10000 Limit memory reads for mmaped files (#329) · flixgithub/client_python@38e9f48 · GitHub
[go: up one dir, main page]
Skip to content

Commit 38e9f48

Browse files
bloodearnestbrian-brazil
bloodearnest
authored and
brian-brazil
committed
Limit memory reads for mmaped files (prometheus#329)
* Add bounds check to mmap reads Signed-off-by: Simon Davy <simon.davy@canonical.com>
1 parent 3088bc1 commit 38e9f48

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

prometheus_client/core.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -562,6 +562,7 @@ class _MmapedDict(object):
562562

563563
def __init__(self, filename, read_mode=False):
564564
self._f = open(filename, 'rb' if read_mode else 'a+b')
565+
self._fname = filename
565566
if os.fstat(self._f.fileno()).st_size == 0:
566567
self._f.truncate(_INITIAL_MMAP_SIZE)
567568
self._capacity = os.fstat(self._f.fileno()).st_size
@@ -607,6 +608,10 @@ def _read_all_values(self):
607608

608609
while pos < used:
609610
encoded_len = _unpack_integer(data, pos)[0]
611+
# check we are not reading beyond bounds
612+
if encoded_len + pos > used:
613+
msg = 'Read beyond file size detected, %s is corrupted.'
614+
raise RuntimeError(msg % self._fname)
610615
pos += 4
611616
encoded = unpack_from(('%ss' % encoded_len).encode(), data, pos)[0]
612617
padded_len = encoded_len + (8 - (encoded_len + 4) % 8)

tests/test_multiprocess.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,13 @@ def test_multi_expansion(self):
296296
[('abc', 42.0), (key, 123.0), ('def', 17.0)],
297297
list(self.d.read_all_values()))
298298

299+
def test_corruption_detected(self):
300+
self.d.write_value('abc', 42.0)
301+
# corrupt the written data
302+
self.d._m[8:16] = b'somejunk'
303+
with self.assertRaises(RuntimeError):
304+
list(self.d.read_all_values())
305+
299306
def tearDown(self):
300307
os.unlink(self.tempfile)
301308

0 commit comments

Comments
 (0)
0