[Rd] a new way to crash R? (PR#8981)

Peter Dalgaard p.dalgaard at biostat.ku.dk
Mon Jun 26 22:47:16 CEST 2006


Duncan Murdoch <murdoch at stats.uwo.ca> writes:

> On 6/26/2006 7:31 AM, ripley at stats.ox.ac.uk wrote:
> > This works for me on both Linux and Windows.
> > 
> > Please check your memory usage: it does need about 900Kb of VM, and as you 
> > have less RAM than that installed you need to set --max-mem-size=1G or 
> > some such.
> > 
> > (It is quite likely that this is a Windows memory allocation failure: that 
> > has been reported before but not tracked down.)
> 
> I can make it reproducible now.  It happens relatively quickly when I 
> set max-mem-size=100M.  In R-devel, there's a call to malloc at line 
> 1952 of memory.c, and as R is running out of memory, that returns a -1 
> instead of a zero.  This causes a seg fault a few lines later.
> 
> The malloc code is quite complicated, so I can't see exactly why we're 
> getting the -1.

Hmm, some specs (www.opengroup.org) for malloc have the following

RETURN VALUE

    Upon successful completion with size not equal to 0, malloc()
    shall return a pointer to the allocated space. If size is 0,
    either a null pointer or a unique pointer that can be successfully
    passed to free() shall be returned. Otherwise, it shall return a
    null pointer and set errno to indicate the error.

so the only standards-conforming interpretation of a -1 return is that
the request was for 0 bytes, and "-1" is the representation of the
unique pointer which can be passed to free(). Then again, when was a
Windows lib ever standards-conforming?

BTW, malloc never returns zero, but possibly NULL. 

-- 
   O__  ---- Peter Dalgaard             Øster Farimagsgade 5, Entr.B
  c/ /'_ --- Dept. of Biostatistics     PO Box 2099, 1014 Cph. K
 (*) \(*) -- University of Copenhagen   Denmark          Ph:  (+45) 35327918
~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk)                  FAX: (+45) 35327907



More information about the R-devel mailing list