[Rd] incorrect output and segfaults from sprintf with %*d (PR#13667)
waku at idi.ntnu.no
waku at idi.ntnu.no
Tue Apr 21 13:05:11 CEST 2009
Full_Name: Wacek Kusnierczyk
Version: 2.10.0 r48365
OS: Ubuntu 8.04 Linux 32bit
Submission from: (NULL) (129.241.110.141)
sprintf has a documented limit on strings included in the output using the
format '%s'. It appears that there is a limit on the length of strings included
with, e.g., the format '%d' beyond which surprising things happen (output
modified for conciseness):
gregexpr('1', sprintf('%9000d', 1))
# [1] 9000 9801
gregexpr('1', sprintf('%9000d', 1))
# [1] 9000 9801 10602
gregexpr('1', sprintf('%9000d', 1))
# [1] 9000 9801 10602 11403
gregexpr('1', sprintf('%9000d', 1))
# [1] 9000 9801 10602 11403 12204
...
Note that not only more than one '1' is included in the output, but also that
the same functional expression (no side effects used beyond the interface) gives
different results on each execution. Analogous behaviour can be observed with
'%nd' where n > 8200.
The actual output above is consistent across separate sessions.
With sufficiently large field width values, R segfaults:
sprintf('%*d', 10^5, 1)
# *** caught segfault ***
# address 0xbfcfc000, cause 'memory not mapped'
# Segmentation fault
sessionInfo()
# R version 2.10.0 Under development (unstable) (2009-04-20 r48365)
# i686-pc-linux-gnu
More information about the R-devel
mailing list