dist)
goto onoutofrange;
where = self->size + dist;
break;
@@ -651,7 +640,7 @@ mmap_seek_method(mmap_object *self, PyObject *args)
PyErr_SetString(PyExc_ValueError, "unknown seek type");
return NULL;
}
- if (where > self->size)
+ if (where > self->size || where < 0)
goto onoutofrange;
self->pos = where;
Py_INCREF(Py_None);
@@ -666,23 +655,27 @@ mmap_seek_method(mmap_object *self, PyObject *args)
static PyObject *
mmap_move_method(mmap_object *self, PyObject *args)
{
- unsigned long dest, src, cnt;
+ Py_ssize_t dest, src, cnt;
CHECK_VALID(NULL);
- if (!PyArg_ParseTuple(args, "kkk:move", &dest, &src, &cnt) ||
+ if (!PyArg_ParseTuple(args, "nnn:move", &dest, &src, &cnt) ||
!is_writable(self)) {
return NULL;
} else {
/* bounds check the values */
- if ((cnt + dest) < cnt || (cnt + src) < cnt ||
- src > self->size || (src + cnt) > self->size ||
- dest > self->size || (dest + cnt) > self->size) {
- PyErr_SetString(PyExc_ValueError,
- "source, destination, or count out of range");
- return NULL;
- }
- memmove(self->data+dest, self->data+src, cnt);
+ if (dest < 0 || src < 0 || cnt < 0)
+ goto bounds;
+ if (self->size - dest < cnt || self->size - src < cnt)
+ goto bounds;
+
+ memmove(&self->data[dest], &self->data[src], cnt);
+
Py_INCREF(Py_None);
return Py_None;
+
+ bounds:
+ PyErr_SetString(PyExc_ValueError,
+ "source, destination, or count out of range");
+ return NULL;
}
}
@@ -785,7 +778,7 @@ static PyObject *
mmap_item(mmap_object *self, Py_ssize_t i)
{
CHECK_VALID(NULL);
- if (i < 0 || (size_t)i >= self->size) {
+ if (i < 0 || i >= self->size) {
PyErr_SetString(PyExc_IndexError, "mmap index out of range");
return NULL;
}
@@ -802,7 +795,7 @@ mmap_subscript(mmap_object *self, PyObject *item)
return NULL;
if (i < 0)
i += self->size;
- if (i < 0 || (size_t)i >= self->size) {
+ if (i < 0 || i >= self->size) {
PyErr_SetString(PyExc_IndexError,
"mmap index out of range");
return NULL;
@@ -870,7 +863,7 @@ mmap_ass_item(mmap_object *self, Py_ssize_t i, PyObject *v)
const char *buf;
CHECK_VALID(-1);
- if (i < 0 || (size_t)i >= self->size) {
+ if (i < 0 || i >= self->size) {
PyErr_SetString(PyExc_IndexError, "mmap index out of range");
return -1;
}
@@ -907,7 +900,7 @@ mmap_ass_subscript(mmap_object *self, PyObject *item, PyObject *value)
return -1;
if (i < 0)
i += self->size;
- if (i < 0 || (size_t)i >= self->size) {
+ if (i < 0 || i >= self->size) {
PyErr_SetString(PyExc_IndexError,
"mmap index out of range");
return -1;
@@ -1074,32 +1067,6 @@ static PyTypeObject mmap_object_type = {
};
-/* extract the map size from the given PyObject
-
- Returns -1 on error, with an appropriate Python exception raised. On
- success, the map size is returned. */
-static Py_ssize_t
-_GetMapSize(PyObject *o, const char* param)
-{
- if (o == NULL)
- return 0;
- if (PyIndex_Check(o)) {
- Py_ssize_t i = PyNumber_AsSsize_t(o, PyExc_OverflowError);
- if (i==-1 && PyErr_Occurred())
- return -1;
- if (i < 0) {
- PyErr_Format(PyExc_OverflowError,
- "memory mapped %s must be positive",
- param);
- return -1;
- }
- return i;
- }
-
- PyErr_SetString(PyExc_TypeError, "map size must be an integral value");
- return -1;
-}
-
#ifdef UNIX
#ifdef HAVE_LARGEFILE_SUPPORT
#define _Py_PARSE_OFF_T "L"
@@ -1112,7 +1079,6 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
{
struct _Py_stat_struct status;
mmap_object *m_obj;
- PyObject *map_size_obj = NULL;
Py_ssize_t map_size;
off_t offset = 0;
int fd, flags = MAP_SHARED, prot = PROT_WRITE | PROT_READ;
@@ -1122,13 +1088,15 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
"flags", "prot",
"access", "offset", NULL};
- if (!PyArg_ParseTupleAndKeywords(args, kwdict, "iO|iii" _Py_PARSE_OFF_T, keywords,
- &fd, &map_size_obj, &flags, &prot,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict, "in|iii" _Py_PARSE_OFF_T, keywords,
+ &fd, &map_size, &flags, &prot,
&access, &offset))
return NULL;
- map_size = _GetMapSize(map_size_obj, "size");
- if (map_size < 0)
+ if (map_size < 0) {
+ PyErr_SetString(PyExc_OverflowError,
+ "memory mapped length must be postiive");
return NULL;
+ }
if (offset < 0) {
PyErr_SetString(PyExc_OverflowError,
"memory mapped offset must be positive");
@@ -1194,7 +1162,7 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
return NULL;
}
map_size = (Py_ssize_t) (status.st_size - offset);
- } else if (offset + map_size > status.st_size) {
+ } else if (offset > status.st_size || status.st_size - offset < map_size) {
PyErr_SetString(PyExc_ValueError,
"mmap length is greater than file size");
return NULL;
@@ -1203,8 +1171,8 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
m_obj = (mmap_object *)type->tp_alloc(type, 0);
if (m_obj == NULL) {return NULL;}
m_obj->data = NULL;
- m_obj->size = (size_t) map_size;
- m_obj->pos = (size_t) 0;
+ m_obj->size = map_size;
+ m_obj->pos = 0;
m_obj->weakreflist = NULL;
m_obj->exports = 0;
m_obj->offset = offset;
@@ -1264,7 +1232,6 @@ static PyObject *
new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
{
mmap_object *m_obj;
- PyObject *map_size_obj = NULL;
Py_ssize_t map_size;
PY_LONG_LONG offset = 0, size;
DWORD off_hi; /* upper 32 bits of offset */
@@ -1281,8 +1248,8 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
"tagname",
"access", "offset", NULL };
- if (!PyArg_ParseTupleAndKeywords(args, kwdict, "iO|ziL", keywords,
- &fileno, &map_size_obj,
+ if (!PyArg_ParseTupleAndKeywords(args, kwdict, "in|ziL", keywords,
+ &fileno, &map_size,
&tagname, &access, &offset)) {
return NULL;
}
@@ -1305,9 +1272,11 @@ new_mmap_object(PyTypeObject *type, PyObject *args, PyObject *kwdict)
"mmap invalid access parameter.");
}
- map_size = _GetMapSize(map_size_obj, "size");
- if (map_size < 0)
+ if (map_size < 0) {
+ PyErr_SetString(PyExc_OverflowError,
+ "memory mapped length must be postiive");
return NULL;
+ }
if (offset < 0) {
PyErr_SetString(PyExc_OverflowError,
"memory mapped offset must be positive");
View Lorry Controller Status