[Rd] segfault on write.dcf with gzfile connection

From: Seth Falcon <sfalcon_at_fhcrc.org>
Date: Sun 27 Nov 2005 - 04:02:21 GMT

I'm seeing a segfault on x86_64 Linux with the following code:

    desc = read.dcf("BAD")
    con = gzfile("test.gz", "wt")
    write.dcf(desc, file=con)
    close(con)

where BAD has a long field (see below for example). The crash happens inside dummy_vfprintf. I think the issue is that the va_list ap is modified by the first vsnprintf call (connections.c:190) and the subsequent vsprintf call (connections.c:194) gets an invalid va_list arg.

The following patch improves things for me, but I've not tested on other platforms.

Index: connections.c

---

• connections.c (revision 36434) +++ connections.c (working copy) @@ -186,8 +186,11 @@ { char buf[BUFSIZE], *b = buf, *vmax = vmaxget(); int res, usedRalloc = FALSE;
  + va_list aq;
  
  • res = vsnprintf(buf, BUFSIZE, format, ap);
    + va_copy(aq, ap);
    + res = vsnprintf(buf, BUFSIZE, format, aq);
    + va_end(aq);
    if(res >= BUFSIZE) { /* res is the desired output length */ usedRalloc = TRUE; b = R_alloc(res + 1, sizeof(char));

And here is an example BAD file, but I'm pretty sure any DCF field with a very long value would trigger it:

Description: The package provides and API in R to query BioMart

        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on
        system which produces and maintains automatic annotation on

______________________________________________

R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Sun Nov 27 15:10:47 2005