[Rd] segfault on write.dcf with gzfile connection

Prof Brian Ripley ripley at stats.ox.ac.uk
Sun Nov 27 10:40:02 CET 2005


Unfortunately va_copy is an ISO C99 function, so not always available.

Please do heed the posting guide and give us real details of your OS and 
compiler, as they do matter here (stdarg.h is often compiler-specific).

On Sat, 26 Nov 2005, Seth Falcon wrote:

> I'm seeing a segfault on x86_64 Linux with the following code:
>
>    desc = read.dcf("BAD")
>    con = gzfile("test.gz", "wt")
>    write.dcf(desc, file=con)
>    close(con)
>
> where BAD has a long field (see below for example).  The crash happens
> inside dummy_vfprintf.  I think the issue is that the va_list ap is
> modified by the first vsnprintf call (connections.c:190) and the
> subsequent vsprintf call (connections.c:194) gets an invalid va_list
> arg.
>
> The following patch improves things for me, but I've not tested on
> other platforms.
>
>
> Index: connections.c
> ===================================================================
> --- connections.c       (revision 36434)
> +++ connections.c       (working copy)
> @@ -186,8 +186,11 @@
> {
>     char buf[BUFSIZE], *b = buf, *vmax = vmaxget();
>     int res, usedRalloc = FALSE;
> +    va_list aq;
>
> -    res = vsnprintf(buf, BUFSIZE, format, ap);
> +    va_copy(aq, ap);
> +    res = vsnprintf(buf, BUFSIZE, format, aq);
> +    va_end(aq);
>     if(res >= BUFSIZE) { /* res is the desired output length */
>        usedRalloc = TRUE;
>        b = R_alloc(res + 1, sizeof(char));
>
>
> And here is an example BAD file, but I'm pretty sure any DCF field
> with a very long value would trigger it:
>
>
> Description: The package provides and API in R to query BioMart
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>        system which produces and maintains automatic annotation on
>
> ______________________________________________
> R-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>

-- 
Brian D. Ripley,                  ripley at stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595



More information about the R-devel mailing list