RPM seg-faults after doing these two commands: rpm -Uvv --force ~/updates/kernel-2.2.13-0.13.i686.rpm rpm -Uvv --force /mnt/cd2/RPMS/kernel-2.2.13-0.13.i386.rpm updates/kernel-2.2.13-0.13.i686.rpm is from the Redhat 6.1 OEM CD. /mnt/cd2/RPMS/kernel-2.2.13-0.13.i386.rpm is a customized kernel. This custom kernel is available with ftp at 199.45.143.80. Username: redhat Password: bugfix I added some debugging messages to rpm and ran it with the environment setting MALLOC_CHECK_=1 Here is the relevant output. This is during binary package install, after the packages have been installed, just before the function markReplacedFiles exits. D: entering headerFree(0x8189c40) D: usageCount: 1 D: freeing h->index[0].data: 0x8189d48 D: freeing h->index[1].data: 0x8189d38 D: freeing h->index[2].data: 0x8189d58 D: freeing h->index[3].data: 0x8189d68 D: freeing h->index[4].data: 0x8189dc0 D: freeing h->index[5].data: 0x8189f00 D: freeing h->index[6].data: 0x8189ff8 D: freeing h->index[7].data: 0x818a008 D: freeing h->index[8].data: 0x818a1b0 free(): invalid pointer 0x818a1b0! D: freeing h->index[9].data: 0x818a1c0 free(): invalid pointer 0x818a1c0! D: freeing h->index[10].data: 0x818a1d0 free(): invalid pointer 0x818a1d0! D: freeing h->index[11].data: 0x818a208 D: freeing h->index[12].data: 0x818a228 D: freeing h->index[13].data: 0x818a238 D: freeing h->index[14].data: 0x8189d78 D: freeing h->index[15].data: 0x818a248 D: freeing h->index[16].data: 0x81768c8 D: freeing h->index[17].data: 0x817a238 D: freeing h->index[18].data: 0x818a028 Segmentation fault (core dumped)
What version of rpm? Have you done a "rpm --rebuilddb"? There are segfaults in rpm due to a database left in an inconsistent state ... Also, if you've gotten as far as recompiling rpm with debugging messages, can you print out the tag value: h->index[i]->info.tag If there really is an allocation problem, the mistake is freeing data that was returned by headerGetEntry() without checking the type of data returned.
This is rpm 3.0.3, from package rpm-3.0.3-2.i386.rpm rpm --rebuilddb does not seem to affect it. Here is the output with h->index[i].info.tag and type: D: entering headerFree(0x8189c20) D: usageCount: 1 D: freeing h->index[0].data: 0x8189d28 .info.tag: 100 .info.type: 8 D: freeing h->index[1].data: 0x8189d18 .info.tag: 1000 .info.type: 6 D: freeing h->index[2].data: 0x8189d38 .info.tag: 1001 .info.type: 6 D: freeing h->index[3].data: 0x8189d48 .info.tag: 1002 .info.type: 6 D: freeing h->index[4].data: 0x8189d58 .info.tag: 1004 .info.type: 9 D: freeing h->index[5].data: 0x8189e98 .info.tag: 1005 .info.type: 9 D: freeing h->index[6].data: 0x8189f90 .info.tag: 1006 .info.type: 4 D: freeing h->index[7].data: 0x8189fa0 .info.tag: 1007 .info.type: 6 D: freeing h->index[8].data: 0x818a148 .info.tag: 1008 .info.type: 4 free(): invalid pointer 0x818a148! D: freeing h->index[9].data: 0x818a158 .info.tag: 1009 .info.type: 4 free(): invalid pointer 0x818a158! D: freeing h->index[10].data: 0x818a168 .info.tag: 1014 .info.type: 6 free(): invalid pointer 0x818a168! D: freeing h->index[11].data: 0x818a1a0 .info.tag: 1016 .info.type: 9 D: freeing h->index[12].data: 0x818a1c0 .info.tag: 1021 .info.type: 6 D: freeing h->index[13].data: 0x818a1d0 .info.tag: 1022 .info.type: 6 D: freeing h->index[14].data: 0x818a1e0 .info.tag: 1023 .info.type: 6 D: freeing h->index[15].data: 0x818a220 .info.tag: 1024 .info.type: 6 D: freeing h->index[16].data: 0x81768d0 .info.tag: 1027 .info.type: 8 D: freeing h->index[17].data: 0x817a240 .info.tag: 1028 .info.type: 4 D: freeing h->index[18].data: 0x8189fc0 .info.tag: 1029 .info.type: 1 Segmentation fault (core dumped)
I believe I've fixed this in rpm-3.0.4 (from Raw Hide or ftp.rpm.org). Can you verify if the problem persists there? Thanks.
After building and installing rpm 3.0.4, I tried it again and got the same segmentation fault. Then I did a rebuilddb, and tried it, and it worked correctly. Thanks.
This problem appears to be resolved.