[Rd] sprintf("%s\n", a) segfaults R with big a (PR#7554)

Prof Brian Ripley ripley at stats.ox.ac.uk
Mon Jan 24 09:57:43 CET 2005

On Sat, 22 Jan 2005 webb.sprague at gmail.com wrote:

> Full_Name: Webb S.
> Version: 2.0.1
> OS: Linux Debian
> Submission from: (NULL) (
> Transcript:
>> b = 'a small string'
>> sprintf('foo: %s\n', b)
> [1] "foo: a small string\n"
>> a = matrix (ncol=100, nrow=1000, data=c(1,2,3,4,5))
>> a.serial = serialize(a, NULL, ascii=TRUE)
>> sprintf('foo: %s\n', a.serial)

> Segmentation fault
> peeir:/usr/local/src/R-2.0.1#
> I don't have a core dump to send--sorry.  If I have time, I will try to debug
> it, but I probably won't be able to....

Well, that's what C sprintf does, and R has

 		case STRSXP:
 		    /* NA_STRING will be printed as `NA' */
 		    if (strcspn(fmt, "s") >= strlen(fmt))
 			error("%s", "use format %s for character objects");
 		    sprintf(bit, fmt, CHAR(STRING_ELT(CAR(args), 0)));

so no check on size of string inputs (just like C-level sprintf).

The short answer is `don't do that', but as R does guarantee to have
snprintf we will make use of it.

Brian D. Ripley,                  ripley at stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-devel mailing list