[Rd] %s in filename when opening device causes crash (PR#10571)
Richard.Cotton at hsl.gov.uk
Richard.Cotton at hsl.gov.uk
Tue Jan 15 10:45:09 CET 2008
> > Using %s in a filename when opening a device causes R to crash, e.g.,
> >
> > pdf("foo%s.pdf")
> > win.metafile("foo%s.wmf")
> > postscript("foo%s.ps")
>
> Do you have a workaround for this? Since that is done at C level, we
> can't easily trap this (especially on Windows), and the list of possible
> errors that might cause a crash is rather long.
>
> It has been considered as a vulnerability, but there seems no simple
> solution.
The simplest workaround is probably to check that '%s' isn't included in
the character string for the file argument to each of the R wrapper
functions, something like
if(length(grep("%s", file))) stop("using '%s' in a filename is invalid")
This of course means that we couldn't use '%s' in a file string (is this a
great loss?), and that users could still cause a crash by calling the
.External code directly.
Regards,
Richie.
Mathematical Sciences Unit
HSL
------------------------------------------------------------------------
ATTENTION:
This message contains privileged and confidential inform...{{dropped:21}}
More information about the R-devel
mailing list