Bug 380911

Summary: rpm gets glibc aborts on query of multiple package installs on ppc32
Product: [Fedora] Fedora Reporter: Kevin Fenzi <kevin>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dwmw2, pnasrat, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: powerpc   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-14 22:01:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Backtrace of core with MALLOC_CHECK_=0
none
Fix rpmio/base64.c none

Description Kevin Fenzi 2007-11-13 20:35:14 UTC 
Got this this morning on my ppc32 machine: 

# rpm -q kernel
*** glibc detected *** /usr/lib/rpm/rpmq: free(): invalid next size (normal):
0x1004d6f8 ***
======= Backtrace: =========
/lib/libc.so.6[0x30183304]
/lib/libc.so.6(cfree+0xc8)[0x30186b38]
/usr/lib/librpm-4.4.so(rpmtsFindPubkey+0x114)[0xfefaef4]
/usr/lib/librpm-4.4.so[0xfefc7ac]
/usr/lib/librpm-4.4.so(rpmVerifySignature+0x6ec)[0xfefebec]
/usr/lib/librpm-4.4.so(headerCheck+0x374)[0xfed6384]
/usr/lib/librpmdb-4.4.so(rpmdbNextIterator+0x328)[0xfd92d78]
/usr/lib/librpm-4.4.so(rpmQueryVerify+0x1fc)[0xfede36c]
/usr/lib/librpm-4.4.so(rpmcliArgIter+0xb8)[0xfededb8]
/usr/lib/librpm-4.4.so(rpmcliQuery+0xc0)[0xfedf120]
/usr/lib/rpm/rpmq[0x10002950]
/lib/libc.so.6[0x3011f56c]
/lib/libc.so.6[0x3011f73c]
======= Memory map: ========
00100000-00103000 r-xp 00100000 00:00 0          [vdso]
003c0000-003d4000 r-xp 00000000 fd:00 1473198    /lib/libgcc_s-4.1.2-20070925.so.1
003d4000-003e3000 ---p 00014000 fd:00 1473198    /lib/libgcc_s-4.1.2-20070925.so.1
003e3000-003e5000 rw-p 00013000 fd:00 1473198    /lib/libgcc_s-4.1.2-20070925.so.1
006c0000-006d1000 r-xp 00000000 fd:00 1473239    /lib/libbz2.so.1.0.4
006d1000-006e0000 ---p 00011000 fd:00 1473239    /lib/libbz2.so.1.0.4
006e0000-006e2000 rw-p 00010000 fd:00 1473239    /lib/libbz2.so.1.0.4
00780000-00786000 r-xp 00000000 fd:00 5214057    /usr/lib/libplc4.so
00786000-00795000 ---p 00006000 fd:00 5214057    /usr/lib/libplc4.so
00795000-00796000 rw-p 00005000 fd:00 5214057    /usr/lib/libplc4.so
007a0000-007a4000 r-xp 00000000 fd:00 5210091    /usr/lib/libplds4.so
007a4000-007b3000 ---p 00004000 fd:00 5210091    /usr/lib/libplds4.so
007b3000-007b4000 rw-p 00003000 fd:00 5210091    /usr/lib/libplds4.so
00820000-0083a000 r-xp 00000000 fd:00 5215301    /usr/lib/libelf-0.131.so
0083a000-0084f000 ---p 0001a000 fd:00 5215301    /usr/lib/libelf-0.131.so
0084f000-00850000 r--p 0001f000 fd:00 5215301    /usr/lib/libelf-0.131.so
00850000-00851000 rw-p 00020000 fd:00 5215301    /usr/lib/libelf-0.131.so
00960000-009a4000 r-xp 00000000 fd:00 5213765    /usr/lib/libnspr4.so
009a4000-009b3000 ---p 00044000 fd:00 5213765    /usr/lib/libnspr4.so
009b3000-009b5000 rw-p 00043000 fd:00 5213765    /usr/lib/libnspr4.so
009b5000-009b7000 rw-p 009b5000 00:00 0 
00a00000-00b55000 r-xp 00000000 fd:00 5214305    /usr/lib/libnss3.so
00b55000-00b64000 ---p 00155000 fd:00 5214305    /usr/lib/libnss3.so
00b64000-00b6d000 rw-p 00154000 fd:00 5214305    /usr/lib/libnss3.so
00b6d000-00b6e000 rw-p 00b6d000 00:00 0 
0f08b000-0f0db000 r-xp 00000000 fd:00 5211885    /usr/lib/libfreebl3.so
0f0db000-0f0dc000 rw-p 00050000 fd:00 5211885    /usr/lib/libfreebl3.so
0f0ec000-0f13a000 r-xp 00000000 fd:00 5224748    /usr/lib/libsoftokn3.so
0f13a000-0f13c000 ---p 0004e000 fd:00 5224748    /usr/lib/libsoftokn3.so
0f13c000-0f140000 rw-p 00050000 fd:00 5224748    /usr/lib/libsoftokn3.so
0f150000-0f159000 r-xp 00000000 fd:00 1473189    /lib/libpopt.so.0.0.0
0f159000-0f168000 ---p 00009000 fd:00 1473189    /lib/libpopt.so.0.0.0
0f168000-0f169000 rw-p 00008000 fd:00 1473189    /lib/libpopt.so.0.0.0
0f8c5000-0f93a000 r-xp 00000000 fd:00 5215088    /usr/lib/librpmio-4.4.so
0f93a000-0f949000 ---p 00075000 fd:00 5215088    /usr/lib/librpmio-4.4.so
0f949000-0f94e000 rw-p 00074000 fd:00 5215088    /usr/lib/librpmio-4.4.so
0f94e000-0f970000 rw-p 0f94e000 00:00 0 
0f980000-0f99f000 r-xp 00000000 fd:00 1473211    /lib/libselinux.so.1
0f99f000-0f9af000 ---p 0001f000 fd:00 1473211    /lib/libselinux.so.1
0f9af000-0f9b0000 r--p 0001f000 fd:00 1473211    /lib/libselinux.so.1
0f9b0000-0f9b1000 rw-p 00020000 fd:00 1473211    /lib/libselinux.so.1
0fbc0000-0fc3a000 r-xp 00000000 fd:00 5212579    /usr/lib/libsqlite3.so.0.8.6
0fc3a000-0fc49000 ---p 0007a000 fd:00 5212579    /usr/lib/libsqlite3.so.0.8.6
0fc49000-0fc4c000 rw-p 00079000 fd:00 5212579    /usr/lib/libsqlite3.so.0.8.6
0fca0000-0fcb5000 r-xp 00000000 fd:00 1474124    /lib/libz.so.1.2.3
0fcb5000-0fcc4000 ---p 00015000 fd:00 1474124    /lib/libz.so.1.2.3
0fcc4000-0fcc5000 rw-p 00014000 fd:00 1474124    /lib/libz.so.1.2.3
0fcd0000-0fce8000 r-xp 00000000 fd:00 1473209    /lib/libpthread-2.7.so
0fce8000-0fcff000 ---p 00018000 fd:00 1473209    /lib/libpthread-2.7.so
0fcff000-0fd00000 r--p 0001f000 fd:00 1473209    /lib/libpthread-2.7.so
0fd00000-0fd01000 rw-p 00020000 fd:00 1473209    /lib/libpthread-2.7.so
0fd01000-0fd03000 rw-p 0fd01000 00:00 0 
0fd10000-0fd13000 r-xp 00000000 fd:00 1473194    /lib/libdl-2.7.so
0fd13000-0fd2f000 ---p 00003000 fd:00 1473194    /lib/libdl-2.7.so
0fd2f000-0fd30000 r--p 0000f000 fd:00 1473194    /lib/libdl-2.7.so
0fd30000-0fd31000 rw-p 00010000 fd:00 1473194    /lib/libdl-2.7.so
0fd60000-0fe9e000 r-xp 00000000 fd:00 5215087    /usr/lib/librpmdb-4.4.so
0fe9e000-0fea0000 ---p 0013e000 fd:00 5215087    /usr/lib/librpmdb-4.4.so
0fea0000-0fea7000 rw-p 00140000 fd:00 5215087    /usr/lib/librpmdb-4.4.so
0feb7000-0ff1b000 r-xp 00000000 fd:00 5211117    /usr/lib/librpm-4.4.so
0ff1b000-0ff2a000 ---p 00064000 fd:00 5211117    /usr/lib/librpm-4.4.so
0ff2a000-0ff2e000 rw-p 00063000 fd:00 5211117    /usr/lib/librpm-4.4.so
0ff2e000-0ff61000 rw-p 0ff2e000 00:00 0 
0ff71000-0ff99000 r-xp 00000000 fd:00 5215086    /usr/lib/librpmbuild-4.4.so
0ff99000-0ffa1000 ---p 00028000 fd:00 5215086    /usr/lib/librpmbuild-4.4.so
0ffa1000-0ffa4000 rw-p 00030000 fd:00 5215086    /usr/lib/librpmbuild-4.4.so
0ffa4000-0ffb0000 rw-p 0ffa4000 00:00 0 
0ffc0000-0ffe0000 r-xp 00000000 fd:00 1473179    /lib/ld-2.7.so
0ffef000-0fff0000 r--p 0002f000 fd:00 1473179    /lib/ld-2.7.so
0fff0000-0fff1000 rw-p 00030000 fd:00 1473179    /lib/ld-2.7.so
10000000-10004000 r-xp 00000000 fd:00 5631658    /usr/lib/rpm/rpmq
10013000-10014000 rw-p 00003000 fd:00 5631658    /usr/lib/rpm/rpmq
10014000-10056000 rwxp 10014000 00:00 0          [heap]
30002000-30008000 rw-s 00000000 fd:00 949896     /var/lib/rpm/__db.001
3000b000-3000d000 rw-p 3000b000 00:00 0 
3000d000-300c4000 r-xp 00000000 fd:00 1473195    /lib/libm-2.7.so
300c4000-300d9000 ---p 000b7000 fd:00 1473195    /lib/libm-2.7.so
300d9000-300dd000 r--p 000bc000 fd:00 1473195    /lib/libm-2.7.so
300dd000-300de000 rw-p 000c0000 fd:00 1473195    /lib/libm-2.7.so
300de000-300df000 rw-p 300de000 00:00 0 
300df000-300e8000 r-xp 00000000 fd:00 1473267    /lib/librt-2.7.so
300e8000-300fe000 ---p 00009000 fd:00 1473267    /lib/librt-2.7.so
300fe000-300ff000 r--p 0000f000 fd:00 1473267    /lib/librt-2.7.so
300ff000-30100000 rw-p 00010000 fd:00 1473267    /lib/librt-2.7.so
30100000-30101000 rw-p 30100000 00:00 0 
30101000-30280000 r-xp 00000000 fd:00 1473180    /lib/libc-2.7.so
30280000-3028d000 ---p 0017f000 fd:00 1473180    /lib/libc-2.7.so
3028d000-30291000 r--p 0018c000 fd:00 1473180    /lib/libc-2.7.so
30291000-30292000 rw-p 00190000 fd:00 1473180    /lib/libc-2.7.so
30292000-30297000 rw-p 30292000 00:00 0 
30297000-30497000 r--p 00000000 fd:00 5225263    /usr/lib/locale/locale-archive
30497000-305d9000 rw-s 00000000 fd:00 949897     /var/lib/rpm/__db.002
305d9000-30647000 rw-s 00000000 fd:00 949898     /var/lib/rpm/__db.003
306b7000-306f0000 rw-p 30647000 00:00 0 
7fdff000-7fe2a000 rw-p 7ffd5000 00:00 0          [stack]
Aborted

This seems to happen on any rpm command that tries to deal multiple packages,
ie, kernel... 

queries against single installed packages work fine. 

# rpm -q rpm
rpm-4.4.2.2-8.fc9

Perhaps something with the move from beecrypt?
Comment 1 Paul Nasrat 2007-11-13 21:01:38 UTC 
does rpm -q --nosignature --nodigest kernel work in that case?
Comment 2 Kevin Fenzi 2007-11-13 21:06:26 UTC 
Indeed it does: 

# rpm -q --nosignature --nodigest kernel
kernel-2.6.23.1-23.fc8
kernel-2.6.23.1-42.fc8
Comment 3 Paul Nasrat 2007-11-13 23:32:05 UTC 
If you run with ulimit -c unlimited and the original failing command do you get
a core you can attach to bug (or put on an ftp site)?

F-8 ppc plus rawhide RPM just worked for me.
Comment 4 Kevin Fenzi 2007-11-14 00:10:13 UTC 
Sure. It does indeed provide a core:

http://www.scrye.com/~kevin/fedora/core.13859

Also, I got a core from rpm-python when trying to yum install yum-utils. ;( 

This is a test machine, I'd be happy to provide ssh access to it if you like. 
Just send me your ssh key via private email.
Comment 5 Paul Nasrat 2007-11-14 08:16:34 UTC 
403  forbidden.
Comment 6 Paul Nasrat 2007-11-14 08:43:09 UTC 
Created attachment 257801 [details]
Backtrace of core with MALLOC_CHECK_=0
Comment 7 Paul Nasrat 2007-11-14 08:48:42 UTC 
http://fedorapeople.org/~pnasrat/core.2641

Core with glibc aborting
Comment 8 Kevin Fenzi 2007-11-14 16:45:16 UTC 
In reply to comment #5: 

oops. Sorry. Opened up the permissions on it now.
Comment 9 Tomas Mraz 2007-11-14 17:19:23 UTC 
Created attachment 258451 [details]
Fix rpmio/base64.c

This patch should fix the problem. The base64 decoder code incorrectly assumed
that char is a signed type.
Comment 10 Paul Nasrat 2007-11-14 18:48:58 UTC 
Verified on my ppc box:

[pauln@localhost rpm]$ hg status -m
M rpmio/base64.c

[pauln@localhost rpm]$ uname -a
Linux localhost.localdomain 2.6.23.1-49.fc8 #1 Thu Nov 8 21:16:15 EST 2007 ppc
ppc ppc GNU/Linux

[pauln@localhost rpm]$ ./rpm -q kernel
kernel-2.6.23.1-42.fc8
kernel-2.6.23.1-49.fc8

[pauln@localhost rpm]$ ./rpm --version
RPM version 4.4.90
Comment 11 Paul Nasrat 2007-11-14 22:01:00 UTC 
Panu has commited to rpm.org head and it's been built for rawhide. Thanks Tomas
for the patch.