Issue 21810: SIGSEGV in PyObject_Malloc when ARENAS_USE_MMAP (original) (raw)

Issue21810

Created on 2014-06-19 19:36 by John-Mark.Bell, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (3)
msg221013 - (view)	Author: John-Mark Bell (John-Mark.Bell)	Date: 2014-06-19 19:36
In low-memory scenarios, the Python 2.7 interpreter may crash as a result of failing to correctly check the return value from mmap in new_arena(). This changeset appears to be the point at which this issue was introduced: http://hg.python.org/cpython/rev/4e43e5b3f7fc Looking at the head of the 2.7 branch in Mercurial, we see the issue is still present: http://hg.python.org/cpython/file/cf70f030a744/Objects/obmalloc.c#l595 On failure, mmap will return MAP_FAILED ((void *) -1), whereas malloc will return NULL (0). Thus, the check for allocation failure on line 601 will erroneously decide that the allocation succeeded in the mmap case. The interpreter will subsequently crash once the invalid address is accessed. I've attached a potential fix for this issue.
msg221029 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-06-19 21:45
New changeset 012b5c9c062d by Charles-François Natali in branch '2.7': Issue #21810: Backport mmap-based arena allocation failure check. http://hg.python.org/cpython/rev/012b5c9c062d
msg221030 - (view)	Author: Charles-François Natali (neologix) *	Date: 2014-06-19 21:47
Thanks for the report. The patch introducing mmap() to limit memory fragmentation was applied initially only to the Python 3 branch (3.2 at that time IIRC). This problem was spotted a couple days later, and fixed: http://hg.python.org/cpython/rev/ba8f85e16dd9 I guess the backport to Python 2.7 didn't backport the subsequent fix.