Re: [Rd] segfault during cbind

From: Prof Brian Ripley <ripley_at_stats.ox.ac.uk>
Date: Thu, 21 Jun 2007 22:28:15 +0100 (BST)

On Thu, 21 Jun 2007, Martin Morgan wrote:

> Yes, that seems to do the trick, for both seg fault and valgrind!
> Thanks very much.

Thanks: this and a similar one elsewhere seem long-standing bugs in bind.c Will commit shortly.

>
> Martin
>
> Prof Brian Ripley <ripley_at_stats.ox.ac.uk> writes:
>
>> I think it needs to be
>>
>> case LISTSXP:
>> PROTECT(u = coerceVector(u, mode));
>> k = LENGTH(u);
>> idx = (!isMatrix(u)) ? rows : k;
>> for (i = 0; i < idx; i++)
>> SET_VECTOR_ELT(result, n++,
>> duplicate(VECTOR_ELT(u, i % k)));
>> UNPROTECT(1);
>> break;
>>
>> around 1258 in bind.c. Can you test that please?
>>
>>
>> On Thu, 21 Jun 2007, Martin Morgan wrote:
>>
>>> The following code results in a seg fault.
>>>
>>>> sessionInfo()
>>> R version 2.6.0 Under development (unstable) (2007-06-21 r42013)
>>> x86_64-unknown-linux-gnu
>>>
>>> locale:
>>> LC_CTYPE=en_US;LC_NUMERIC=C;LC_TIME=en_US;LC_COLLATE=en_US;LC_MONETARY=en_US;LC_MESSAGES=en_US;LC_PAPER=en_US;LC_NAME=C;LC_ADDRESS=C;LC_TELEPHONE=C;LC_MEASUREMENT=en_US;LC_IDENTIFICATION=C
>>>
>>> attached base packages:
>>> [1] stats graphics grDevices utils datasets methods base
>>>> csvFile <- read.csv("Barley1.na22.annot.csv", as.is=TRUE, na.strings="---")
>>>> probe <- csvFile[,1]
>>>> gb <- csvFile[, 9]
>>>> rm(csvFile)
>>>> gb <- lapply(unlist(gb),
>>> + function(x) toupper(strsplit(x,"\\.")[[1]][1]))
>>>> id_file <- cbind(probe,gb)
>>>
>>> *** caught segfault ***
>>> address 0x2c9f0, cause 'memory not mapped'
>>>
>>> Traceback:
>>> 1: cbind(probe, gb)
>>> 2: makeBasefiles("Barley1.na22.annot.csv")
>>> aborting ...
>>> Segmentation fault
>>>
>>> valgrind says
>>>
>>> ==25398== Invalid read of size 8
>>> ==25398== at 0x4E7BB2D: cbind (bind.c:1258)
>>> ==25398== by 0x4E7B430: do_bind (bind.c:1113)
>>> ==25398== by 0x4F42A1B: do_internal (names.c:1116)
>>> ==25398== by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398== by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>> ==25398== by 0x4EF988D: Rf_eval (eval.c:507)
>>> ==25398== by 0x4EFC3E0: do_set (eval.c:1404)
>>> ==25398== by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398== by 0x4EFB866: do_begin (eval.c:1156)
>>> ==25398== by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398== by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>> ==25398== by 0x4EF988D: Rf_eval (eval.c:507)
>>> ==25398== Address 0x8F46010 is 72,976 bytes inside a block of size 182,760 free'd
>>> ==25398== at 0x4C226DB: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
>>> ==25398== by 0x4F2D848: ReleaseLargeFreeVectors (memory.c:760)
>>> ==25398== by 0x4F359E9: RunGenCollect (memory.c:1378)
>>> ==25398== by 0x4F38938: R_gc_internal (memory.c:2171)
>>> ==25398== by 0x4F38046: Rf_allocVector (memory.c:1961)
>>> ==25398== by 0x4EDE779: duplicate1 (duplicate.c:221)
>>> ==25398== by 0x4EDD698: Rf_duplicate (duplicate.c:115)
>>> ==25398== by 0x4E7BB34: cbind (bind.c:1258)
>>> ==25398== by 0x4E7B430: do_bind (bind.c:1113)
>>> ==25398== by 0x4F42A1B: do_internal (names.c:1116)
>>> ==25398== by 0x4EF959B: Rf_eval (eval.c:463)
>>> ==25398== by 0x4EF9F91: Rf_applyClosure (eval.c:666)
>>>
>>> gdb says
>>>
>>> (gdb) backtrace
>>> #0 0x00002b2dfe6940c9 in duplicate1 (s=0x2c9f0)
>>> at /home/mtmorgan/src/R-devel/src/main/duplicate.c:134
>>> #1 0x00002b2dfe694035 in Rf_duplicate (s=0x2c9f0)
>>> at /home/mtmorgan/src/R-devel/src/main/duplicate.c:115
>>> #2 0x00002b2dfe632555 in cbind (call=0xaaba48, args=0xb6abf0, mode=19,
>>> rho=0xb6ba40, deparse_level=1)
>>> at /home/mtmorgan/src/R-devel/src/main/bind.c:1263
>>> #3 0x00002b2dfe631e51 in do_bind (call=0xaaba48, op=0x62f950, args=0xb6abf0,
>>> env=0xb6ba40) at /home/mtmorgan/src/R-devel/src/main/bind.c:1113
>>> #4 0x00002b2dfe6f93d4 in do_internal (call=0xaabab8, op=0x62d028,
>>> args=0xaaba10, env=0xb6ba40)
>>> at /home/mtmorgan/src/R-devel/src/main/names.c:1115
>>>
>>> and
>>>
>>> (gdb) up
>>> #2 0x00002b2dfe632555 in cbind (call=0xaaba48, args=0xb6abf0, mode=19,
>>> rho=0xb6ba40, deparse_level=1)
>>> at /home/mtmorgan/src/R-devel/src/main/bind.c:1263
>>> (gdb) p i
>>> $7 = 22839
>>> (gdb) p idx
>>> $8 = 22840
>>>
>>> Both rm and lapply are needed to trigger the fault; an R level gc()
>>> before the final line 'cures' the fault (and the valgind complaint).
>>>
>>> The data file is available (with free registration) at
>>>
>>> https://www.affymetrix.com/support/file_download.affx?onloadforward=/analysis/downloads/na22/ivt/Barley1.na22.annot.csv.zip
>>>
>>> Martin
>>>
>>
>> --
>> Brian D. Ripley, ripley_at_stats.ox.ac.uk
>> Professor of Applied Statistics, http://www.stats.ox.ac.uk/~ripley/
>> University of Oxford, Tel: +44 1865 272861 (self)
>> 1 South Parks Road, +44 1865 272866 (PA)
>> Oxford OX1 3TG, UK Fax: +44 1865 272595
>
>

-- 
Brian D. Ripley,                  ripley_at_stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

______________________________________________
R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Received on Thu 21 Jun 2007 - 21:36:43 GMT

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Fri 22 Jun 2007 - 10:35:13 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.