Bug 13468

Summary: rpm v3.0.5 core dumps with certain packages
Product: [Retired] Red Hat Linux Reporter: stephens <stephens>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: satan
Target Milestone: ---   
Target Release: ---   
Hardware: noarch   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-07-07 00:56:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description stephens 2000-07-04 13:58:31 UTC 
I'm not sure which packages cause the problem, but this issue is that
sometimes one of the parameters of lib/depends.c, dirInfoCompare()
is a null value. The function then casts the void* pointer passed
in to a structure and tries to access it, thus causing a core dump.

It needs either a check for NULL in the function (I've tried this and
it works) or a check elsewhere so that null is never passed.
Comment 1 SB 2000-07-07 00:56:01 UTC 
Someone on Solaris made note of this problem and said they
thought it only occurred when installing the first package.
My assumption would be (if it indeed happens only when installing
the first package) that an empty or no database would cause it
to crash.  Here is a core dump posted to the rpm-list that illustrates
the problem:
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
142         int lenchk = a->dirNameLen - b->dirNameLen;
(gdb) bt
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
#1  0xff1b9afc in bsearch () from /usr/lib/libc.so.1
#2  0x37f64 in alFileSatisfiesDepend (al=0x3158fc, keyType=0x0, 
    fileName=0x110624 "/bin/sh") at depends.c:773
#3  0x3804c in alSatisfiesDepend (al=0x3158fc, keyType=0x0, keyDepend=0x0, 
    keyName=0x110624 "/bin/sh", keyEVR=0x115104 "", keyFlags=64)
    at depends.c:803
#4  0x386d0 in unsatisfiedDepend (rpmdep=0x3158d0, keyType=0xe1d40 " requires", 
    keyDepend=0x115110 "/bin/sh  ", keyName=0x110624 "/bin/sh", 
    keyEVR=0x115104 "", keyFlags=64, suggestion=0xffbeefd4) at depends.c:963
#5  0x38844 in checkPackageDeps (rpmdep=0x3158d0, psp=0xffbef088, h=0x119d90, 
    keyName=0x0) at depends.c:1007
#6  0x39618 in rpmdepCheck (rpmdep=0x3158d0, conflicts=0xffbef154, 
    numConflicts=0xffbef150) at depends.c:1403
#7  0x4bae0 in rpmInstall (rootdir=0xde610 "/", fileArgv=0x10e1f8, 
    transFlags=0, interfaceFlags=0, probFilter=0, relocations=0x0)
    at rpminstall.c:316
#8  0x267f0 in main (argc=3, argv=0xffbef39c) at rpm.c:1382


From what I can tell no parameters of dirInfoCompare() should
be NULL and thus would indicate that either the database is
not there, empty, or corrupt or that that rpm itself is
incomplete/built incorrectly/corrupt.  It's fixable like you
said, but it is a nice way of finding out if a package is messed
up or not none-the-less.

-Stan Bubrouski
Comment 2 Jeff Johnson 2000-07-10 18:20:22 UTC 
This smells like the following patch


/*@dependent@*/ /*@null@*/ static struct availablePackage *
alFileSatisfiesDepend(struct availableList * al,
        const char * keyType, const char * fileName)
{
    int i;
    const char * dirName;
    const char * baseName;
    struct dirInfo dirNeedle;
    struct dirInfo * dirMatch;

+j    if (al->numDirs == 0)       /* Solaris 2.6 bsearch sucks down on this. */
+        return NULL;

which is now added in rpm-3.0.5. Thanks for the report.
Comment 3 openshift-github-bot 2017-04-05 18:45:43 UTC 
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/4f2de74f46f63a1b74bd43f66a65634c547359f4
Merge pull request #13552 from soltysh/issue13468

Merged by openshift-bot