Re: [Rd] eval(match.call()) (PR#9339)

From: Bill Dunlap <bill_at_insightful.com>
Date: Fri 03 Nov 2006 - 22:14:09 GMT

On Fri, 3 Nov 2006 marc_schwartz@comcast.net wrote:

> > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > x <- quote(match.call())
> > > > > eval(x)
> > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > /lib/libc.so.6[0x1f0617]
>
> > > > does look like something that just Should Not Happen...

I think valgrind shows the problem is in deparse.c:

    245         strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
    246         if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "...");
You need to put a '\0' into data[10] after that strncpy so strcat can find the end of the string when the length of the copied string is >=10. It currently runs into uninitialized memory at the end of ".Primitive".

(This is in a copy of R source from June 2006.)



Bill Dunlap
Insightful Corporation
bill at insightful dot com
360-428-8146

 "All statements in this message represent the opinions of the author and do  not necessarily reflect Insightful Corporation policy or position."



R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Sat Nov 04 09:16:58 2006

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.1.8, at Sat 04 Nov 2006 - 01:30:34 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.