[Rd] Using \u2030 in plot axis label -> stack smashing
Prof Brian Ripley
ripley at stats.ox.ac.uk
Tue Sep 19 18:08:51 CEST 2006
On Tue, 19 Sep 2006, Prof Brian Ripley wrote:
> On Tue, 19 Sep 2006, Peter Dalgaard wrote:
>
>> Prof Brian Ripley <ripley at stats.ox.ac.uk> writes:
>>
>>>> Thanks Prof. Ripley and Ei-Ji. I should have mentioned that all the
>>>> versions I reported for were self-compiled, and I did so with the same
>>>> set of flags as the FC5 rpm. Will add that to the list in my head of
>>>> things to report.
>>>
>>> (I think this is probably FC5's flags being over-zealous, but Ei-ji
>>> Nakama may know better.)
>>
>> Probably not all that over-zealous. If you're smashing the stack you're
>> smashing the stack. It's not always fatal, but worth fixing.
>
> But there is no evidence we are smashing the stack, and valgrind found no
> buffer overrun. As far as I can tell (killing a process with no core dump
> makes it hard to trace) this occurs when we copy 4 bytes from a buffer of
> 16 bytes to one of 5 bytes.
Ah, strncpy zero-pads and so assumes that dest has at least n bytes.
This is much clearer from the Solaris man page than the glibc one. So it
is (our usage of) strncpy that is potentially stack-smashing. I guess
that is one of the things valgrind cannot catch.
--
Brian D. Ripley, ripley at stats.ox.ac.uk
Professor of Applied Statistics, http://www.stats.ox.ac.uk/~ripley/
University of Oxford, Tel: +44 1865 272861 (self)
1 South Parks Road, +44 1865 272866 (PA)
Oxford OX1 3TG, UK Fax: +44 1865 272595
More information about the R-devel
mailing list