[Rd] Potential integer overflow in 'do_mapply'

Suharto Anggono Suharto Anggono suharto_anggono at yahoo.com
Mon Nov 14 17:12:22 CET 2016

Function 'do_mapply' in mapply.c has the following fragment.
    for (int i = 0; i < longest; i++) {

Variable 'longest' is declared as R_xlen_t. Its value can be larger than the maximum int.

In the fragment, when 'longest' is larger than the maximum int, when 'i' reaches the maximum int, i++ will lead to overflow.

More information about the R-devel mailing list