Re: [Rd] list_files() memory corruption?

From: Alistair Gee <alistair.gee_at_gmail.com>
Date: Mon, 15 Mar 2010 20:37:35 -0700

I think I have a fix that avoids the problem by just growing the vector as necessary as the directory is traversed (and no longer uses count_lines()).

I don't have access to the code at the moment, but I should be able to post the patch tomorrow. Is there interest in my patch?

On Mon, Mar 15, 2010 at 8:06 PM, Seth Falcon <seth_at_userprimary.net> wrote:
> Hi Alistair,
>
> On 3/12/10 4:37 PM, Alistair Gee wrote:
>> I am using R-2-10 from subversion.
>>
>> In the implementation of do_listfiles() in platform.c, it appears to
>> allocate a vector of length count where count is calculated by
>> count_files(). It then proceeds to call list_files(), passing in the
>> vector but not the value of count. Yet list_files() doesn't seem to
>> check the length of the vector that was allocated.
>>
>> What happens if a new file was added to the file system between the
>> call to count_files() and list_files()? Doesn't this write past the
>> length of the allocated vector?
>
> Good catch.  I've added a length check to prevent a problem.
>
> Cheers,
>
> + seth
>



R-devel_at_r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel Received on Tue 16 Mar 2010 - 03:39:16 GMT

Archive maintained by Robert King, hosted by the discipline of statistics at the University of Newcastle, Australia.
Archive generated by hypermail 2.2.0, at Tue 16 Mar 2010 - 07:21:08 GMT.

Mailing list information is available at https://stat.ethz.ch/mailman/listinfo/r-devel. Please read the posting guide before posting to the list.

list of date sections of archive