Bug 15518 - R 3.0.2 segfaults with incorrect use of underline
R 3.0.2 segfaults with incorrect use of underline
Status: CLOSED FIXED
Product: R
Classification: Unclassified
Component: Language
R 3.0.2
x86_64/x64/amd64 (64-bit) All
: P3 major
Assigned To: R-core
: 15574 15662 15761 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-28 19:23 UTC by Alexandre Sieira
Modified: 2014-04-18 20:37 UTC (History)
5 users (show)

See Also:


Attachments
R source file that causes a seg fault (49 bytes, application/octet-stream)
2013-10-28 19:23 UTC, Alexandre Sieira
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandre Sieira 2013-10-28 19:23:51 UTC
Created attachment 1500 [details]
R source file that causes a seg fault

If the attached file is loaded (via 'source' command) on R 3.0.2 on my machine it segfaults as follows:


R version 3.0.2 (2013-09-25) -- "Frisbee Sailing"
Copyright (C) 2013 The R Foundation for Statistical Computing
Platform: x86_64-apple-darwin10.8.0 (64-bit)
(...)

> source("~/Documents/test.R")

 *** caught segfault ***
address 0x100, cause 'memory not mapped'

Traceback:
 1: source("~/Documents/test.R")

Possible actions:
1: abort (with core dump, if enabled)
2: normal R exit
3: exit R without saving workspace
4: exit R saving workspace


I'm sorry if I didn't categorize this bugzilla entry correctly, this is my first direct bug submission to the R project.
Comment 1 Martin Maechler 2013-10-29 12:14:11 UTC
(In reply to comment #0)

> I'm sorry if I didn't categorize this bugzilla entry correctly, this is my
> first direct bug submission to the R project.

No problem.. Thank you very much for the reproducible example.
Indeed, I can reproduce the seg.fault in Fedora 19 (Linux),
R 3.0.2 patched "of today".

When run from the debugger, we get the stack trace which
points to string handling  [ __strlen_sse2 ] :


> source("~/Download/test.R")

Program received signal SIGSEGV, Segmentation fault.
0x0000003251086711 in __strlen_sse2 () from /usr/lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-18.fc19.x86_64 libgcc-4.8.1-1.fc19.x86_64 libgfortran-4.8.1-1.fc19.x86_64 libgomp-4.8.1-1.fc19.x86_64 libicu-50.1.2-9.fc19.x86_64 libquadmath-4.8.1-1.fc19.x86_64 libstdc++-4.8.1-1.fc19.x86_64 ncurses-libs-5.9-11.20130511.fc19.x86_64 readline-6.2-6.fc19.x86_64 xz-libs-5.1.2-4alpha.fc19.x86_64
(gdb) bt
#0  0x0000003251086711 in __strlen_sse2 () from /usr/lib64/libc.so.6
#1  0x00000000004bee69 in Rf_mkChar (
    name=name@entry=0x2d02020241380202 <Address 0x2d02020241380202 out of bounds>)
    at ../../../R/src/main/envir.c:3380
#2  0x00000000004dfadc in finalizeData () at gram.y:3404
#3  0x00000000004e8cb8 in R_Parse (n=n@entry=-1, status=status@entry=0x7fffffffa140, 
    srcfile=srcfile@entry=0x12e5890) at gram.y:1465
#4  0x00000000004e9724 in R_ParseVector (text=text@entry=0x10da750, n=n@entry=-1, 
    status=status@entry=0x7fffffffa140, srcfile=srcfile@entry=0x12e5890) at gram.y:1535
#5  0x00000000005676c0 in do_parse (call=0x16cc5c8, op=<optimized out>, args=<optimized out>, 
    env=<optimized out>) at ../../../R/src/main/source.c:259
#6  0x00000000004cd20e in bcEval (body=body@entry=0x16c0118, rho=rho@entry=0x10dbdc0, 
    useCache=useCache@entry=TRUE) at ../../../R/src/main/eval.c:4627
#7  0x00000000004d6540 in Rf_eval (e=0x16c0118, rho=0x10dbdc0) at ../../../R/src/main/eval.c:545
#8  0x00000000004d76c9 in Rf_applyClosure (call=call@entry=0x12b8de0, op=op@entry=0x14cafd8, 
    arglist=arglist@entry=0x12b2240, rho=rho@entry=0xa163d8, suppliedenv=0xa16410)
    at ../../../R/src/main/eval.c:1019
#9  0x00000000004d66a7 in Rf_eval (e=e@entry=0x12b8de0, rho=rho@entry=0xa163d8)
    at ../../../R/src/main/eval.c:661
#10 0x00000000004fe054 in Rf_ReplIteration (rho=rho@entry=0xa163d8, savestack=savestack@entry=0, 
    browselevel=browselevel@entry=0, state=state@entry=0x7fffffffaf30) at ../../../R/src/main/main.c:258
#11 0x00000000004fe328 in R_ReplConsole (rho=0xa163d8, savestack=0, browselevel=0)
    at ../../../R/src/main/main.c:307
#12 0x00000000004fe391 in run_Rmainloop () at ../../../R/src/main/main.c:984
#13 0x00000000004fe3d2 in Rf_mainloop () at ../../../R/src/main/main.c:991
#14 0x0000000000419278 in main (ac=<optimized out>, av=<optimized out>) at ../../../R/src/main/Rmain.c:32
(gdb)
Comment 2 Martin Maechler 2013-10-29 12:16:12 UTC
Marked OS with "ALL" instead of "Mac" .. even though I have not tried Windows.
Comment 3 Martin Maechler 2013-10-29 13:25:02 UTC
Further note that versions of R <= 3.0.1
correctly give an error message from parsing.

It's only R 3.0.2 and newer where the parser leads to a segfault.

Martin
Comment 4 Martin Maechler 2013-10-29 13:25:24 UTC
Further note that versions of R <= 3.0.1
correctly give an error message from parsing.

It's only R 3.0.2 and newer where the parser leads to a segfault.

Martin
Comment 5 Duncan Murdoch 2013-10-29 23:23:30 UTC
The parse now tries to keep partial information in case of parse errors, to help front-ends do better recovery.  It wasn't handling the case of an illegal character in the input stream properly.  (Underscores are illegal at the start of a token.)

Now fixed; will soon commit to R-devel and R-patched.
Comment 6 Duncan Murdoch 2013-11-23 13:16:11 UTC
*** Bug 15574 has been marked as a duplicate of this bug. ***
Comment 7 Duncan Murdoch 2014-02-09 23:26:39 UTC
*** Bug 15662 has been marked as a duplicate of this bug. ***
Comment 8 Duncan Murdoch 2014-04-18 20:37:31 UTC
*** Bug 15761 has been marked as a duplicate of this bug. ***