[Rd] eval(match.call()) (PR#9339)

p.dalgaard at biostat.ku.dk p.dalgaard at biostat.ku.dk
Sat Nov 4 02:08:56 CET 2006


Bill Dunlap <bill at insightful.com> writes:

> On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote:
>=20
> > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:
> > > > > > x <- quote(match.call())
> > > > > > eval(x)
> > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated
> > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161]
> > > > > /lib/libc.so.6[0x1f0617]
> >
> > > > > does look like something that just Should Not Happen...
>=20
>=20
> I think valgrind shows the problem is in deparse.c:
>     245         strncpy(data, CHAR(STRING_ELT(svec, 0)), 10);
>     246         if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, =
"...");
> You need to put a '\0' into data[10] after that strncpy
> so strcat can find the end of the string when the length
> of the copied string is >=3D10.  It currently runs into
> uninitialized memory at the end of ".Primitive".
>=20
> (This is in a copy of R source from June 2006.)

Now fixed in 2.4.0 Patched and the development version.

--=20
   O__  ---- Peter Dalgaard             =C3=98ster Farimagsgade 5, Entr.B
  c/ /'_ --- Dept. of Biostatistics     PO Box 2099, 1014 Cph. K
 (*) \(*) -- University of Copenhagen   Denmark          Ph:  (+45) 35327918
~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk)                  FAX: (+45) 35327907



More information about the R-devel mailing list