Re: [Rd] Crash in de()

From: Peter Dalgaard <p.dalgaard_at_biostat.ku.dk>
Date: Mon 17 Apr 2006 - 09:42:12 GMT

Peter Dalgaard <p.dalgaard@biostat.ku.dk> writes:

> Peter Dalgaard <p.dalgaard@biostat.ku.dk> writes:
>
> > Juan Santiago Ramseyer <juan_sr@uol.com.br> writes:
> >
> > > SYSTEM:
> > > ------
> > > CPU: AMD64
> > > MOTHERBOARD: ASUS
> > > OS: FEDORA CORE 5 i64_86
> > >
> > > R SESSION:
> > > ----------
> > > > teste<-list(a=c(1,2,3,4),b=c(2,4,6,8))
> > > > teste
> > > $a
> > > [1] 1 2 3 4
> > >
> > > $b
> > > [1] 2 4 6 8
> > >
> > > > de(teste)
> > > *** buffer overflow detected ***: /usr/lib64/R/bin/exec/R terminated
> >
> > Yes, I see this too with the Fedora Extras 5 RPM on i386.
> >
> > Things like data.entry(airquality) are equally broken.
> >
> > However: It's not happening for me with a current source-compiled
> > r-devel, nor with 2.3.0beta, so it seems like it might be a packaging
> > error.
>
> Correction: I *can* reproduce if I use the Fedora CFLAGS settings, i.e.
>
> -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
> -mtune=generic -fasynchronous-unwind-tables
>
> Presumably it is the -fstack-protector doing its job and we have a
> real bug that just doesn't trigger without it. Will have a look.
>
> (BTW, x<-0; de(x) is sufficient to cause the crash).

OK, got it. The printstring() function in dataentry.c had three instances like

cnt=wcsrtombs(s,(const wchar_t **)&w_p,sizeof(wcs),NULL);

s has length BOOSTED_BUF_SIZE==201 and sizeof(wcs)==804; the third argument is documented to limit the number of bytes copied _to the destination_, so that's clearly not right. Apparently, the check is preemptive since the actual strings involved are nowhere near the buffer limits. Replacing the 3rd argument with BOOSTED_BUF_SIZE-1 seems to do the trick.

Will fix for tomorrows 2.3.0 RC (we're in code freeze, but I think this counts as a critical as well as trivial fix).

-- 
   O__  ---- Peter Dalgaard             ุster Farimagsgade 5, Entr.B
  c/ /'_ --- Dept. of Biostatistics     PO Box 2099, 1014 Cph. K
 (*) \(*) -- University of Copenhagen   Denmark          Ph:  (+45) 35327918
~~~~~~~~~~ - (p.dalgaard@biostat.ku.dk)                  FAX: (+45) 35327907

______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Received on Mon Apr 17 19:44:46 2006

This archive was generated by hypermail 2.1.8 : Mon 17 Apr 2006 - 14:17:45 GMT