[Rd] segfault on Linux from buffer overflow in warning() ? (PR#905)

bolker@zoo.ufl.edu bolker@zoo.ufl.edu
Tue, 10 Apr 2001 16:55:45 +0200 (MET DST)


   I have found what seems to be a bug in warning(), but perhaps
I'm being really boneheaded (it's happened before).  Essentially,
warning() seems to segfault if its argument is greater than 8191
characters (8192 is defined as BUFSIZE in errors.c, so a quick
workaround would be to boost this ...)
   The bug was initially provoked by trying to concatenate two
long tables -- the warning message about all the duplicate row
names caused the segfault.  Functions below should all trigger
the problem.
   I haven't got the development version, but I didn't see anything
in the CVS logs about this problem ...  the R code is a little too
tangled for me to fix immediately, but I'm hoping that this
information will help R-core folks find it fairly quickly.

  The reason I think I must be being boneheaded is that this
seems fairly major and obvious: hasn't anyone stumbled across
this while trying to concatenate long tables?

  Here are three functions, in increasing specificity, that trigger the
bug for sufficiently large arguments.


provoke.bug <- function(r=7500,c=c) {
  y1 <- matrix(runif(r*c),ncol=c)
  row.names(y1) <- 1:r
  y2 <- matrix(runif(r*c),ncol=c)
  row.names(y2) <- 1:r
  # problem triggered by data.frame()
  invisible(data.frame(rbind(y1,y2)))
}

## crashes between 1600 and 1700 rows, 1 column
## (overallocating buffer in duplicate rows warning?)

provoke.bug2 <- function(n=1600) {
  str <- as.character(1:n)
  dup <- duplicated(c(str,str))
  trywarn <- paste("duplicates:",paste(which(dup),collapse=","))
  cat("Length of warning message:",nchar(trywarn),"\n")
  warning(trywarn)
  ## problem is in warning() ...
}

provoke.bug3 <- function(n=1600) {
   warnmsg <- paste(LETTERS[sample(1:26,n,replace=TRUE)],collapse="")
   warning(warnmsg)
}

## crashes if warning message is > 8191 characters


--please do not edit the information below--

Version:
 platform = i686-pc-linux-gnu
 arch = i686
 os = linux-gnu
 system = i686, linux-gnu
 status =
 major = 1
 minor = 2.1
 year = 2001
 month = 01
 day = 15
 language = R

Search Path:
 .GlobalEnv, package:ctest, Autoloads, package:base

-- 
318 Carr Hall                                bolker@zoo.ufl.edu
Zoology Department, University of Florida    http://www.zoo.ufl.edu/bolker
Box 118525                                   (ph)  352-392-5697
Gainesville, FL 32611-8525                   (fax) 352-392-3704


-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._