[BUGZILLA #16441] Segfault when an environment has an attribute that refers to itself

[MichaelChirico]

When an environment has a reference to itself in an attribute, it can result in a segfault when trying to inspect the environment.

# This is OK
e <- new.env()
e$e <- e
object.size(e)
# 56 bytes

# Using attributes causes segfault with object.size
e <- new.env()
attr(e, "e") <- e
object.size(e)
# Segmentation fault

# Similarly with str
e <- new.env()
attr(e, "e") <- e
str(e)
# Segmentation fault

---

METADATA

• Bug author - Winston Chang
• Creation time - 2015-06-22 20:38:58 UTC
• Bugzilla link
• Status - ASSIGNED
• Alias - None
• Component - Low-level
• Version - R 3.2.1
• Hardware - Other Linux
• Importance - P5 minor
• Assignee - R-core
• URL -
• Modification time - 2015-06-23 16:56 UTC

[MichaelChirico]

Attributes on environments are always a bad idea. No matter how convenient they may seem, the implementation doesn't support them in a reasonable way.

That said it would be nice not to segfault, which print(e) also does.

I've added some calls to R_Checkstack, which handle the object.size case.
print(e) triggers a buffer overflow in printAttributes; I've added a hack to trap that, but a cleaner rewrite with size checks would be better.
These changes are in r68574 in the trunk and r68575 in R-3-2-branch.

str(e) hilts a problem of cascading error calls when clean-up code is called after signalling an error because a resource is depleted. This is a long-standing issue with the way R calls clean-up code (before the jump instead of doing a series of jumps that release resources). It needs to be fixed eventually but probably won't be soon. I'm leaving the bug open as a reminder.

---

METADATA

• Comment author - Luke Tierney
• Timestamp - 2015-06-23 16:56:23 UTC