[Rd] Using \u2030 in plot axis label -> stack smashing

Prof Brian Ripley ripley at stats.ox.ac.uk
Tue Sep 19 18:08:51 CEST 2006

On Tue, 19 Sep 2006, Prof Brian Ripley wrote:

> On Tue, 19 Sep 2006, Peter Dalgaard wrote:
>> Prof Brian Ripley <ripley at stats.ox.ac.uk> writes:
>>>> Thanks Prof. Ripley and Ei-Ji. I should have mentioned that all the
>>>> versions I reported for were self-compiled, and I did so with the same
>>>> set of flags as the FC5 rpm. Will add that to the list in my head of
>>>> things to report.
>>> (I think this is probably FC5's flags being over-zealous, but Ei-ji
>>> Nakama may know better.)
>> Probably not all that over-zealous. If you're smashing the stack you're
>> smashing the stack. It's not always fatal, but worth fixing.
> But there is no evidence we are smashing the stack, and valgrind found no
> buffer overrun.  As far as I can tell (killing a process with no core dump
> makes it hard to trace) this occurs when we copy 4 bytes from a buffer of
> 16 bytes to one of 5 bytes.

Ah, strncpy zero-pads and so assumes that dest has at least n bytes. 
This is much clearer from the Solaris man page than the glibc one.  So it 
is (our usage of) strncpy that is potentially stack-smashing.  I guess 
that is one of the things valgrind cannot catch.

Brian D. Ripley,                  ripley at stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-devel mailing list