[Rd] eval(match.call()) (PR#9339)

marc_schwartz at comcast.net marc_schwartz at comcast.net
Sat Nov 4 16:44:39 CET 2006


On Sat, 2006-11-04 at 02:08 +0100, Peter Dalgaard wrote:
> Bill Dunlap <bill at insightful.com> writes:
> 
> > On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote:
> > 
> > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > > > x <- quote(match.call())
> > > > > > > eval(x)
> > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > > > /lib/libc.so.6[0x1f0617]
> > >
> > > > > > does look like something that just Should Not Happen...
> > 
> > 
> > I think valgrind shows the problem is in deparse.c:
> >     245         strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
> >     246         if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "...");
> > You need to put a '\0' into data[10] after that strncpy
> > so strcat can find the end of the string when the length
> > of the copied string is >=10.  It currently runs into
> > uninitialized memory at the end of ".Primitive".
> > 
> > (This is in a copy of R source from June 2006.)
> 
> Now fixed in 2.4.0 Patched and the development version.

Just a quick heads up here, that Tom Callaway has updated the Fedora
Extras RPMS to fix the buffer overflow, based upon a post to the FE CVS
mailing list last night. This is for FC4, FC5 and FC6.

So you can update to these when they appear on FE mirrors in due course.
It looks like these should be labelled as 2.4.0-2.

Thanks to all.

Regards,

Marc



More information about the R-devel mailing list