load() -> segfault (PR#117)

warnes@biostat.washington.edu warnes@biostat.washington.edu
Tue, 9 Feb 1999 03:11:34 +0100

OK.  Now that I've saved the results of some simulations using the save()
patch that I supplied earlier, I've gotten around to finding out why
load segfaults when I try to restore the data.

The reason is that I have several variable names which have
become horribly long during the simulation -- on the order of 20K

save() is perfectly happy to write these variable names out, but load()
segfaults because the "InString" family of functions use fixed size
buffer but don't check for overflow!  The buffer is MAXELTSIZE bytes,
defined in $RHOME/src/inclide/Defn.h as 512. As you would expect,
reading a 20K object into a 512 byte buffer can really mess things up.

As noted in the comments of saveload.c,
    /* FIXME : the fixed size buffer here is an abomination */
but that's not as bad as failing to check for overflow.

I don't really have time to fix this, so for the moment I'm just refining
MAXELTSIZE to 32768 bytes (32K).  This fixes my problem, but is a horrid

Does anyone want to run through saveload.c fixing the code to check for
buffer overruns?   


r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-devel-request@stat.math.ethz.ch