[R-pkg-devel] Non-reproducible ASAN flagged issue
Tomas Kalibera
tom@@@k@||ber@ @end|ng |rom gm@||@com
Wed Dec 18 13:43:44 CET 2024
On 12/17/24 20:26, David Cortes wrote:
> I am seeing a curious error in an ASAN package check which is not
> reproducible in the r-debug containers
> (https://github.com/wch/r-debug), and which I'm suspecting might be a
> compiler bug.
>
> Wanted to ask for a second opinion on whether this could actually be a
> compiler bug or a real bug in the package, and if the former, how
> should I reply to the email from CRAN about fixing the issues from the
> checks in the package.
In principle, if you run into something you suspect to be a bug in the
compiler (or perhaps rather C++ library), the best course of action is
to narrow it down to a minimal reproducible example (no R, no R package,
just tiny C/C++ standalone code). And then report that to the
compiler/C++ library developers. With such a minimal example, I would
expect one would get a quick response from the developers on whether it
is actually a bug or the code is wrong. Also, on the way of narrowing
down, one might figure out the problem (if in the package). And if
confirmed compiler/C++ library/etc bug by the corresponding developers,
then I would let the CRAN team know.
Best
Tomas
>
> In more detail, in the ASAN logs here:
> https://cran.r-project.org/web/checks/check_results_isotree.html
>
> It mentions detecting a global-buffer-overflow during a read, which
> happens in the contents of a string literal that's used as constructor
> for 'std::regex':
> https://github.com/david-cortes/isotree/blob/1f84128a03bb6fc5eecd1de7aebf4b745b54fa1e/src/formatted_exporters.cpp#L332C13-L332C31
> std::regex_replace(s, std::regex("\""), "\\\"")
>
> I'm not understanding how it could possibly cause an overflow from
> either constructing an 'std::regex' with a string literal, or from
> passing the result of it to 'std::regex_replace' with C++ strings - it
> looks like it should be an impossible situation.
>
> The values for argument 's' (the 'std::string' where to make
> replacements in the 'std::regex_replace' call which receives the
> 'std::regex' object) which are seen during the example that gets
> flagged by ASAN do not have anything special - their contents are one
> of the following: "column_1", "column_2", "column_3" - and they are all
> obtained from a call to 'Rcpp::as<std::vector<std::string>>' on an R
> character vector, which should rule out issues with e.g. missing null
> termination, wrong size, and similar:
> https://github.com/david-cortes/isotree/blob/1f84128a03bb6fc5eecd1de7aebf4b745b54fa1e/src/Rwrapper.cpp#L1975
>
> Help here would be appreciated.
>
> Best,
> David Cortes
>
> ______________________________________________
> R-package-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel
More information about the R-package-devel
mailing list