[Rd] psignrank and pwilcox null pointer deref (PR#1149)
charlie@stat.umn.edu
charlie@stat.umn.edu
Fri, 26 Oct 2001 23:50:09 +0200 (MET DST)
Full_Name: Charles J. Geyer
Version: 1.3.1
OS: SuSE 7.2
Submission from: (NULL) (134.84.86.22)
in line 90 of signrank.c and lines 114 and 273 of wilcox.c calloc is used and
the return is not checked to see if it is null (violating numbers 2 and 6 of
the ten commandments for C programmers). The following code thus makes
R segfault (for suitably large values of 1000)
for (n in seq(100, 1000, 100)) {
mu <- n * (n + 1) / 4
sigma <- sqrt(n * (n + 1) * (2 * n + 1) / 24)
z <- floor(qnorm(0.05, mu, sigma))
p <- psignrank(z, n)
cat("z = ", z, ", n = ", n, ", p = ", p, "\n", sep="")
}
for (n in seq(100, 1000, 100)) {
m <- n
mu <- n * m / 2
sigma <- sqrt(m * n * (m + n + 1) / 12)
z <- floor(qnorm(0.05, mu, sigma))
p <- pwilcox(z, m, n)
cat("z = ", z, ", m = ", m, ", n = ", n, ", p = ", p, "\n", sep="")
}
A fix is hard because a good solution would free all the previously allocated
memory before dying. Probably a better algorithm is needed. But I don't know
if one exists.
Anyway the current behavior is unacceptable.
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !) To: r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._