Bug 16441 - Segfault when an environment has an attribute that refers to itself
Summary: Segfault when an environment has an attribute that refers to itself
Status: ASSIGNED
Alias: None
Product: R
Classification: Unclassified
Component: Low-level (show other bugs)
Version: R 3.2.1
Hardware: Other Linux
: P5 minor
Assignee: R-core
URL:
Depends on:
Blocks:
 
Reported: 2015-06-22 20:38 UTC by Winston Chang
Modified: 2015-06-23 16:56 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Winston Chang 2015-06-22 20:38:58 UTC
When an environment has a reference to itself in an attribute, it can result in a segfault when trying to inspect the environment.

# This is OK
e <- new.env()
e$e <- e
object.size(e)
# 56 bytes


# Using attributes causes segfault with object.size
e <- new.env()
attr(e, "e") <- e
object.size(e)
# Segmentation fault


# Similarly with str
e <- new.env()
attr(e, "e") <- e
str(e)
# Segmentation fault
Comment 1 Luke Tierney 2015-06-23 16:56:23 UTC
Attributes on environments are always a bad idea. No matter how convenient they may seem, the implementation doesn't support them in a reasonable way.

That said it would be nice not to segfault, which print(e) also does.

I've added some calls to R_Checkstack, which handle the object.size case.
print(e) triggers a buffer overflow in printAttributes; I've added a hack to trap that, but a cleaner rewrite with size checks would be better.
These changes are in r68574 in the trunk and r68575 in R-3-2-branch.

str(e) hilts a problem of cascading error calls when clean-up code is called after signalling an error because a resource is depleted. This is a long-standing issue with the way R calls clean-up code (before the jump instead of doing a series of jumps that release resources). It needs to be fixed eventually but probably won't be soon. I'm leaving the bug open as a reminder.