[Rd] Potential integer overflow in 'do_mapply'

Suharto Anggono Suharto Anggono suharto_anggono at yahoo.com
Mon Nov 14 17:12:22 CET 2016

Previous message: [Rd] Read.dcf with no newline ending: gzfile drops last line
Next message: [Rd] creating a long list puts R in a state where many things stop working
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Function 'do_mapply' in mapply.c has the following fragment.
    for (int i = 0; i < longest; i++) {

Variable 'longest' is declared as R_xlen_t. Its value can be larger than the maximum int.

In the fragment, when 'longest' is larger than the maximum int, when 'i' reaches the maximum int, i++ will lead to overflow.

Previous message: [Rd] Read.dcf with no newline ending: gzfile drops last line
Next message: [Rd] creating a long list puts R in a state where many things stop working
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the R-devel mailing list