Re: [Rd] eval(match.call()) (PR#9339)

From: <marc_schwartz_at_comcast.net>
Date: Sat 04 Nov 2006 - 15:44:39 GMT


On Sat, 2006-11-04 at 02:08 +0100, Peter Dalgaard wrote:
> Bill Dunlap <bill@insightful.com> writes:
>
> > On Fri, 3 Nov 2006 marc_schwartz@comcast.net wrote:
> >
> > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > > > x <- quote(match.call())
> > > > > > > eval(x)
> > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > > > /lib/libc.so.6[0x1f0617]
> > >
> > > > > > does look like something that just Should Not Happen...
> >
> >
> > I think valgrind shows the problem is in deparse.c:
> > 245 strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
> > 246 if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "...");
> > You need to put a '\0' into data[10] after that strncpy
> > so strcat can find the end of the string when the length
> > of the copied string is >=10. It currently runs into
> > uninitialized memory at the end of ".Primitive".
> >
> > (This is in a copy of R source from June 2006.)
>
> Now fixed in 2.4.0 Patched and the development version.

Just a quick heads up here, that Tom Callaway has updated the Fedora Extras RPMS to fix the buffer overflow, based upon a post to the FE CVS mailing list last night. This is for FC4, FC5 and FC6.

So you can update to these when they appear on FE mirrors in due course. It looks like these should be labelled as 2.4.0-2.

Thanks to all.

Regards,

Marc



R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Sun Nov 05 02:51:05 2006

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.1.8, at Sat 04 Nov 2006 - 16:30:33 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.