Bug 33110
Summary: | showstopper: endless(?) malloc frenzy in rpm-4.0.2 | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | j. alan eldridge <alane> |
Component: | rpm | Assignee: | Jeff Johnson <jbj> |
Status: | CLOSED WORKSFORME | QA Contact: | David Lawrence <dkl> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-03-25 16:56:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
j. alan eldridge
2001-03-25 06:37:29 UTC
whoa... found the condition that's causing it: it's the unescaped square brackets that make it blow its cookies. now that's *weird*. if the brackets are escaped with \, then it works correctly. of course, escaping the brackets makes it incorrect. but i'll add another data point: with the brackets escaped (or missing), rather than just spitting out "(array)", rpm gives you the zeroth element of the array, with no indication that your're missing things. this is bad, too. "MaxRPM" indicates that there should be an error output ("(array)") but that seems to have been lost over time. i stronly suspect that this is a bug in not freeing allocated memory at the end of the loop which iterates over the array items to spit them out. if this is the case, then we would see spectacular degradation as the number of files in the archive increases, and in fact, that is what we see. looks like an API thing come to bite again, jeff; the question of "who does own this iterator, and do i have to free it - or decrement its ref count - or not?" seems to be pervasive (from what i've seen on the rpm list), and i'm guessing it has struck again. Blindly grabbing HEADER_* tags is not advised, as the value for those tags is an entire copy of the header as originally read. Try changing your loop to start grabbing tags at 256 (if you want signatures), or 1000 (traditional rpm tag start). jeff, i don't understand your comment re 256/1000. please explain. note: purpose of python class is to make the rpm's tags available from a hash. so i don't understand how numbers fit into it. I think I see your point re HEADER*.... grabbing HEADERIMAGE in the array context seems to be what's killing it. But *why* ??? I can't see how the exhibited behavior could be considered either reasonable or correct. Also, in creating a general purpose (to some extent) tool, how is one to determine which headers are safe to grab, and which not? And, while we're at it, how to know which are arrays and which are scalars? Are there any known examples of using the python interface to rpmlib? Or does it even work? Tags have numeric values, roughly split into groups 60-99 (new) HEADER_* 100 I18N table 256 (new) signature info duplicated from signature header 1000 RPMTAG_NAME Complete list of name/value pairs is in rpmlib.h enum. New tags have new semantics, HEADER_IMAGE is literally that, a copy of the header that can/will be used to re-generate MD5/SHA1 digests for verification of header contents after install has been completed. So the question is what tags can you access? The answer is all of them, but you need to be prepared for how the contents are defined. All tags are "safe to grab". Arrays can be determined by looking at the type and count fields returned from headerGetEntry. So how do you tell what the values mean, and what their datatypes are? Meaning is determined by context of access, and a tag returns the datatype (at least if using headerGetEntry). Best examples of usage are either anaconda (which was the reason for creating python bindings) or up2date sources. |