Bug 33126

Summary: [patch] rpm-4.0 crashes during uninstall of packages which were installed by old rpm (2.5?)
Product: [Retired] Red Hat Linux Reporter: Xubn Baldauf <xuan--bugzilla.redhat.com>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-03-25 19:14:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix for this bug none

Description Xubn Baldauf 2001-03-25 19:12:59 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8.1) Gecko/20010320


I have a linux system which originally was a SuSE6.0 but which has been
updated for ages, including rpm. Now I wanted to update gcc, but uninstall
of gcc-2.95.2 failed with SEGV. I rebuilt rpm-4.0.2-7x from rpm.org source
(installed rpm-4.0.2 could rebuild itself because of SEGV) (why doesn't rpm
contain symbols by default?) and digged into the crash using gdb. It showed
me, that the crash was at ./lib/transaction.c:1011:

	if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)


Reproducible: Always
Steps to Reproduce:
The bug was reproducible at my home system before I fixed rpm, but I did
not try to reproduce it, because the bug is obvious.

Actual Results:  SEGV

Expected Results:  no SEGV, proper uninstall

The bug is that otherStates is not checked for being NULL before
dereferencing it. otherStates may be NULL if

    headerGetEntryMinMemory(h, RPMTAG_FILESTATES, NULL,
			    (const void **) , NULL);

sets otherStates to NULL, because the entry RPMTAG_FILESTATES was not
found. The entry might always appear when the package database was written
by new rpm, but old rpms might not have written that entry.

This is the fix:

--- transaction.c.orig  Fri Feb  9 14:07:16 2001
+++ transaction.c       Sun Mar 25 18:45:40 2001
@@ -1008,7 +1008,8 @@
        otherFileNum = shared->otherFileNum;
        fileNum = shared->pkgFileNum;
 
-       if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
+       // We must check for otherStates!=NULL in case the tag searched is
not found
+       if (otherStates && otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
            continue;
 
        fi->actions[fileNum] = FA_SKIP;
Comment 1 Xubn Baldauf 2001-03-25 19:14:22 UTC 
Created attachment 13604 [details]
Fix for this bug
Comment 2 Jeff Johnson 2001-03-26 13:30:17 UTC 
Yup this is the fix for rpm-4.0, already in rpm-4.0.2.