[R] Segmentation fault/buffer overflow with fix() in Fedora Core 5 from Extras repository
Paul Johnson
pauljohn32 at gmail.com
Thu Oct 19 08:24:41 CEST 2006
The Fedora Extras update of R found its way onto my systems today and
I noted that fix() and edit() no longer work. There is a program crash
that closes up R, but it does not leave a core file. I've tested by
turning off SELinux, it had no effect.
Do you see it too? What do you think? It happens on both systems
I've tested. As far as I know, both of these systems are up-to-date.
I restarted with "R -d gdb" to try to get a backtrace, but gdb says
the debugging symbols have been removed and I don't see the
"debuginfo" package on the Extras archive. I'm attaching the gdb info
later, but I don't think it helps much without line numbers..
I think my next step will be to re-build R on these systems and see if
the problem disappears. Right? If it still crashes, I'll make sure I
have debugging symbols and give you a full backtrace. If it does not
crash, I'll let you know as well
Here's the session that crashes
> library(car)
> data(Chile)
> edit(Chile)
*** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x29)[0xa8079d]
/lib/libc.so.6[0xa8195d]
/usr/lib/R/modules//R_X11.so[0x7c094a]
/usr/lib/R/modules//R_X11.so[0x7c20dd]
/usr/lib/R/modules//R_X11.so[0x7c3428]
/usr/lib/R/modules//R_X11.so(RX11_dataentry+0xa25)[0x7c4b15]
/usr/lib/R/lib/libR.so[0x2bf4c5]
/usr/lib/R/lib/libR.so[0x1dfd26]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b4d28]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b1887]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x1b2f67]
/usr/lib/R/lib/libR.so[0x1e146f]
/usr/lib/R/lib/libR.so(Rf_usemethod+0x609)[0x1e28d9]
/usr/lib/R/lib/libR.so[0x1e30ae]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x1b2f67]
/usr/lib/R/lib/libR.so(Rf_eval+0x2f4)[0x1b07e4]
/usr/lib/R/lib/libR.so(Rf_ReplIteration+0x311)[0x1d01b1]
/usr/lib/R/lib/libR.so[0x1d03c1]
/usr/lib/R/lib/libR.so(run_Rmainloop+0x60)[0x1d0710]
/usr/lib/R/lib/libR.so(Rf_mainloop+0x1c)[0x1d073c]
/usr/lib/R/bin/exec/R(main+0x46)[0x8048696]
/lib/libc.so.6(__libc_start_main+0xc6)[0x9c41fe]
/usr/lib/R/bin/exec/R[0x8048591]
======= Memory map: ========
00110000-00329000 r-xp 00000000 08:05 553625 /usr/lib/R/lib/libR.so
00329000-00336000 rwxp 00219000 08:05 553625 /usr/lib/R/lib/libR.so
00336000-003cd000 rwxp 00336000 00:00 0
003cd000-003d5000 r-xp 00000000 08:05 683486 /lib/libnss_files-2.4.90.so
003d5000-003d6000 r-xp 00007000 08:05 683486 /lib/libnss_files-2.4.90.so
003d7000-003f5000 r-xp 00000000 08:05 1045723
/usr/lib/R/library/grDevices/libs/grDevices.so
003f5000-003f6000 rwxp 0001d000 08:05 1045723
/usr/lib/R/library/grDevices/libs/grDevices.so
003f6000-003fc000 r-xp 00000000 08:05 1046746
/usr/lib/R/library/methods/libs/methods.so
003fc000-003fd000 rwxp 00005000 08:05 1046746
/usr/lib/R/library/methods/libs/methods.so
003fd000-00400000 r-xp 00000000 08:05 1050384
/usr/lib/R/library/tools/libs/tools.so
00400000-00401000 rwxp 00002000 08:05 1050384
/usr/lib/R/library/tools/libs/tools.so
00413000-0043d000 r-xp 00000000 08:05 553410 /usr/lib/R/lib/libRblas.so
0043d000-0043e000 rwxp 00029000 08:05 553410 /usr/lib/R/lib/libRblas.so
0043e000-004b9000 r-xp 00000000 08:05 2868184 /usr/lib/libgfortran.so.1.0.0
004b9000-004ba000 rwxp 0007b000 08:05 2868184 /usr/lib/libgfortran.so.1.0.0
004ba000-0050b000 r-xp 00000000 08:05 1049782
/usr/lib/R/library/stats/libs/stats.so
0050b000-0050d000 rwxp 00050000 08:05 1049782
/usr/lib/R/library/stats/libs/stats.so
00510000-00511000 r-xp 00510000 00:00 0 [vdso]
00511000-0060a000 r-xp 00000000 08:05 2868912 /usr/lib/libX11.so.6.2.0
0060a000-0060e000 rwxp 000f9000 08:05 2868912 /usr/lib/libX11.so.6.2.0
00664000-0067b000 r-xp 00000000 08:05 683622 /lib/libpcre.so.0.0.1
0067b000-00692000 rwxp 00017000 08:05 683622 /lib/libpcre.so.0.0.1
007bb000-007d4000 r-xp 00000000 08:05 1050764 /usr/lib/R/modules/R_X11.so
007d4000-007d5000 rwxp 00018000 08:05 1050764 /usr/lib/R/modules/R_X11.so
007d5000-007e1000 rwxp 007d5000 00:00 0
00896000-008eb000 r-xp 00000000 08:05 2876525 /usr/lib/libXt.so.6.0.0
008eb000-008ef000 rwxp 00054000 08:05 2876525 /usr/lib/libXt.so.6.0.0
00990000-009a7000 r-xp 00000000 08:05 683431 /lib/ld-2.4.90.so
009a7000-009a8000 r-xp 00017000 08:05 683431 /lib/ld-2.4.90.so
009a8000-009a9000 rwxp 00018000 08:05 683431 /lib/ld-2.4.90.so
009ab000-00acf000 r-xp 00000000 08:05 683432 /lib/libc-2.4.90.so
00acf000-00ad1000 r-xp 00124000 08:05 683432 /lib/libc-2.4.90.so
00ad1000-00ad2000 rwxp 00126000 08:05 683432 /lib/libc-2.4.90.so
00ad2000-00ad5000 rwxp 00ad2000 00:00 0
00ad7000-00afc000 r-xp 00000000 08:05 683433 /lib/libm-2.4.90.so
00afc000-00afd000 r-xp 00024000 08:05 683433 /lib/libm-2.4.90.so
00afd000-00afe000 rwxp 00025000 08:05 683433 /lib/libm-2.4.90.so
00b00000-00b02000 r-xp 00000000 08:05 683435 /lib/libdl-2.4.90.so
00b02000-00b03000 r-xp 00001000 0Aborted
[pauljohn at pols125 tmp]$
Here is the gdb
(no debugging symbols found)
*** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x29)[0x4a279d]
/lib/libc.so.6[0x4a395d]
/usr/lib/R/modules//R_X11.so[0xd5d94a]
/usr/lib/R/modules//R_X11.so[0xd5f0dd]
/usr/lib/R/modules//R_X11.so[0xd60428]
/usr/lib/R/modules//R_X11.so(RX11_dataentry+0xa25)[0xd61b15]
/usr/lib/R/lib/libR.so[0x2bf4c5]
/usr/lib/R/lib/libR.so[0x1dfd26]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b4d28]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b1887]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x1b2f67]
/usr/lib/R/lib/libR.so[0x1e146f]
/usr/lib/R/lib/libR.so(Rf_usemethod+0x609)[0x1e28d9]
/usr/lib/R/lib/libR.so[0x1e30ae]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x1b2f67]
/usr/lib/R/lib/libR.so(Rf_eval+0x2f4)[0x1b07e4]
/usr/lib/R/lib/libR.so[0x1b4d28]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b4372]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so[0x1b1887]
/usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x1b0973]
/usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x1b2f67]
/usr/lib/R/lib/libR.so(Rf_eval+0x2f4)[0x1b07e4]
/usr/lib/R/lib/libR.so(Rf_ReplIteration+0x311)[0x1d01b1]
/usr/lib/R/lib/libR.so[0x1d03c1]
/usr/lib/R/lib/libR.so(run_Rmainloop+0x60)[0x1d0710]
/usr/lib/R/lib/libR.so(Rf_mainloop+0x1c)[0x1d073c]
/usr/lib/R/bin/exec/R(main+0x46)[0x8048696]
/lib/libc.so.6(__libc_start_main+0xc6)[0x3e61fe]
/usr/lib/R/bin/exec/R[0x8048591]
======= Memory map: ========
00110000-00329000 r-xp 00000000 08:05 553625 /usr/lib/R/lib/libR.so
00329000-00336000 rwxp 00219000 08:05 553625 /usr/lib/R/lib/libR.so
00336000-003cd000 rwxp 00336000 00:00 0
003cd000-004f1000 r-xp 00000000 08:05 683432 /lib/libc-2.4.90.so
004f1000-004f3000 r-xp 00124000 08:05 683432 /lib/libc-2.4.90.so
004f3000-004f4000 rwxp 00126000 08:05 683432 /lib/libc-2.4.90.so
004f4000-004f7000 rwxp 004f4000 00:00 0
004f7000-00572000 r-xp 00000000 08:05 2868184 /usr/lib/libgfortran.so.1.0.0
00572000-00573000 rwxp 0007b000 08:05 2868184 /usr/lib/libgfortran.so.1.0.0
00573000-0057b000 r-xp 00000000 08:05 683486 /lib/libnss_files-2.4.90.so
0057b000-0057c000 r-xp 00007000 08:05 683486 /lib/libnss_files-2.4.90.so
0057c000-0057d000 rwxp 00008000 08:05 683486 /lib/libnss_files-2.4.90.so
0057d000-00583000 r-xp 00000000 08:05 1046746
/usr/lib/R/library/methods/libs/methods.so
00583000-00584000 rwxp 00005000 08:05 1046746
/usr/lib/R/library/methods/libs/methods.so
005eb000-005ec000 r-xp 00000000 08:05 1822684 /usr/lib/gconv/ISO8859-1.so
005ec000-005ee000 rwxp 00000000 08:05 1822684 /usr/lib/gconv/ISO8859-1.so
00664000-0067b000 r-xp 00000000 08:05 683622 /lib/libpcre.so.0.0.1
0067b000-00692000 rwxp 00017000 08:05 683622 /lib/libpcre.so.0.0.1
00692000-0078b000 r-xp 00000000 08:05 2868912 /usr/lib/libX11.so.6.2.0
0078b000-0078f000 rwxp 000f9000 08:05 2868912 /usr/lib/libX11.so.6.2.0
00816000-00834000 r-xp 00000000 08:05 1045723
/usr/lib/R/library/grDevices/libs/grDevices.so
00834000-00835000 rwxp 0001d000 08:05 1045723
/usr/lib/R/library/grDevices/libs/grDevices.so
00896000-008eb000 r-xp 00000000 08:05 2876525 /usr/lib/libXt.so.6.0.0
008eb000-008ef000 rwxp 00054000 08:05 2876525 /usr/lib/libXt.so.6.0.0
00946000-00949000 r-xp 00000000 08:05 1050384
/usr/lib/R/library/tools/libs/tools.so
00949000-0094a000 rwxp 00002000 08:05 1050384
/usr/lib/R/library/tools/libs/tools.so
00990000-009a7000 r-xp 00000000 08:05 683431 /lib/ld-2.4.90.so
009a7000-009a8000 r-xp 00017000 08:05 683431 /lib/ld-2.4.90.so
009a8000-009a9000 rwxp 00018000 08:05 683431 /lib/ld-2.4.90.so
00aa7000-00ad1000 r-xp 00000000 08:05 553410 /usr/lib/R/lib/libRblas.so
00ad1000-00ad2000 rwxp 00029000 08:05 553410 /usr/lib/R/lib/libRblas.so
00ad7000-00afc000 r-xp 00000000 08:05 683433 /lib/libm-2.4.90.so
00afc000-00afd000 r-xp 00024000 08:05 683433 /lib/libm-2.4.90.so
00afd000-00afe000 rwxp 00025000 08:05 683433 /lib/libm-2.4.90.so
00b00000-00b02000 r-xp 00000000 08:05 683435 /lib/libdl-2.4.90.so
00b02000-00b03000 r-xp 00001000 08:05 683435 /lib/libdl-2.4.90.so
00b03000-00b04000 rwxp 00002000 08:05 683435 /lib/libdl-2.4.90.so
00b06000-00b18000 r-xp 00000000 08:05 2868900 /usr/lib/libz.so.1.2.3
00b18000-00b19000 rwxp 00011000 08:05 2868900 /usr/lib/libz.so.1.2.3
00b31000-00b36000 r-xp 00000000 08:05 2868911 /usr/lib/libXdmcp.so.6.0.0
00b36000-00b37000 rwxp 00004000 08:05 2868911 /usr/lib/libXdmcp.so.6.0.0
00bfc000-00bfd000 r-xp 00bfc000 00:00 0 [vdso]
00c38000-00c3a000 r-xp 00000000 08:05 2868910 /usr/lib/libXau.so.6.0.0
00c3a000-00c3b000 rwxp 00001000 08:05 2868910 /usr/lib/libXau.so.6.0.0
00c4f000-00c5a000 r-xp 00000000 08:05 683434
/lib/libgcc_s-4.1.1-20060525.so.1
00c5a000-00c5b000 rwx
Program received signal SIGABRT, Aborted.
0x003f7cd0 in raise () from /lib/libc.so.6
(gdb) bt
#0 0x003f7cd0 in raise () from /lib/libc.so.6
#1 0x003f9127 in abort () from /lib/libc.so.6
#2 0x004296f0 in __libc_message () from /lib/libc.so.6
#3 0x004a279d in __chk_fail () from /lib/libc.so.6
#4 0x004a395d in __wcsrtombs_chk () from /lib/libc.so.6
#5 0x00d5d94a in ?? () from /usr/lib/R/modules//R_X11.so
#6 0x00d5f0dd in ?? () from /usr/lib/R/modules//R_X11.so
#7 0x00d60428 in ?? () from /usr/lib/R/modules//R_X11.so
#8 0x00d61b15 in RX11_dataentry () from /usr/lib/R/modules//R_X11.so
#9 0x002bf4c5 in R_GetX11Image () from /usr/lib/R/lib/libR.so
#10 0x001dfd26 in R_RunExitFinalizers () from /usr/lib/R/lib/libR.so
#11 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#12 0x001b4d28 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#13 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#14 0x001b1887 in Rf_eval () from /usr/lib/R/lib/libR.so
#15 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#16 0x001b2f67 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#17 0x001e146f in R_do_MAKE_CLASS () from /usr/lib/R/lib/libR.so
#18 0x001e28d9 in Rf_usemethod () from /usr/lib/R/lib/libR.so
#19 0x001e30ae in Rf_usemethod () from /usr/lib/R/lib/libR.so
#20 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#21 0x001b2f67 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#22 0x001b07e4 in Rf_eval () from /usr/lib/R/lib/libR.so
#23 0x001b4d28 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#24 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#25 0x001b4372 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#26 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#27 0x001b1887 in Rf_eval () from /usr/lib/R/lib/libR.so
#28 0x001b0973 in Rf_eval () from /usr/lib/R/lib/libR.so
#29 0x001b2f67 in Rf_applyClosure () from /usr/lib/R/lib/libR.so
#30 0x001b07e4 in Rf_eval () from /usr/lib/R/lib/libR.so
#31 0x001d01b1 in Rf_ReplIteration () from /usr/lib/R/lib/libR.so
#32 0x001d03c1 in Rf_ReplIteration () from /usr/lib/R/lib/libR.so
#33 0x001d0710 in run_Rmainloop () from /usr/lib/R/lib/libR.so
#34 0x001d073c in Rf_mainloop () from /usr/lib/R/lib/libR.so
#35 0x08048696 in main ()
--
Paul E. Johnson
Professor, Political Science
1541 Lilac Lane, Room 504
University of Kansas
More information about the R-help
mailing list