[Rd] list_files() memory corruption?
Alistair Gee
alistair.gee at gmail.com
Tue Mar 16 04:37:35 CET 2010
I think I have a fix that avoids the problem by just growing the
vector as necessary as the directory is traversed (and no longer uses
count_lines()).
I don't have access to the code at the moment, but I should be able to
post the patch tomorrow. Is there interest in my patch?
On Mon, Mar 15, 2010 at 8:06 PM, Seth Falcon <seth at userprimary.net> wrote:
> Hi Alistair,
>
> On 3/12/10 4:37 PM, Alistair Gee wrote:
>> I am using R-2-10 from subversion.
>>
>> In the implementation of do_listfiles() in platform.c, it appears to
>> allocate a vector of length count where count is calculated by
>> count_files(). It then proceeds to call list_files(), passing in the
>> vector but not the value of count. Yet list_files() doesn't seem to
>> check the length of the vector that was allocated.
>>
>> What happens if a new file was added to the file system between the
>> call to count_files() and list_files()? Doesn't this write past the
>> length of the allocated vector?
>
> Good catch. I've added a length check to prevent a problem.
>
> Cheers,
>
> + seth
>
More information about the R-devel
mailing list