Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.7k
Closed
Description
The following (artificial) code segfaults CPython (I tried a bunch of versions, including git main) on my x86 Ubuntu Linux 22.10:
importmmapwithopen("abcds","w+")asf:f.write("foobar")f.flush()classX(object):def__index__(self):m.close()return1m=mmap.mmap(f.fileno(),6,access=mmap.ACCESS_READ)print(m[1])print(m[X()])
The problem is this code inmmapmodule.c
staticPyObject*mmap_subscript(mmap_object*self,PyObject*item){CHECK_VALID(NULL);if (PyIndex_Check(item)) {Py_ssize_ti=PyNumber_AsSsize_t(item,PyExc_IndexError);if (i==-1&&PyErr_Occurred())returnNULL;if (i<0)i+=self->size;if (i<0||i >=self->size) {PyErr_SetString(PyExc_IndexError,"mmap index out of range");returnNULL; }returnPyLong_FromLong(Py_CHARMASK(self->data[i]));...
theCHECK_VALID(NULL) call which checks whether the mmap object is closed happens before thePyNumber_AsSsize_t call which closes the object (and similarly for the slice handling which happens further down).