[R-pkg-devel] Check warning around sprintf: Compiled code should not call entry points which might terminate R nor write to stdout/stderr instead of to the console, nor use Fortran I/O nor system RNGs nor [v]sprintf.

Iris Simmons |kw@|mmo @end|ng |rom gm@||@com
Sun Nov 19 02:07:40 CET 2023


Yes, the reason for the error is the use of sprintf. You can instead use
snprintf where n is the maximum number of bytes to write, including the
terminating nul character. For example:

char msg[8191];
snprintf(msg, 8191, "criteria: error (%d) -> %s\n", inErr, errStr);
Rf_error(msg);

or however large you made the error string.


On Sat, Nov 18, 2023, 20:01 Iago Giné-Vázquez <iago.gin-vaz using protonmail.com>
wrote:

> Dear all,
>
> I am updating a CRAN-archived R package, so it can get back to CRAN. But
> there is a warning produced in Linux OS that I am not sure to understand
> and I do not know how to solve, even after looking at ‘Writing portable
> packages’ in the ‘Writing R Extensions’ manual and after searching in the
> web. The warning is
>
> > * checking compiled code ... WARNING
> > File ‘ccckc/libs/ccckc.so’:
> > Found ‘sprintf’, possibly from ‘sprintf’ (C)
> > Object: ‘criteria.o’
> >
> > Compiled code should not call entry points which might terminate R nor
> > write to stdout/stderr instead of to the console, nor use Fortran I/O
> > nor system RNGs nor [v]sprintf.
> > See ‘Writing portable packages’ in the ‘Writing R Extensions’ manual.
>
> The package contains both C and Fortran code and in the criteria.c there
> is only a sprintf use, as follows:
>
> sprintf(msg,"criteria: error (%d) -> %s\n", inErr, errStr);
> Rf_error(msg);
> May be the reason of the warning the next line the ‘Writing R Extensions’
> manual?
>
> > Use ofsprintfandvsprintfis regarded as a potential security risk and
> warned about on some platforms.[82](
> https://cran.r-project.org/doc/manuals/R-exts.html#FOOT82)R CMD
> checkreports if any calls are found.
>
> If that is the reason, is there any alternative to the use of sprintf?
> Anyway, what can I do?
>
> Thanks you in advance for your time.
>
> Kind regards,
> Iago
>
> Sent with [Proton Mail](https://proton.me/) secure email.
>         [[alternative HTML version deleted]]
>
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel
>

	[[alternative HTML version deleted]]



More information about the R-package-devel mailing list