Karl Millar
2014-Sep-23 19:20 UTC
[Rd] Patch for R to fix some buffer overruns and add a missing PROTECT().
This patch is against current svn and contains three classes of fix: - Ensure the result is properly terminated after calls to strncpy() - Replace calls of sprintf() with snprintf() - Added a PROTECT() call in do_while which could cause memory errors if evaluating the condition results in a warning. Thanks, Karl
Duncan Murdoch
2014-Sep-23 19:42 UTC
[Rd] Patch for R to fix some buffer overruns and add a missing PROTECT().
On 23/09/2014 3:20 PM, Karl Millar wrote:> This patch is against current svn and contains three classes of fix: > - Ensure the result is properly terminated after calls to strncpy() > - Replace calls of sprintf() with snprintf() > - Added a PROTECT() call in do_while which could cause memory > errors if evaluating the condition results in a warning.Nothing was attached. Generally fixes like this are best sent to bugs.r-project.org, and they receive highest priority if accompanied by code demonstrating why they are needed, i.e. crashes or incorrect results in current R. Those will likely be incorporated as regression tests. Duncan Murdoch
Seemingly Similar Threads
- writeChar potential buffer overrun (PR#5090)
- [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris
- [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris
- Request: Increasing MAX_NUM_DLLS in Rdynload.c
- install_prereq install-unpackaged fails on Debian Buster