strlim: avoid stack overflow

aitap · aitap · commit 53ccb07a4e00 · 2025-11-03T22:47:07.000+03:00
Since the limit is up to 500 characters, make sure to allocate 501 bytes, including the terminator at the end, avoiding the stack overflow: data.table::fread(text = paste0( strrep("mary had a little lamb\n", 100), strrep("a", 500), "\n", "a") ) ==5358==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd0f20c7e4 at pc 0x7f06826bb311 bp 0x7ffd0f20ad90 sp 0x7ffd0f20ad88 WRITE of size 1 at 0x7ffd0f20c7e4 thread T0 #0 0x7f06826bb310 in strlim /tmp/RtmpvbbbcM/R.INSTALLd607e4c6707/data.table/src/fread.c:235 #1 0x7f06826bb310 in freadMain /tmp/RtmpvbbbcM/R.INSTALLd607e4c6707/data.table/src/fread.c:2947 #2 0x7f06826c2d62 in freadR /tmp/RtmpvbbbcM/R.INSTALLd607e4c6707/data.table/src/freadR.c:229
diff --git a/src/fread.c b/src/fread.c
@@ -226,7 +226,7 @@ static inline int64_t clamp_i64t(int64_t x, int64_t lower, int64_t upper)
  * is constructed manually (using say snprintf) that warning(), stop()
  * and Rprintf() are all called as warning(_("%s"), msg) and not warning(msg).
  */
-static const char* strlim(const char *ch, char buf[static 500], size_t limit)
+static const char* strlim(const char *ch, char buf[static 501], size_t limit)
 {
   char *ch2 = buf;
   for (size_t width = 0; (*ch > '\r' || (*ch != '\0' && *ch != '\r' && *ch != '\n')) && width < limit; width++) {
@@ -1776,7 +1776,7 @@ int freadMain(freadMainArgs _args)
   if (ch >= eof) STOP(_("Input is either empty, fully whitespace, or skip has been set after the last non-whitespace."));
   if (verbose) {
     if (lineStart > ch) DTPRINT(_("  Moved forward to first non-blank line (%d)\n"), row1line);
-    DTPRINT(_("  Positioned on line %d starting: <<%s>>\n"), row1line, strlim(lineStart, (char[500]) {0}, 30));
+    DTPRINT(_("  Positioned on line %d starting: <<%s>>\n"), row1line, strlim(lineStart, (char[501]) {0}, 30));
   }
   ch = pos = lineStart;
   }
@@ -1967,7 +1967,7 @@ int freadMain(freadMainArgs _args)
     if (!fill && tt != ncol) INTERNAL_STOP("first line has field count %d but expecting %d", tt, ncol); // # nocov
     if (verbose) {
       DTPRINT(_("  Detected %d columns on line %d. This line is either column names or first data row. Line starts as: <<%s>>\n"),
-              tt, row1line, strlim(pos, (char[500]) {0}, 30));
+              tt, row1line, strlim(pos, (char[501]) {0}, 30));
       DTPRINT(_("  Quote rule picked = %d\n"), quoteRule);
       DTPRINT(_("  fill=%s and the most number of columns found is %d\n"), fill ? "true" : "false", ncol);
     }
@@ -2935,23 +2935,23 @@ int freadMain(freadMainArgs _args)
       ch = skip_to_nextline(ch, eof);
       while (ch < eof && isspace(*ch)) ch++;
       if (ch == eof) {
-        DTWARN(_("Discarded single-line footer: <<%s>>"), strlim(skippedFooter, (char[500]) {0}, 500));
+        DTWARN(_("Discarded single-line footer: <<%s>>"), strlim(skippedFooter, (char[501]) {0}, 500));
       }
       else {
         ch = headPos;
         int tt = countfields(&ch);
         if (fill > 0) {
           DTWARN(_("Stopped early on line %"PRId64". Expected %d fields but found %d. Consider fill=%d or even more based on your knowledge of the input file. Use fill=Inf for reading the whole file for detecting the number of fields. First discarded non-empty line: <<%s>>"),
-          DTi + row1line, ncol, tt, tt, strlim(skippedFooter, (char[500]) {0}, 500));
+          DTi + row1line, ncol, tt, tt, strlim(skippedFooter, (char[501]) {0}, 500));
         } else {
           DTWARN(_("Stopped early on line %"PRId64". Expected %d fields but found %d. Consider fill=TRUE. First discarded non-empty line: <<%s>>"),
-          DTi + row1line, ncol, tt, strlim(skippedFooter, (char[500]) {0}, 500));
+          DTi + row1line, ncol, tt, strlim(skippedFooter, (char[501]) {0}, 500));
         }
       }
     }
   }
   if (quoteRuleBumpedCh != NULL && quoteRuleBumpedCh < headPos) {
-    DTWARN(_("Found and resolved improper quoting out-of-sample. First healed line %"PRId64": <<%s>>. If the fields are not quoted (e.g. field separator does not appear within any field), try quote=\"\" to avoid this warning."), quoteRuleBumpedLine, strlim(quoteRuleBumpedCh, (char[500]) {0}, 500));
+    DTWARN(_("Found and resolved improper quoting out-of-sample. First healed line %"PRId64": <<%s>>. If the fields are not quoted (e.g. field separator does not appear within any field), try quote=\"\" to avoid this warning."), quoteRuleBumpedLine, strlim(quoteRuleBumpedCh, (char[501]) {0}, 500));
   }
 
   if (verbose) {

Original file line number	Diff line number	Diff line change
`@@ -226,7 +226,7 @@ static inline int64_t clamp_i64t(int64_t x, int64_t lower, int64_t upper)`
`226`	`226`	`* is constructed manually (using say snprintf) that warning(), stop()`
`227`	`227`	`* and Rprintf() are all called as warning(_("%s"), msg) and not warning(msg).`
`228`	`228`	`*/`
`229`		`-static const char* strlim(const char *ch, char buf[static 500], size_t limit)`
	`229`	`+static const char* strlim(const char *ch, char buf[static 501], size_t limit)`
`230`	`230`	`{`
`231`	`231`	`char *ch2 = buf;`
`232`	`232`	`for (size_t width = 0; (ch > '\r' \|\| (ch != '\0' && ch != '\r' && ch != '\n')) && width < limit; width++) {`
`@@ -1776,7 +1776,7 @@ int freadMain(freadMainArgs _args)`
`1776`	`1776`	`if (ch >= eof) STOP(_("Input is either empty, fully whitespace, or skip has been set after the last non-whitespace."));`
`1777`	`1777`	`if (verbose) {`
`1778`	`1778`	`if (lineStart > ch) DTPRINT(_(" Moved forward to first non-blank line (%d)\n"), row1line);`
`1779`		`- DTPRINT(_(" Positioned on line %d starting: <<%s>>\n"), row1line, strlim(lineStart, (char[500]) {0}, 30));`
	`1779`	`+ DTPRINT(_(" Positioned on line %d starting: <<%s>>\n"), row1line, strlim(lineStart, (char[501]) {0}, 30));`
`1780`	`1780`	`}`
`1781`	`1781`	`ch = pos = lineStart;`
`1782`	`1782`	`}`
`@@ -1967,7 +1967,7 @@ int freadMain(freadMainArgs _args)`
`1967`	`1967`	`if (!fill && tt != ncol) INTERNAL_STOP("first line has field count %d but expecting %d", tt, ncol); // # nocov`
`1968`	`1968`	`if (verbose) {`
`1969`	`1969`	`DTPRINT(_(" Detected %d columns on line %d. This line is either column names or first data row. Line starts as: <<%s>>\n"),`
`1970`		`- tt, row1line, strlim(pos, (char[500]) {0}, 30));`
	`1970`	`+ tt, row1line, strlim(pos, (char[501]) {0}, 30));`
`1971`	`1971`	`DTPRINT(_(" Quote rule picked = %d\n"), quoteRule);`
`1972`	`1972`	`DTPRINT(_(" fill=%s and the most number of columns found is %d\n"), fill ? "true" : "false", ncol);`
`1973`	`1973`	`}`
`@@ -2935,23 +2935,23 @@ int freadMain(freadMainArgs _args)`
`2935`	`2935`	`ch = skip_to_nextline(ch, eof);`
`2936`	`2936`	`while (ch < eof && isspace(*ch)) ch++;`
`2937`	`2937`	`if (ch == eof) {`
`2938`		`- DTWARN(_("Discarded single-line footer: <<%s>>"), strlim(skippedFooter, (char[500]) {0}, 500));`
	`2938`	`+ DTWARN(_("Discarded single-line footer: <<%s>>"), strlim(skippedFooter, (char[501]) {0}, 500));`
`2939`	`2939`	`}`
`2940`	`2940`	`else {`
`2941`	`2941`	`ch = headPos;`
`2942`	`2942`	`int tt = countfields(&ch);`
`2943`	`2943`	`if (fill > 0) {`
`2944`	`2944`	`DTWARN(_("Stopped early on line %"PRId64". Expected %d fields but found %d. Consider fill=%d or even more based on your knowledge of the input file. Use fill=Inf for reading the whole file for detecting the number of fields. First discarded non-empty line: <<%s>>"),`
`2945`		`- DTi + row1line, ncol, tt, tt, strlim(skippedFooter, (char[500]) {0}, 500));`
	`2945`	`+ DTi + row1line, ncol, tt, tt, strlim(skippedFooter, (char[501]) {0}, 500));`
`2946`	`2946`	`} else {`
`2947`	`2947`	`DTWARN(_("Stopped early on line %"PRId64". Expected %d fields but found %d. Consider fill=TRUE. First discarded non-empty line: <<%s>>"),`
`2948`		`- DTi + row1line, ncol, tt, strlim(skippedFooter, (char[500]) {0}, 500));`
	`2948`	`+ DTi + row1line, ncol, tt, strlim(skippedFooter, (char[501]) {0}, 500));`
`2949`	`2949`	`}`
`2950`	`2950`	`}`
`2951`	`2951`	`}`
`2952`	`2952`	`}`
`2953`	`2953`	`if (quoteRuleBumpedCh != NULL && quoteRuleBumpedCh < headPos) {`
`2954`		`- DTWARN(_("Found and resolved improper quoting out-of-sample. First healed line %"PRId64": <<%s>>. If the fields are not quoted (e.g. field separator does not appear within any field), try quote=\"\" to avoid this warning."), quoteRuleBumpedLine, strlim(quoteRuleBumpedCh, (char[500]) {0}, 500));`
	`2954`	`+ DTWARN(_("Found and resolved improper quoting out-of-sample. First healed line %"PRId64": <<%s>>. If the fields are not quoted (e.g. field separator does not appear within any field), try quote=\"\" to avoid this warning."), quoteRuleBumpedLine, strlim(quoteRuleBumpedCh, (char[501]) {0}, 500));`
`2955`	`2955`	`}`
`2956`	`2956`
`2957`	`2957`	`if (verbose) {`