[Rd] Crash in de()
Peter Dalgaard
p.dalgaard at biostat.ku.dk
Mon Apr 17 11:42:12 CEST 2006
Peter Dalgaard <p.dalgaard at biostat.ku.dk> writes:
> Peter Dalgaard <p.dalgaard at biostat.ku.dk> writes:
>
> > Juan Santiago Ramseyer <juan_sr at uol.com.br> writes:
> >
> > > SYSTEM:
> > > ------
> > > CPU: AMD64
> > > MOTHERBOARD: ASUS
> > > OS: FEDORA CORE 5 i64_86
> > >
> > > R SESSION:
> > > ----------
> > > > teste<-list(a=c(1,2,3,4),b=c(2,4,6,8))
> > > > teste
> > > $a
> > > [1] 1 2 3 4
> > >
> > > $b
> > > [1] 2 4 6 8
> > >
> > > > de(teste)
> > > *** buffer overflow detected ***: /usr/lib64/R/bin/exec/R terminated
> >
> > Yes, I see this too with the Fedora Extras 5 RPM on i386.
> >
> > Things like data.entry(airquality) are equally broken.
> >
> > However: It's not happening for me with a current source-compiled
> > r-devel, nor with 2.3.0beta, so it seems like it might be a packaging
> > error.
>
> Correction: I *can* reproduce if I use the Fedora CFLAGS settings, i.e.
>
> -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
> -mtune=generic -fasynchronous-unwind-tables
>
> Presumably it is the -fstack-protector doing its job and we have a
> real bug that just doesn't trigger without it. Will have a look.
>
> (BTW, x<-0; de(x) is sufficient to cause the crash).
OK, got it. The printstring() function in dataentry.c had three
instances like
cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(wcs),NULL);
s has length BOOSTED_BUF_SIZE==201 and sizeof(wcs)==804; the third
argument is documented to limit the number of bytes copied _to the
destination_, so that's clearly not right. Apparently, the check is
preemptive since the actual strings involved are nowhere near the
buffer limits. Replacing the 3rd argument with BOOSTED_BUF_SIZE-1
seems to do the trick.
Will fix for tomorrows 2.3.0 RC (we're in code freeze, but I think
this counts as a critical as well as trivial fix).
--
O__ ---- Peter Dalgaard Øster Farimagsgade 5, Entr.B
c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K
(*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918
~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk) FAX: (+45) 35327907
More information about the R-devel
mailing list