>>> I suppose there's a bit of a performance hit with zeroing out the
>>> page every time, but it seems like a necessary thing to do.
>> There are security implications if we're not doing so.

There may be.  If the only data available dates from a previous mmap of
the same file, I'm not sure there's more here than a covert channel for
passing data that is very hard to find - though that much is certainly
noteworthy; whether it Needs Fixing is debatable, though I'm in favour
of it.  (I'd actually *prefer* getting SEGV/BUS/etc for accesses to
space after EOF, but that would be quite run-time expensive to do, and
likely somewhat difficult besides.)

> echo "12345123451234" > test
> gcc aa.c
> ./a.out

I don't recall seeing anything upthread about which versions suffered
from this bug (yes, I consider this a bug).  So I moved the declaration
of p to make aa.c compile on older releases and started testing.
("1.4T+" here is my mutant patched 1.4T.)  It seems to be a fairly
long-standing bug, dating to sometime around 1.6:

1.4.1/i386: no bug
1.4T+/sparc: no bug
1.4T+/i386: no bug
1.5.3/i386: no bug
1.6.1/i386: bug
2.0/i386: bug
3.0/i386: bug
3.1/alpha: bug

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B