[Rd] eval(match.call()) (PR#9339)

Bill Dunlap bill at insightful.com
Fri Nov 3 23:14:09 CET 2006


On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote:

> > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > x <- quote(match.call())
> > > > > eval(x)
> > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > /lib/libc.so.6[0x1f0617]
>
> > > > does look like something that just Should Not Happen...


I think valgrind shows the problem is in deparse.c:
    245         strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
    246         if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "...");
You need to put a '\0' into data[10] after that strncpy
so strcat can find the end of the string when the length
of the copied string is >=10.  It currently runs into
uninitialized memory at the end of ".Primitive".

(This is in a copy of R source from June 2006.)

----------------------------------------------------------------------------
Bill Dunlap
Insightful Corporation
bill at insightful dot com
360-428-8146

 "All statements in this message represent the opinions of the author and do
 not necessarily reflect Insightful Corporation policy or position."



More information about the R-devel mailing list