[Rd] Bug in R 2.7 for over long lines
Soeren Sonnenburg
r-ml at nn7.de
Fri Apr 25 08:48:28 CEST 2008
While trying to fix swig & R2.7 I actually discovered that there is a
bug in R 2.7 causing a crash (so R & swig might actually work):
the bug is in ./src/main/gram.c line 3038:
} else { /* over-long line */
fixthis --> char *LongLine = (char *) malloc(nc);
if(!LongLine)
error(_("unable to allocate space for source line %d"), xxlineno);
strncpy(LongLine, (char *)p0, nc);
bug --> LongLine[nc] = '\0';
SET_STRING_ELT(source, lines++,
mkChar2((char *)LongLine));
free(LongLine);
note that LongLine is only nc chars long, so the LongLine[nc]='\0' might
be an out of bounds write. the fix would be to do
char *LongLine = (char *) malloc(nc+1);
in line 3034
Please fix and thanks to dirk for the debian r-base-dbg package!
Soeren
More information about the R-devel
mailing list