[Rd] incorrect output and segfaults from sprintf with %*d (PR#13667)

Wacek Kusnierczyk Waclaw.Marcin.Kusnierczyk at idi.ntnu.no
Fri Apr 24 14:40:08 CEST 2009

maechler at stat.math.ethz.ch wrote:
>     vQ> sprintf has a documented limit on strings included in the output using the
>     vQ> format '%s'.  It appears that there is a limit on the length of strings included
>     vQ> with, e.g., the format '%d' beyond which surprising things happen (output
>     vQ> modified for conciseness):
>     >>> 
>     vQ> ... and this limit is *not* documented.
>     MM> well, it is basically (+ a few bytes ?)
>     MM> the same  8192  limit that *is* documented.
> indeed, I was right with that..

hmm, i'd guess this limit is valid for all strings included in the
output with any format?  not just %s (and, as it appears, undocumentedly

>     vQ> while snprintf would help avoid buffer overflow, it may not be a
>     vQ> solution to the issue of confused output.
>     MM> I think it would / will.  We would be able to give warnings and
>     MM> errors, by checking the  snprintf()  return codes.
> My current working code gives an error for all the above
> examples, e.g.,
>  > sprintf('%9999d', 1)
>  Error in sprintf("%9999d", 1) : 
>    required resulting string length 9999 is > maximal 8191
> it passes  'make check-devel' and I am inclined to commit that
> code to R-devel (e.g. tomorrow). 
> Yes, the documentation will also have to be amended, but apart
> from that, would people see a big problem with the "8192" limit
> which now is suddenly of greater importance
> {{as I said all along;  hence my question to Wacek (and the
>   R-develers)  if anybody found that limit too low}}

i didn't find the limit itself problematic.  (so far?)

btw. (i do know what that means ;)), after your recent fix:

    sprintf('%q%s', 1)
    # Error in sprintf("%q%s", 1) :
    #  use format %f, %e, %g or %a for numeric objects

    sprintf('%s', 1)
    # [1] "1"

you may want to add '%s' (and '%x', and ...) to the error message.  or
perhaps make it say sth like 'invalid format: ...'.  the problem is not
that %q is not applicable to numeric, but that it is not a valid format
at all.

there's also an issue with the additional arguments supplied after the
format:  any superfluous arguments are ignored (this is not documented,
as far as i can see), but they *are* evaluated nevertheless, e.g.:

    sprintf('%d', 0, {print(1)})
    # "1"
    # [1] "0"

it might be a good idea to document this behaviour.



More information about the R-devel mailing list