Bug 1133885

Summary: [abrt] rpm: rpmReadSignature(): rpm killed by SIGABRT
Product: [Fedora] Fedora Reporter: Jan Sedlák <jsedlak>
Component: rpmAssignee: Packaging Maintenance Team <packaging-team-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: jzeleny, novyjindrich, packaging-team-maint, pknirsch, pmatilai
Target Milestone: ---Keywords: Upstream
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/2c0a297505d9d999a62bb5ce990b6c4b654834cc
Whiteboard: abrt_hash:4616c0fecbc067324716a21ba7aa505cb0864c9c
Fixed In Version: rpm-4.11.3-1.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-19 09:58:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
rpm package that rpm fails on none

Description Jan Sedlák 2014-08-26 11:37:46 UTC 
Description of problem:
I am trying to implement program that extracts header from RPM package. I have created rpm that contains only lead + header and tried to run 'rpm -qp' on it and rpm showed double free or corruption error.

Version-Release number of selected component:
rpm-4.11.2-2.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        rpm -qp lo.rpm
crash_function: rpmReadSignature
executable:     /usr/bin/rpm
kernel:         3.15.10-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (9 frames)
 #5 rpmReadSignature at signature.c:245
 #6 rpmpkgRead at package.c:529
 #7 rpmReadPackageFile at package.c:717
 #8 rpmgiReadHeader at rpmgi.c:90
 #9 rpmgiLoadReadHeader at rpmgi.c:126
 #10 rpmgiNext at rpmgi.c:216
 #11 rpmgiShowMatches at query.c:274
 #12 rpmcliArgIter at query.c:518
 #13 rpmcliQuery at query.c:568
Comment 1 Jan Sedlák 2014-08-26 11:37:50 UTC 
Created attachment 930829 [details]
File: backtrace
Comment 2 Jan Sedlák 2014-08-26 11:37:51 UTC 
Created attachment 930830 [details]
File: cgroup
Comment 3 Jan Sedlák 2014-08-26 11:37:52 UTC 
Created attachment 930831 [details]
File: core_backtrace
Comment 4 Jan Sedlák 2014-08-26 11:37:54 UTC 
Created attachment 930832 [details]
File: dso_list
Comment 5 Jan Sedlák 2014-08-26 11:37:55 UTC 
Created attachment 930833 [details]
File: environ
Comment 6 Jan Sedlák 2014-08-26 11:37:56 UTC 
Created attachment 930834 [details]
File: limits
Comment 7 Jan Sedlák 2014-08-26 11:37:57 UTC 
Created attachment 930835 [details]
File: maps
Comment 8 Jan Sedlák 2014-08-26 11:37:59 UTC 
Created attachment 930836 [details]
File: open_fds
Comment 9 Jan Sedlák 2014-08-26 11:38:00 UTC 
Created attachment 930837 [details]
File: proc_pid_status
Comment 10 Jan Sedlák 2014-08-26 11:38:01 UTC 
Created attachment 930838 [details]
File: var_log_messages
Comment 11 Jan Sedlák 2014-08-26 11:40:37 UTC 
Created attachment 930841 [details]
rpm package that rpm fails on
Comment 12 Panu Matilainen 2014-08-27 07:12:40 UTC 
Rpm packages must consist of
1) lead
2) signature header (+ padding)
3) main header
4) payload if the package has files

Your sample "package" is missing signature header, and as such cannot be read with rpmReadPackageFile(). That it crashes in this case is obviously a nasty bug, fixed now upstream:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=0ab486b8e169edbe66870f5ff43f9dd07ffd2655
Comment 13 Jan Sedlák 2014-08-27 08:22:42 UTC 
Thank you, I have realized this yesterday. I think that my RPM has lead and signature header, but it isn't padded and it is missing main header. But still, double freeing memory is a bug.
Comment 14 Fedora Update System 2014-09-08 06:56:18 UTC 
rpm-4.11.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rpm-4.11.3-1.fc20
Comment 15 Fedora Update System 2014-09-09 22:05:10 UTC 
Package rpm-4.11.3-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpm-4.11.3-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-10325/rpm-4.11.3-1.fc20
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2014-09-16 07:49:49 UTC 
rpm-4.11.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rpm-4.11.3-1.fc19
Comment 17 Fedora Update System 2014-09-19 09:58:32 UTC 
rpm-4.11.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Fedora Update System 2014-10-04 03:26:51 UTC 
rpm-4.11.3-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.