New submission from John-Mark Bell: In low-memory scenarios, the Python 2.7 interpreter may crash as a result of failing to correctly check the return value from mmap in new_arena().
This changeset appears to be the point at which this issue was introduced: http://hg.python.org/cpython/rev/4e43e5b3f7fc Looking at the head of the 2.7 branch in Mercurial, we see the issue is still present: http://hg.python.org/cpython/file/cf70f030a744/Objects/obmalloc.c#l595 On failure, mmap will return MAP_FAILED ((void *) -1), whereas malloc will return NULL (0). Thus, the check for allocation failure on line 601 will erroneously decide that the allocation succeeded in the mmap case. The interpreter will subsequently crash once the invalid address is accessed. I've attached a potential fix for this issue. ---------- components: Interpreter Core files: obmalloc.diff keywords: patch messages: 221013 nosy: John-Mark.Bell priority: normal severity: normal status: open title: SIGSEGV in PyObject_Malloc when ARENAS_USE_MMAP type: crash versions: Python 2.7 Added file: http://bugs.python.org/file35694/obmalloc.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21810> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
