[Rd] strsignif.c, util.c (PR#10635)
Duncan Murdoch
murdoch at stats.uwo.ca
Fri Jan 25 16:48:08 CET 2008
On 1/25/2008 8:25 AM, ripley at stats.ox.ac.uk wrote:
> On Fri, 25 Jan 2008, A.R.Runnalls at kent.ac.uk wrote:
>
>> In R 2.6.1, a couple of places (discovered using valgrind) where the
>> requested size of string buffers fails to account correctly for the
>> trailing null byte:
>>
>> 1. In src/appl/strsignif.c, 'f0' and 'form' at l. 108-9 each need at
>> least 1 extra byte.
>>
>> 2. In src/main/util.c, 'out' at l. 1081 needs at least one extra byte.
>>
>> (Remember that the return value of strlen does not include the null byte.)
>
> But it is subtler than that. R_alloc contains the statement
>
> s = allocVector(RAWSXP, size + 1);
>
> and so does over-allocate by at least one (there is a rounding up to a
> multiple of 8). This is a historical anomaly (it used to allocate a
> CHARSXP that allowed for the null byte), but one which trying to eliminate
> caused too many crashes in package code.
>
> I'd like to see the empirical evidence you have, as I have been unable to
> trigger an overrun here.
That is not documented in Writing R Extensions or R Internals, so I
think a change is needed, either to the docs or the calls. I've already
changed these calls.
I'd rather keep the docs as they are, because they give a sensible
definition to the function. If the implementation protects against
sloppy usage that's okay, but I don't think we should take advantage of
it, in case some future maintainer notices the inconsistency and removes it.
Duncan Murdoch
More information about the R-devel
mailing list