continuous key press results in core dump (PR#331)

Peter Dalgaard BSA p.dalgaard@biostat.ku.dk
21 Nov 1999 21:58:36 +0100


rnassar@duke.edu writes:

> I  encountered this today (I admit it is a result of downright abuse)
> 
> Segmentation fault under abnormal conditions (as when stupid finger
> accidentally leaned on key): 

...which is exactly why this kind of fault mustn't happen.

> at 128 (at least by my count) "continuous" (zzzzzzzzz... or 123qwertyuio...)
> characters but NOT when enclosed in " ", and not if numbers. 
> 
> > 12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678
> [1] 1.234568e+157
> > zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
> Segmentation fault (core dumped)

Yup, in dstruct.c we have

static int ddVal(SEXP name)
{
    char buf[128], *endp, *val;
    int rval;

    strcpy(buf, CHAR(name));

..which at the very least has to have a str*n*cpy in order not to
corrupt the stack if CHAR(name) is too large. Or perhaps better:
allocate buf explicitly instead of via a stack variable.

Not sure I'll be able to get it fixed tonight though.

-- 
   O__  ---- Peter Dalgaard             Blegdamsvej 3  
  c/ /'_ --- Dept. of Biostatistics     2200 Cph. N   
 (*) \(*) -- University of Copenhagen   Denmark      Ph: (+45) 35327918
~~~~~~~~~~ - (p.dalgaard@biostat.ku.dk)             FAX: (+45) 35327907
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._