[Rd] eval(match.call()) (PR#9339)
Tom 'spot' Callaway
tcallawa at redhat.com
Sat Nov 4 17:13:04 CET 2006
On Sat, 2006-11-04 at 00:07 +0100, marc_schwartz at comcast.net wrote:
> On Fri, 2006-11-03 at 14:14 -0800, Bill Dunlap wrote:
> > On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote:
> >
> > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > > > x <- quote(match.call())
> > > > > > > eval(x)
> > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > > > /lib/libc.so.6[0x1f0617]
> > >
> > > > > > does look like something that just Should Not Happen...
> >
> >
> > I think valgrind shows the problem is in deparse.c:
> > 245 strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
> > 246 if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "...");
> > You need to put a '\0' into data[10] after that strncpy
> > so strcat can find the end of the string when the length
> > of the copied string is >=10. It currently runs into
> > uninitialized memory at the end of ".Primitive".
> >
> > (This is in a copy of R source from June 2006.)
I was halfway to identifying this when Bill figured it out. :) New
packages are built for FC-4, FC-5, FC-6, and devel which bring us up to
the 11-03 patched level.
Thanks for the fix,
~spot
--
Tom "spot" Callaway || Red Hat || Fedora || Aurora || GPG ID: 93054260
"We must not confuse dissent with disloyalty. We must remember always
that accusation is not proof and that conviction depends upon evidence
and due process of law. We will not walk in fear, one of another. We
will not be driven by fear into an age of unreason, if we dig deep in
our history and our doctrine, and remember that we are not descended
from fearful men -- not from men who feared to write, to speak, to
associate and to defend causes that were, for the moment, unpopular."
-- Edward R. Murrow, March 9, 1954
More information about the R-devel
mailing list