Re: [R] crush in edit()

From: Ei-ji Nakama <nakama_at_ki.rim.or.jp>
Date: Wed 18 Oct 2006 - 03:24:45 GMT

It is a problem by stack smashing protector. --- src/modules/X11/dataentry.c.orig 2006-09-04 23:41:34.000000000 +0900 +++ src/modules/X11/dataentry.c 2006-10-18 11:31:43.000000000 +0900
@@ -1046,7 +1046,7 @@

            for(j=0;*(wcspc+j)!=L'\0';j++)wcs[j]=*(wcspc+j);
            wcs[j]=L'\0';
            w_p=wcs;
-           cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(wcs),NULL);
+           cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(s)-1,NULL);
            s[cnt]='\0';
             if (textwidth(s, strlen(s)) < (bw - text_offset)) break;
             *(++wcspc) = L'<';

@@ -1056,7 +1056,7 @@
for(j=0;*(wcspc+j)!=L'\0';j++)wcs[j]=*(wcspc+j); wcs[j]=L'\0'; w_p=wcs; - cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(wcs),NULL); + cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(s)-1,NULL); s[cnt]='\0'; if (textwidth(s, strlen(s)) < (bw - text_offset)) break; *(wcspbuf + i - 2) = L'>';
@@ -1066,7 +1066,7 @@
for(j=0;*(wcspc+j)!=L'\0';j++) wcs[j]=*(wcspc+j); wcs[j]=L'\0'; w_p=wcs;

- cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(wcs),NULL); + cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(s)-1,NULL);

     drawtext(x_pos + text_offset, y_pos + box_h - text_offset, s, cnt);

@@ -2398,6 +2398,7 @@

     int cnt;
     char last_mbs[8];
     char *mbs;

+ size_t bytes;

     mbs = (str == NULL) ? buf : str;

@@ -2411,8 +2412,8 @@

     if(wcs[0] == L'\0') return 0;

     memset(last_mbs, 0, sizeof(last_mbs)); - wcrtomb(last_mbs, wcs[cnt-1], &mb_st); - return(strlen(last_mbs));
+ bytes=wcrtomb(last_mbs, wcs[cnt-1], &mb_st); /* -Wall */ + return(bytes);
 #else

     return(1);
 #endif

2006/10/18, crazybuddy Vincent <crazyvincent@gmail.com>:

> Dear all,
>
> I am new to R system. When I tried to edit data read from a csv file, R
> system crushed, I got an error message as follows:
>
> > edit(data)
> *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> ======= Backtrace: =========
> /lib/libc.so.6(__chk_fail+0x41)[0x49d020b1]
> /lib/libc.so.6[0x49d034a2]
> /usr/lib/R/modules//R_X11.so[0x33ed7a]
> /usr/lib/R/modules//R_X11.so[0x34050d]
> /usr/lib/R/modules//R_X11.so[0x341858]
> /usr/lib/R/modules//R_X11.so(RX11_dataentry+0xa25)[0x342f45]
> /usr/lib/R/lib/libR.so[0xa34675]
> /usr/lib/R/lib/libR.so[0x954ed6]
> /usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x925b23]
> /usr/lib/R/lib/libR.so[0x929ed8]
> /usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x925b23]
> /usr/lib/R/lib/libR.so[0x926a37]
> /usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x925b23]
> /usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x928117]
> /usr/lib/R/lib/libR.so[0x95661f]
> /usr/lib/R/lib/libR.so(Rf_usemethod+0x609)[0x957a89]
> /usr/lib/R/lib/libR.so[0x95825e]
> /usr/lib/R/lib/libR.so(Rf_eval+0x483)[0x925b23]
> /usr/lib/R/lib/libR.so(Rf_applyClosure+0x2a7)[0x928117]
> /usr/lib/R/lib/libR.so(Rf_eval+0x2f4)[0x925994]
> /usr/lib/R/lib/libR.so(Rf_ReplIteration+0x311)[0x945361]
> /usr/lib/R/lib/libR.so[0x945571]
> /usr/lib/R/lib/libR.so(run_Rmainloop+0x60)[0x9458c0]
> /usr/lib/R/lib/libR.so(Rf_mainloop+0x1c)[0x9458ec]
> /usr/lib/R/bin/exec/R(main+0x46)[0x80486f6]
> /lib/libc.so.6(__libc_start_main+0xdc)[0x49c3b4e4]
> /usr/lib/R/bin/exec/R[0x80485f1]
> ======= Memory map: ========
> 00111000-0012f000 r-xp 00000000 fd:00 16943095
> /usr/lib/R/library/grDevices/libs/grDevices.so
> 0012f000-00130000 rwxp 0001d000 fd:00 16943095
> /usr/lib/R/library/grDevices/libs/grDevices.so
> 00130000-00181000 r-xp 00000000 fd:00 16976568
> /usr/lib/R/library/stats/libs/stats.so
> 00181000-00183000 rwxp 00051000 fd:00 16976568
> /usr/lib/R/library/stats/libs/stats.so
> 00339000-00352000 r-xp 00000000 fd:00 15959326   /usr/lib/R/modules/R_X11.so
> 00352000-00353000 rwxp 00018000 fd:00 15959326   /usr/lib/R/modules/R_X11.so
> 00353000-0035f000 rwxp 00353000 00:00 0
> 00480000-00496000 r-xp 00000000 fd:00 15303387   /usr/lib/gconv/SJIS.so
> 00496000-00498000 rwxp 00015000 fd:00 15303387   /usr/lib/gconv/SJIS.so
> 0056e000-00598000 r-xp 00000000 fd:00 16452204   /usr/lib/R/lib/libRblas.so
> 00598000-00599000 rwxp 00029000 fd:00 16452204   /usr/lib/R/lib/libRblas.so
> 00848000-00851000 r-xp 00000000 fd:00 15204401   /lib/libnss_files-2.4.so
> 00851000-00852000 r-xp 00008000 fd:00 15204401   /lib/libnss_files-2.4.so
> 00852000-00853000 rwxp 00009000 fd:00 15204401   /lib/libnss_files-2.4.so
> 00885000-00abd000 r-xp 00000000 fd:00 16452203   /usr/lib/R/lib/libR.so
> 00abd000-00aca000 rwxp 00238000 fd:00 16452203   /usr/lib/R/lib/libR.so
> 00aca000-00b61000 rwxp 00aca000 00:00 0
> 00c47000-00c4d000 r-xp 00000000 fd:00 16944203
> /usr/lib/R/library/methods/libs/methods.so
> 00c4d000-00c4e000 rwxp 00005000 fd:00 16944203
> /usr/lib/R/library/methods/libs/methods.so
> 00eb6000-00f31000 r-xp 00000000 fd:00 15242987
> /usr/lib/libgfortran.so.1.0.0
> 00f31000-00f32000 rwxp 0007b000 fd:00 15242987
> /usr/lib/libgfortran.so.1.0.0
> 00f44000-00f45000 r-xp 00000000 fd:00 15303344   /usr/lib/gconv/ISO8859-1.so
> 00f45000-00f47000 rwxp 00000000 fd:00 15303344   /usr/lib/gconv/ISO8859-1.so
> 08048000-08049000 r-xp 00000000 fd:00 15796032   /usr/lib/R/bin/exec/R
> 08049000-0804a000 rwxp 00000000 fd:00 15796032   /usr/lib/R/bin/exec/R
> 09ef7000-0af9f000 rwxp 09ef7000 00:00 0          [heap]
> 49c08000-49c09000 r-xp 49c08000 00:00 0          [vdso]
> 49c09000-49c22000 r-xp 00000000 fd:00 15206828   /lib/ld-2.4.so
> 49c22000-49c23000 r-xp 00018000 fd:00 15206828   /lib/ld-2.4.so
> 49c23000-49c24000 rwxp 00019000 fd:00 15206828   /lib/ld-2.4.so
> 49c26000-49d53000 r-xp 00000000 fd:00 15206829   /lib/libc-2.4.so
> 49d53000-49d55000 r-xp 0012d000 fd:00 15206829   /lib/libc-2.4.so
> 49d55000-49d56000 rwxp 0012f000 fd:00 15206829   /lib/libc-2.4.so
> 49d56000-49d59000 rwxp 49d56000 00:00 0
> 49d5b000-49d7e000 r-xp 00000000 fd:00 15206830   /lib/libm-2.4.so
> 49d7e000-49d7f000 r-xp 00022000 fd:00 15206830   /lib/libm-2.4.so
> 49d7f000-49d80000 rwxp 00023000 fd:00 15206830   /lib/libm-2.4.so
> 49d82000-49d84000 r-xp 00000000 fd:00 15206831   /lib/libdl-2.4.so
> 49d84000-49d85000 r-xp 00001000 fd:00 15206831   /Aborted
>
> I am using R 2.4.0 i386 on Fedora core 5, any one please help me on this?
>
> Thank you very much.
>
>         [[alternative HTML version deleted]]
>
> ______________________________________________
> R-help@stat.math.ethz.ch mailing list
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.
>
>
>


-- 
EI-JI Nakama  <nakama@ki.rim.or.jp>
"\u4e2d\u9593\u6804\u6cbb"  <nakama@ki.rim.or.jp>

______________________________________________
R-help@stat.math.ethz.ch mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
Received on Wed Oct 18 14:48:26 2006

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.1.8, at Wed 18 Oct 2006 - 05:30:10 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-help. Please read the posting guide before posting to the list.