[Rd] %s in filename when opening device causes crash (PR#10571)
Prof Brian Ripley
ripley at stats.ox.ac.uk
Mon Jan 14 19:32:38 CET 2008
On Mon, 14 Jan 2008, Peter Dalgaard wrote:
> ripley at stats.ox.ac.uk wrote:
>> On Mon, 14 Jan 2008, richard.cotton at hsl.gov.uk wrote:
>>
>>
>>> Full_Name: Richard Cotton
>>> Version: 2.6.1
>>> OS: Windows XP (32bit)
>>> Submission from: (NULL) (193.119.236.82)
>>>
>>>
>>> Using %s in a filename when opening a device causes R to crash, e.g.,
>>>
>>> pdf("foo%s.pdf")
>>> win.metafile("foo%s.wmf")
>>> postscript("foo%s.ps")
>>>
>>
>> Do you have a workaround for this? Since that is done at C level, we
>> can't easily trap this (especially on Windows), and the list of possible
>> errors that might cause a crash is rather long.
>>
>> It has been considered as a vulnerability, but there seems no simple
>> solution.
>>
>>
> Yes. The problem is of course that we do want a sprintf() format there
> for "Rplot%03d.pdf" et al. One option would be to escape "%" except
> when in (regexp) "%[0-9]*d", which seems nontrivial, but not impossible.
But there are other integer formats (%i, %u, %x, %X), and other flags (#
might be useful). So the list of valid inputs is also rather long. It
would be tedious to do at C level, but a check in the R-level wrapper
would be easier (if not 'simple').
BTW, this occurs in other places, e.g. the title argument of quartz() and,
from R-devel, X11().
--
Brian D. Ripley, ripley at stats.ox.ac.uk
Professor of Applied Statistics, http://www.stats.ox.ac.uk/~ripley/
University of Oxford, Tel: +44 1865 272861 (self)
1 South Parks Road, +44 1865 272866 (PA)
Oxford OX1 3TG, UK Fax: +44 1865 272595
More information about the R-devel
mailing list