Bug 14990 - segfault on linux 2.15.1 and OSX 2.15.0
segfault on linux 2.15.1 and OSX 2.15.0
Status: CLOSED FIXED
Product: R
Classification: Unclassified
Component: Low-level
R 2.15.0 patched
x86_64/x64/amd64 (64-bit) Mac OS X v10.6
: P5 minor
Assigned To: R-core
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-14 00:35 UTC by ivo welch
Modified: 2012-07-15 22:06 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ivo welch 2012-07-14 00:35:15 UTC
The following is a highly distilled version of a bug I ran into:

crap <- Sys.glob("notexistingfile")
dienow <- function(x) (length(Sys.glob(x)))
dienow(crap[1]);


Hope this helps.  Please let me know whether you can replicate the issue.

I marked it as major, because it could be due to some deeper bug.  I can work around it, of course.

regards,

/iaw
Comment 1 Peter Dalgaard 2012-07-14 09:56:15 UTC
This boils further down to

> Sys.glob(NA_character_)
R(12149) malloc: *** error for object 0x100843178: pointer being freed was not allocated

so probably just needs a check in Sys.glob().
Comment 2 Peter Dalgaard 2012-07-14 11:19:52 UTC
It's a bit more insidious because we also have

> Sys.glob(c(NA,"*"))
R(12229) malloc: *** error for object 0x10082cb78: pointer being reallocated was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap

and we explicitly promise that to work  ("Missing values will be ignored")

In either case, the root cause seems to be that inside do_glob,  globbuf ->gl_pathv is uninitialized when freed or reallocated.
Comment 3 Peter Dalgaard 2012-07-14 18:15:38 UTC
Fixed in R-devel. Tested on OSX; would be good if someone could check on  Windows.
Comment 4 Duncan Murdoch 2012-07-15 03:31:12 UTC
On 12-07-14 1:15 PM, r-bugs@r-project.org wrote:
> https://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14990
>
> Peter Dalgaard<pd.mes@cbs.dk>  changed:
>
>             What    |Removed                     |Added
> ----------------------------------------------------------------------------
>               Status|NEW                         |CLOSED
>           Resolution|                            |FIXED
>
> --- Comment #3 from Peter Dalgaard<pd.mes@cbs.dk>  2012-07-14 13:15:38 EDT ---
> Fixed in R-devel. Tested on OSX; would be good if someone could check on
> Windows.
>


Both of your examples do reasonable things (character(0) for globbing an 
NA, a list of files for c(NA, '*')) on 32 bit Windows.  Can't check 64 
bit Windows now, but I wouldn't expect a difference.

Duncan Murdoch


Comment 5 Uwe Ligges 2012-07-15 14:09:31 UTC

On 15.07.2012 00:31, Duncan Murdoch wrote:
> On 12-07-14 1:15 PM, r-bugs@r-project.org wrote:
>> https://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14990
>>
>> Peter Dalgaard<pd.mes@cbs.dk>  changed:
>>
>>             What    |Removed                     |Added
>> ----------------------------------------------------------------------------
>>
>>               Status|NEW                         |CLOSED
>>           Resolution|                            |FIXED
>>
>> --- Comment #3 from Peter Dalgaard<pd.mes@cbs.dk>  2012-07-14 13:15:38
>> EDT ---
>> Fixed in R-devel. Tested on OSX; would be good if someone could check on
>> Windows.
>>
>
> Both of your examples do reasonable things (character(0) for globbing an
> NA, a list of files for c(NA, '*')) on 32 bit Windows.  Can't check 64
> bit Windows now, but I wouldn't expect a difference.
>


Will run a full build and check now (changing some tools as well). Since 
I am busy for the rest of today, it may take until tomorrow before I report.

Uwe



> Duncan Murdoch
>
> _______________________________________________
> R-core list: https://stat.ethz.ch/mailman/listinfo/r-core



Comment 6 Peter Dalgaard 2012-07-15 16:04:36 UTC
On Jul 15, 2012, at 11:09 , Uwe Ligges wrote:

> 
> 
> On 15.07.2012 00:31, Duncan Murdoch wrote:
>> On 12-07-14 1:15 PM, r-bugs@r-project.org wrote:
>>> https://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14990
>>> 
>>> Peter Dalgaard<pd.mes@cbs.dk>  changed:
>>> 
>>>            What    |Removed                     |Added
>>> ----------------------------------------------------------------------------
>>> 
>>>              Status|NEW                         |CLOSED
>>>          Resolution|                            |FIXED
>>> 
>>> --- Comment #3 from Peter Dalgaard<pd.mes@cbs.dk>  2012-07-14 13:15:38
>>> EDT ---
>>> Fixed in R-devel. Tested on OSX; would be good if someone could check on
>>> Windows.
>>> 
>> 
>> Both of your examples do reasonable things (character(0) for globbing an
>> NA, a list of files for c(NA, '*')) on 32 bit Windows.  Can't check 64
>> bit Windows now, but I wouldn't expect a difference.
>> 
> 
> Will run a full build and check now (changing some tools as well). Since 
> I am busy for the rest of today, it may take until tomorrow before I report.

Thanks, Uwe and Duncan. I'm never quite happy to change things inside #ifdef Win32, but it seems to have worked. One thing that might do with a by-eye inspection is the logic concerning &cbuff in do_glob. If n==0 it seems that we're freeing it although nothing was ever allocated, but perhaps it doesn't matter? (That issue is independent of that in the bug report since a glob can expand to zero files in many ways, so I didn't want to touch it.)


-- 
Peter Dalgaard, Professor,
Center for Statistics, Copenhagen Business School
Solbjerg Plads 3, 2000 Frederiksberg, Denmark
Phone: (+45)38153501
Email: pd.mes@cbs.dk  Priv: PDalgd@gmail.com


Comment 7 Uwe Ligges 2012-07-15 22:06:54 UTC

On 15.07.2012 13:04, Peter Dalgaard wrote:
>
> On Jul 15, 2012, at 11:09 , Uwe Ligges wrote:
>
>>
>>
>> On 15.07.2012 00:31, Duncan Murdoch wrote:
>>> On 12-07-14 1:15 PM, r-bugs@r-project.org wrote:
>>>> https://bugs.r-project.org/bugzilla3/show_bug.cgi?id=14990
>>>>
>>>> Peter Dalgaard<pd.mes@cbs.dk>  changed:
>>>>
>>>>             What    |Removed                     |Added
>>>> ----------------------------------------------------------------------------
>>>>
>>>>               Status|NEW                         |CLOSED
>>>>           Resolution|                            |FIXED
>>>>
>>>> --- Comment #3 from Peter Dalgaard<pd.mes@cbs.dk>  2012-07-14 13:15:38
>>>> EDT ---
>>>> Fixed in R-devel. Tested on OSX; would be good if someone could check on
>>>> Windows.
>>>>
>>>
>>> Both of your examples do reasonable things (character(0) for globbing an
>>> NA, a list of files for c(NA, '*')) on 32 bit Windows.  Can't check 64
>>> bit Windows now, but I wouldn't expect a difference.
>>>
>>
>> Will run a full build and check now (changing some tools as well). Since
>> I am busy for the rest of today, it may take until tomorrow before I report.
>
> Thanks, Uwe and Duncan. I'm never quite happy to change things inside #ifdef Win32, but it seems to have worked. One thing that might do with a by-eye inspection is the logic concerning &cbuff in do_glob. If n==0 it seems that we're freeing it although nothing was ever allocated, but perhaps it doesn't matter? (That issue is independent of that in the bug report since a glob can expand to zero files in many ways, so I didn't want to touch it.)
>
>



Passes make check-all also under 64-bit.

Will see what happens with packages tomorrow.

Best,
Uwe