[Rd] segfault during cbind

Prof Brian Ripley ripley at stats.ox.ac.uk
Thu Jun 21 23:28:15 CEST 2007 

On Thu, 21 Jun 2007, Martin Morgan wrote:

> Yes, that seems to do the trick, for both seg fault and valgrind!
> Thanks very much.

Thanks: this and a similar one elsewhere seem long-standing bugs in bind.c
Will commit shortly.

>
> Martin
>
> Prof Brian Ripley <ripley at stats.ox.ac.uk> writes:
>
>> I think it needs to be
>>
>>  		case LISTSXP:
>>  		    PROTECT(u = coerceVector(u, mode));
>>  		    k = LENGTH(u);
>>  		    idx = (!isMatrix(u)) ? rows : k;
>>  		    for (i = 0; i < idx; i++)
>>  			SET_VECTOR_ELT(result, n++,
>>  				       duplicate(VECTOR_ELT(u, i % k)));
>>  		    UNPROTECT(1);
>>  		    break;
>>
>> around 1258 in bind.c.  Can you test that please?
>>
>>
>> On Thu, 21 Jun 2007, Martin Morgan wrote:
>>
>>> The following code results in a seg fault.
>>>
>>>> sessionInfo()
>>> R version 2.6.0 Under development (unstable) (2007-06-21 r42013)
>>> x86_64-unknown-linux-gnu
>>>
>>> locale:
>>> LC_CTYPE=en_US;LC_NUMERIC=C;LC_TIME=en_US;LC_COLLATE=en_US;LC_MONETARY=en_US;LC_MESSAGES=en_US;LC_PAPER=en_US;LC_NAME=C;LC_ADDRESS=C;LC_TELEPHONE=C;LC_MEASUREMENT=en_US;LC_IDENTIFICATION=C
>>>
>>> attached base packages:
>>> [1] stats     graphics  grDevices utils     datasets  methods   base
>>>> csvFile <- read.csv("Barley1.na22.annot.csv", as.is=TRUE, na.strings="---")
>>>> probe <- csvFile[,1]
>>>> gb <- csvFile[, 9]
>>>> rm(csvFile)
>>>> gb <- lapply(unlist(gb),
>>> +              function(x) toupper(strsplit(x,"\\.")[[1]][1]))
>>>> id_file <- cbind(probe,gb)
>>>
>>> *** caught segfault ***
>>> address 0x2c9f0, cause 'memory not mapped'
>>>
>>> Traceback:
>>> 1: cbind(probe, gb)
>>> 2: makeBasefiles("Barley1.na22.annot.csv")
>>> aborting ...
>>> Segmentation fault
>>>
>>> valgrind says
>>>
>>> ==25398== Invalid read of size 8
>>> ==25398==    at 0x4E7BB2D: cbind (bind.c:1258)
>>> ==25398==    by 0x4E7B430: do_bind (bind.c:1113)
>>> ==25398==    by 0x4F42A1B: do_internal (names.c:1116)
>>> ==25398==    by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398==    by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>> ==25398==    by 0x4EF988D: Rf_eval (eval.c:507)
>>> ==25398==    by 0x4EFC3E0: do_set (eval.c:1404)
>>> ==25398==    by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398==    by 0x4EFB866: do_begin (eval.c:1156)
>>> ==25398==    by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398==    by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>> ==25398==    by 0x4EF988D: Rf_eval (eval.c:507)
>>> ==25398==  Address 0x8F46010 is 72,976 bytes inside a block of size 182,760 free'd
>>> ==25398==    at 0x4C226DB: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
>>> ==25398==    by 0x4F2D848: ReleaseLargeFreeVectors (memory.c:760)
>>> ==25398==    by 0x4F359E9: RunGenCollect (memory.c:1378)
>>> ==25398==    by 0x4F38938: R_gc_internal (memory.c:2171)
>>> ==25398==    by 0x4F38046: Rf_allocVector (memory.c:1961)
>>> ==25398==    by 0x4EDE779: duplicate1 (duplicate.c:221)
>>> ==25398==    by 0x4EDD698: Rf_duplicate (duplicate.c:115)
>>> ==25398==    by 0x4E7BB34: cbind (bind.c:1258)
>>> ==25398==    by 0x4E7B430: do_bind (bind.c:1113)
>>> ==25398==    by 0x4F42A1B: do_internal (names.c:1116)
>>> ==25398==    by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398==    by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>>
>>> gdb says
>>>
>>> (gdb) backtrace
>>> #0  0x00002b2dfe6940c9 in duplicate1 (s=0x2c9f0)
>>>    at /home/mtmorgan/src/R-devel/src/main/duplicate.c:134
>>> #1  0x00002b2dfe694035 in Rf_duplicate (s=0x2c9f0)
>>>    at /home/mtmorgan/src/R-devel/src/main/duplicate.c:115
>>> #2  0x00002b2dfe632555 in cbind (call=0xaaba48, args=0xb6abf0, mode=19,
>>>    rho=0xb6ba40, deparse_level=1)
>>>    at /home/mtmorgan/src/R-devel/src/main/bind.c:1263
>>> #3  0x00002b2dfe631e51 in do_bind (call=0xaaba48, op=0x62f950, args=0xb6abf0,
>>>    env=0xb6ba40) at /home/mtmorgan/src/R-devel/src/main/bind.c:1113
>>> #4  0x00002b2dfe6f93d4 in do_internal (call=0xaabab8, op=0x62d028,
>>>    args=0xaaba10, env=0xb6ba40)
>>>    at /home/mtmorgan/src/R-devel/src/main/names.c:1115
>>>
>>> and
>>>
>>> (gdb) up
>>> #2  0x00002b2dfe632555 in cbind (call=0xaaba48, args=0xb6abf0, mode=19,
>>>    rho=0xb6ba40, deparse_level=1)
>>>    at /home/mtmorgan/src/R-devel/src/main/bind.c:1263
>>> (gdb) p i
>>> $7 = 22839
>>> (gdb) p idx
>>> $8 = 22840
>>>
>>> Both rm and lapply are needed to trigger the fault; an R level gc()
>>> before the final line 'cures' the fault (and the valgind complaint).
>>>
>>> The data file is available (with free registration) at
>>>
>>> https://www.affymetrix.com/support/file_download.affx?onloadforward=/analysis/downloads/na22/ivt/Barley1.na22.annot.csv.zip
>>>
>>> Martin
>>>
>>
>> --
>> Brian D. Ripley,                  ripley at stats.ox.ac.uk
>> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
>> University of Oxford,             Tel:  +44 1865 272861 (self)
>> 1 South Parks Road,                     +44 1865 272866 (PA)
>> Oxford OX1 3TG, UK                Fax:  +44 1865 272595
>
>

-- 
Brian D. Ripley,                  ripley at stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-devel mailing list