Richard Oudkerk added the comment:
This bit looks wrong to me:
if (offset - size > PY_SSIZE_T_MAX)
/* Map area too large to fit in memory */
m_obj->size = (Py_ssize_t) -1;
Should it not be "size - offset" instead of "offset - size"? (offset and size
are Py_LONG_LONG.) And there is no check that offset is non-negative.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue16743>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
