continuous key press results in core dump (PR#331)

Peter Dalgaard BSA p.dalgaard@biostat.ku.dk
22 Nov 1999 00:24:19 +0100


Peter Dalgaard BSA <p.dalgaard@biostat.ku.dk> writes:

> Yup, in dstruct.c we have
> 
> static int ddVal(SEXP name)
> {
>     char buf[128], *endp, *val;
>     int rval;
> 
>     strcpy(buf, CHAR(name));
> 
> ..which at the very least has to have a str*n*cpy in order not to
> corrupt the stack if CHAR(name) is too large. Or perhaps better:
> allocate buf explicitly instead of via a stack variable.
> 
> Not sure I'll be able to get it fixed tonight though.

Squished. That buffer should never have been there in the first place...

-- 
   O__  ---- Peter Dalgaard             Blegdamsvej 3  
  c/ /'_ --- Dept. of Biostatistics     2200 Cph. N   
 (*) \(*) -- University of Copenhagen   Denmark      Ph: (+45) 35327918
~~~~~~~~~~ - (p.dalgaard@biostat.ku.dk)             FAX: (+45) 35327907
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._