Suharto Anggono Suharto Anggono
2016-Nov-14 16:12 UTC
[Rd] Potential integer overflow in 'do_mapply'
Function 'do_mapply' in mapply.c has the following fragment. for (int i = 0; i < longest; i++) { Variable 'longest' is declared as R_xlen_t. Its value can be larger than the maximum int. In the fragment, when 'longest' is larger than the maximum int, when 'i' reaches the maximum int, i++ will lead to overflow.