Bug 17480 - termsform in model.c of stats package can segfault
Summary: termsform in model.c of stats package can segfault
Status: CLOSED FIXED
Alias: None
Product: R
Classification: Unclassified
Component: Low-level (show other bugs)
Version: R 3.5.0
Hardware: x86_64/x64/amd64 (64-bit) Linux-Fedora
: P5 minor
Assignee: R-core
URL:
Depends on:
Blocks:
 
Reported: 2018-09-27 07:07 UTC by Rohan Shah
Modified: 2018-09-27 14:59 UTC (History)
1 user (show)

See Also:


Attachments
Data.frame for reproducing bug (829.74 KB, application/gzip)
2018-09-27 07:07 UTC, Rohan Shah
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rohan Shah 2018-09-27 07:07:42 UTC
Created attachment 2374 [details]
Data.frame for reproducing bug

With a (very) large number of model terms, the C function termsform in model.c can crash with a SIGSEGV (memory not mapped) error. Yes, the example attached has a maybe unrealistic number of terms / columns, but this should not happen.

To the best of my knowledege model.c has not changed in a year, so I believe this is an unpatched bug? I see previous bug reports referencing stack exhaustion in this function, but I think this is different.

With attached data.frame, code to reproduce is:

load("./intensities.RData")
tmp <- terms(SamplePrep ~ ., data = intensities)
Comment 1 Luke Tierney 2018-09-27 14:59:05 UTC
Thanks for the report. Segfault eliminated in R-devel and R-patched. The example now fails for me with a protect stack overflow. Addressing this would require a more extensive redesign.