[Rd] list_files() memory corruption?
seth at userprimary.net
Tue Mar 16 04:06:58 CET 2010
On 3/12/10 4:37 PM, Alistair Gee wrote:
> I am using R-2-10 from subversion.
> In the implementation of do_listfiles() in platform.c, it appears to
> allocate a vector of length count where count is calculated by
> count_files(). It then proceeds to call list_files(), passing in the
> vector but not the value of count. Yet list_files() doesn't seem to
> check the length of the vector that was allocated.
> What happens if a new file was added to the file system between the
> call to count_files() and list_files()? Doesn't this write past the
> length of the allocated vector?
Good catch. I've added a length check to prevent a problem.
More information about the R-devel