Re: [Rd] segfault on write.dcf with gzfile connection

From: Prof Brian Ripley <ripley_at_stats.ox.ac.uk>
Date: Sun 27 Nov 2005 - 09:40:02 GMT

Unfortunately va_copy is an ISO C99 function, so not always available.

Please do heed the posting guide and give us real details of your OS and compiler, as they do matter here (stdarg.h is often compiler-specific).

On Sat, 26 Nov 2005, Seth Falcon wrote:

> I'm seeing a segfault on x86_64 Linux with the following code:
>
> desc = read.dcf("BAD")
> con = gzfile("test.gz", "wt")
> write.dcf(desc, file=con)
> close(con)
>
> where BAD has a long field (see below for example). The crash happens
> inside dummy_vfprintf. I think the issue is that the va_list ap is
> modified by the first vsnprintf call (connections.c:190) and the
> subsequent vsprintf call (connections.c:194) gets an invalid va_list
> arg.
>
> The following patch improves things for me, but I've not tested on
> other platforms.
>
>
> Index: connections.c
> ===================================================================
> --- connections.c (revision 36434)
> +++ connections.c (working copy)
> @@ -186,8 +186,11 @@
> {
> char buf[BUFSIZE], *b = buf, *vmax = vmaxget();
> int res, usedRalloc = FALSE;
> + va_list aq;
>
> - res = vsnprintf(buf, BUFSIZE, format, ap);
> + va_copy(aq, ap);
> + res = vsnprintf(buf, BUFSIZE, format, aq);
> + va_end(aq);
> if(res >= BUFSIZE) { /* res is the desired output length */
> usedRalloc = TRUE;
> b = R_alloc(res + 1, sizeof(char));
>
>
> And here is an example BAD file, but I'm pretty sure any DCF field
> with a very long value would trigger it:
>
>
> Description: The package provides and API in R to query BioMart
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
> system which produces and maintains automatic annotation on
>
> ______________________________________________
> R-devel@r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
>
>

-- 
Brian D. Ripley,                  ripley@stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Received on Sun Nov 27 20:44:48 2005

This archive was generated by hypermail 2.1.8 : Mon 20 Feb 2006 - 03:21:34 GMT