Bugzilla – Bug 14571
recursive c() can exceed vector length limit and crash
Last modified: 2011-05-03 20:54:20 UTC
a=lapply(1:5000, function(...) x)
AnswerType() in main/bind.c doesn't check data->ans_length overflow and thus if the resulting overflows and size seems valid, do_c_dflt() will happily try to write elements beyond the size of the resulting vector.
(originally reported as "R 2.13 segfault with range()" by Terry Therneau on R-devel)