R devel - Mar 2010 - list_files() memory corruption?

I am using R-2-10 from subversion.

In the implementation of do_listfiles() in platform.c, it appears to
allocate a vector of length count where count is calculated by
count_files(). It then proceeds to call list_files(), passing in the
vector but not the value of count. Yet list_files() doesn't seem to
check the length of the vector that was allocated.

What happens if a new file was added to the file system between the
call to count_files() and list_files()? Doesn't this write past the
length of the allocated vector?

--

Hi Alistair,

On 3/12/10 4:37 PM, Alistair Gee wrote:
> I am using R-2-10 from subversion.
> 
> In the implementation of do_listfiles() in platform.c, it appears to
> allocate a vector of length count where count is calculated by
> count_files(). It then proceeds to call list_files(), passing in the
> vector but not the value of count. Yet list_files() doesn't seem to
> check the length of the vector that was allocated.
> 
> What happens if a new file was added to the file system between the
> call to count_files() and list_files()? Doesn't this write past the
> length of the allocated vector?
Good catch.  I've added a length check to prevent a problem.

Cheers,

+ seth