Full_Name: Justin Harrington Version: 2.4.0 OS: Fedora Core 6 Submission from: (NULL) (142.103.121.203) When I type the (albeit stupid) command eval(match.call()) R crashes with the following messages (truncated): *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated The complete output is available at http://md.stat.ubc.ca/Routput.txt For reference, here are the results from version: platform i686-redhat-linux-gnu arch i686 os linux-gnu system i686, linux-gnu status major 2 minor 4.0 year 2006 month 10 day 03 svn rev 39566 language R version.string R version 2.4.0 (2006-10-03) and my version of R was installed using yum from the fedora repositories.
On Fri, 2006-11-03 at 20:49 +0100, harringt at stat.ubc.ca wrote:> Full_Name: Justin Harrington > Version: 2.4.0 > OS: Fedora Core 6 > Submission from: (NULL) (142.103.121.203) > > > When I type the (albeit stupid) command > > eval(match.call()) > > R crashes with the following messages (truncated): > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > The complete output is available at http://md.stat.ubc.ca/Routput.txt > > For reference, here are the results from version: > > platform i686-redhat-linux-gnu > arch i686 > os linux-gnu > system i686, linux-gnu > status > major 2 > minor 4.0 > year 2006 > month 10 > day 03 > svn rev 39566 > language R > version.string R version 2.4.0 (2006-10-03) > > and my version of R was installed using yum from the fedora repositories.Hmmm.... I cannot replicate this using: R version 2.4.0 Patched (2006-10-03 r39576) on FC5:> eval(match.call())Error in match.call(definition, call, expand.dots) : '.Primitive...' is not a function I'm not running "Zod" yet, but: 1. There have been LOTS of updates to FC6 since release from watching the FC lists. I would be sure that your system is fully updated. 2. You might want to see if compiling and installing 2.4.0 patched from CRAN resolves this behavior at all, though I do not see anything readily evident in the NEWS file to suggest that any fixes are relevant here. 3. If neither of those do anything, it would be worthwhile to file a bug report at RH's Bugzilla against R to see if there is something unique in the version that they are creating in Fedora Extras. Tom Callaway, RH's maintainer for R, does read r-devel, so he may pipe in here also. I have cc'd him on this reply.>From the BT you provided, this looks like it could be a libreadlineissue perhaps. HTH, Marc Schwartz
harringt at stat.ubc.ca writes:> Full_Name: Justin Harrington > Version: 2.4.0 > OS: Fedora Core 6 > Submission from: (NULL) (142.103.121.203) > > > When I type the (albeit stupid) command > > eval(match.call()) > > R crashes with the following messages (truncated): > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminatedYes, don't do that then ;-) Part of the puzzle is that> match.call()match.call() which looks like something with potential for infinite recursion, but that doesn't seem to be issue since> f <- function(call = sys.call(sys.parent()))call > f()f()> eval(f())f() does not exhibit the same crash. And indeed> x <- quote(match.call()) > eval(x)*** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated ======= Backtrace: ========/lib/libc.so.6(__chk_fail+0x41)[0x1f1161] /lib/libc.so.6[0x1f0617] does look like something that just Should Not Happen...> The complete output is available at http://md.stat.ubc.ca/Routput.txt > > For reference, here are the results from version: > > platform i686-redhat-linux-gnu > arch i686 > os linux-gnu > system i686, linux-gnu > status > major 2 > minor 4.0 > year 2006 > month 10 > day 03 > svn rev 39566 > language R > version.string R version 2.4.0 (2006-10-03) > > and my version of R was installed using yum from the fedora repositories.Ah, thanks. Sufficient information for once... -- O__ ---- Peter Dalgaard ?ster Farimagsgade 5, Entr.B c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K (*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918 ~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk) FAX: (+45) 35327907
On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote:> harringt at stat.ubc.ca writes: > > > Full_Name: Justin Harrington > > Version: 2.4.0 > > OS: Fedora Core 6 > > Submission from: (NULL) (142.103.121.203) > > > > > > When I type the (albeit stupid) command > > > > eval(match.call()) > > > > R crashes with the following messages (truncated): > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > Yes, don't do that then ;-)Indeed... ;-)> Part of the puzzle is that > > > match.call() > match.call() > > which looks like something with potential for infinite recursion, but > that doesn't seem to be issue since > > > f <- function(call = sys.call(sys.parent()))call > > f() > f() > > eval(f()) > f() > > does not exhibit the same crash. And indeed > > > x <- quote(match.call()) > > eval(x) > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > ======= Backtrace: ========> /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > /lib/libc.so.6[0x1f0617] > > does look like something that just Should Not Happen...Peter, are you on FC6? On FC5, I cannot replicate your crash:> x <- quote(match.call()) > eval(x)Error in match.call(definition, call, expand.dots) : '.Primitive...' is not a function ? Regards, Marc
Marc Schwartz <marc_schwartz at comcast.net> writes:> On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: > > harringt at stat.ubc.ca writes: > >=20 > > > Full_Name: Justin Harrington > > > Version: 2.4.0 > > > OS: Fedora Core 6 > > > Submission from: (NULL) (142.103.121.203) > > >=20 > > >=20 > > > When I type the (albeit stupid) command > > >=20 > > > eval(match.call()) > > >=20 > > > R crashes with the following messages (truncated): > > >=20 > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > >=20 > > Yes, don't do that then ;-) >=20 > Indeed... ;-) >=20 > > Part of the puzzle is that > >=20 > > > match.call() > > match.call() > >=20 > > which looks like something with potential for infinite recursion, but > > that doesn't seem to be issue since > >=20 > > > f <- function(call =3D sys.call(sys.parent()))call > > > f() > > f() > > > eval(f()) > > f() > >=20 > > does not exhibit the same crash. And indeed > >=20 > > > x <- quote(match.call()) > > > eval(x) > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > =3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > > /lib/libc.so.6[0x1f0617] > >=20 > > does look like something that just Should Not Happen... >=20 > Peter, are you on FC6? >=20 > On FC5, I cannot replicate your crash: >=20 > > x <- quote(match.call()) > > eval(x) > Error in match.call(definition, call, expand.dots) : > '.Primitive...' is not a function >=20 > ?Yes, I'm on FC6 since yum had updated the 1229 packages this morning. I see the crash with the FC6 RPM but not with a self-compiled R-patched. --=20 O__ ---- Peter Dalgaard =C3=98ster Farimagsgade 5, Entr.B c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K (*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918 ~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk) FAX: (+45) 35327907
On Fri, 2006-11-03 at 22:41 +0100, p.dalgaard at biostat.ku.dk wrote:> Marc Schwartz <marc_schwartz at comcast.net> writes:<snip>> > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: > > > > x <- quote(match.call()) > > > > eval(x) > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > > > /lib/libc.so.6[0x1f0617]> > > does look like something that just Should Not Happen...> > Peter, are you on FC6? > > On FC5, I cannot replicate your crash: > > > x <- quote(match.call()) > > > eval(x) > > Error in match.call(definition, call, expand.dots) : > > '.Primitive...' is not a function > > ? > > Yes, I'm on FC6 since yum had updated the 1229 packages this morning. > > I see the crash with the FC6 RPM but not with a self-compiled R-patched.Are you using Martyn's RPM or Extras? Just wondering if there is any difference. In theory, I suppose, given the prior communications with Tom, there shouldn't be. Also, was this a clean install of FC6 or an "in place upgrade" of FC5. Officially, FC does not support the latter and I have seen mixed comments on the FC lists pertaining to that path and associated issues. Marc
Peter Dalgaard wrote:> Marc Schwartz <marc_schwartz at comcast.net> writes: > > >> On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: >> >>> harringt at stat.ubc.ca writes: >>> >>> >>>> Full_Name: Justin Harrington >>>> Version: 2.4.0 >>>> OS: Fedora Core 6 >>>> Submission from: (NULL) (142.103.121.203) >>>> >>>> >>>> When I type the (albeit stupid) command >>>> >>>> eval(match.call()) >>>> >>>> R crashes with the following messages (truncated): >>>> >>>> *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated >>>> >>> Yes, don't do that then ;-) >>> >> Indeed... ;-) >> >> >>> Part of the puzzle is that >>> >>> >>>> match.call() >>>> >>> match.call() >>> >>> which looks like something with potential for infinite recursion, but >>> that doesn't seem to be issue since >>> >>> >>>> f <- function(call = sys.call(sys.parent()))call >>>> f() >>>> >>> f() >>> >>>> eval(f()) >>>> >>> f() >>> >>> does not exhibit the same crash. And indeed >>> >>> >>>> x <- quote(match.call()) >>>> eval(x) >>>> >>> *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated >>> ======= Backtrace: ========>>> /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] >>> /lib/libc.so.6[0x1f0617] >>> >>> does look like something that just Should Not Happen... >>> >> Peter, are you on FC6? >> >> On FC5, I cannot replicate your crash: >> >> >>> x <- quote(match.call()) >>> eval(x) >>> >> Error in match.call(definition, call, expand.dots) : >> '.Primitive...' is not a function >> >> ? >> > > Yes, I'm on FC6 since yum had updated the 1229 packages this morning. > > I see the crash with the FC6 RPM but not with a self-compiled R-patched. > >For what it's worth, I also get the same error when trying it on my (freshly updated) FC4 machine (Linux md.stat.ubc.ca 2.6.17-1.2142_FC4 #1 Tue Jul 11 22:41:14 EDT 2006 i686 i686 i386 GNU/Linux) with R version 2.4.0 (2006-10-03) Justin
On Fri, 2006-11-03 at 14:14 -0800, Bill Dunlap wrote:> On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote: > > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: > > > > > > x <- quote(match.call()) > > > > > > eval(x) > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > > > > > /lib/libc.so.6[0x1f0617] > > > > > > > does look like something that just Should Not Happen... > > > I think valgrind shows the problem is in deparse.c: > 245 strncpy(data, CHAR(STRING_ELT(svec, 0)), 10); > 246 if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "..."); > You need to put a '\0' into data[10] after that strncpy > so strcat can find the end of the string when the length > of the copied string is >=10. It currently runs into > uninitialized memory at the end of ".Primitive". > > (This is in a copy of R source from June 2006.)The code is the same, but a couple of lines off in my copy from R 2.4.0 patched. Now lines 247 and 248. Thanks Bill. This would help to explain the difference in behaviors observed. Regards, Marc
Bill Dunlap <bill at insightful.com> writes:> On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote: >=20 > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: > > > > > > x <- quote(match.call()) > > > > > > eval(x) > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > > > > > /lib/libc.so.6[0x1f0617] > > > > > > > does look like something that just Should Not Happen... >=20 >=20 > I think valgrind shows the problem is in deparse.c: > 245 strncpy(data, CHAR(STRING_ELT(svec, 0)), 10); > 246 if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "..."); > You need to put a '\0' into data[10] after that strncpy > so strcat can find the end of the string when the length > of the copied string is >=3D10. It currently runs into > uninitialized memory at the end of ".Primitive". >=20 > (This is in a copy of R source from June 2006.)Now fixed in 2.4.0 Patched and the development version. --=20 O__ ---- Peter Dalgaard =C3=98ster Farimagsgade 5, Entr.B c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K (*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918 ~~~~~~~~~~ - (p.dalgaard at biostat.ku.dk) FAX: (+45) 35327907
On Sat, 2006-11-04 at 02:08 +0100, Peter Dalgaard wrote:> Bill Dunlap <bill at insightful.com> writes: > > > On Fri, 3 Nov 2006 marc_schwartz at comcast.net wrote: > > > > > > > On Fri, 2006-11-03 at 21:15 +0100, Peter Dalgaard wrote: > > > > > > > x <- quote(match.call()) > > > > > > > eval(x) > > > > > > *** buffer overflow detected ***: /usr/lib/R/bin/exec/R terminated > > > > > > /lib/libc.so.6(__chk_fail+0x41)[0x1f1161] > > > > > > /lib/libc.so.6[0x1f0617] > > > > > > > > > does look like something that just Should Not Happen... > > > > > > I think valgrind shows the problem is in deparse.c: > > 245 strncpy(data, CHAR(STRING_ELT(svec, 0)), 10); > > 246 if (strlen(CHAR(STRING_ELT(svec, 0))) > 10) strcat(data, "..."); > > You need to put a '\0' into data[10] after that strncpy > > so strcat can find the end of the string when the length > > of the copied string is >=10. It currently runs into > > uninitialized memory at the end of ".Primitive". > > > > (This is in a copy of R source from June 2006.) > > Now fixed in 2.4.0 Patched and the development version.Just a quick heads up here, that Tom Callaway has updated the Fedora Extras RPMS to fix the buffer overflow, based upon a post to the FE CVS mailing list last night. This is for FC4, FC5 and FC6. So you can update to these when they appear on FE mirrors in due course. It looks like these should be labelled as 2.4.0-2. Thanks to all. Regards, Marc
Reasonably Related Threads
- Inconsistency in gsub in R.2.6.2 (PR#10978)
- using mle2 for multinomial model optimization
- Help with graphing impulse response functions
- RFC: [SmallVector] Adding SVec<T> and Vec<T> convenience wrappers.
- RFC: [SmallVector] Adding SVec<T> and Vec<T> convenience wrappers.