Bug 10762 – RPM core dumps on Solaris 7

Bug 10762 - RPM core dumps on Solaris 7

Summary:	RPM core dumps on Solaris 7

Status:	CLOSED WORKSFORME

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	rpm (Show other bugs)
Sub Component:
Version:	6.2
Hardware:	sparc Linux

Priority	medium Severity high
Target Milestone:	---
Target Release:	---
Assigned To:	Jeff Johnson
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2000-04-12 16:19 EDT by Hung Le
Modified:	2008-05-01 11:37 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2000-04-13 04:19:20 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Hung Le 2000-04-12 16:19:30 EDT

When installing an RPM package, the dirInfoCompare function in
lib/depends.c receieved a NULL pointer as parameter 'two' from the bsearch
function.

Some diagnostics from GDB:

(gdb> cont
Breakpoint 1, dirInfoCompare (one=0xffbee068, two=0x0) at depends.c:140
140         const struct dirInfo * a = one;
(gdb) up
#1  0xff1b9b34 in bsearch () from /usr/lib/libc.so.1
(gdb) up
#2  0x430c4 in alFileSatisfiesDepend (al=0x1f1984, keyType=0x0,
    fileName=0x131dfc "/sbin/install-info") at depends.c:773
773         dirMatch = bsearch(&dirNeedle, al->dirs, al->numDirs,
(gdb) print dirNeedle
$22 = {dirName = 0x133038 "/sbin/", dirNameLen = 6, files = 0xffbee0c0,
  numFiles = 403808}
(gdb) print *al
$23 = {list = 0x1f1ae0, index = {index = 0x0, size = 0}, size = 0, alloced
= 5, numDirs = 0, dirs = 0x0}

Comment 1 eric.b.lemings 2000-04-12 17:42:59 EDT

Upon further investigation, it appears that the bsearch function (in Solaris
libc at least) will happily accept a NULL pointer and a zero as the second
(array base) and third (element count) parameters.  (Verify this.)

It all starts with the alSatisfiesDepend function call at depends.c:963 where
the keyType and keyName parameters are NULL pointers.  This gets propagated down
to alFileSatisfiesDepend function which passes the al->dirs and al->numDirs
arguments to bsearch which are NULL and zero.  The dirInfoCompare function then
receieves a NULL pointer from bsearch.

Need to check for NULL and zero before calling bsearch and do the appropriate
thing.  (Eric, Apr 12 2000)

Comment 2 eric.b.lemings 2000-04-12 17:52:59 EDT

Verified.  bsearch will pass the compare function a NULL pointer if given a NULL
base with zero elements.

Comment 3 Jeff Johnson 2000-04-13 04:19:59 EDT

From rpm-list@redhat.com in the last 2 weeks:

--- lib/depends.c.rkorig        Fri Apr  7 11:55:33 2000
+++ lib/depends.c       Fri Apr  7 11:57:32 2000
@@ -761,6 +761,9 @@ alFileSatisfiesDepend(struct availableLi
     struct dirInfo dirNeedle;
     struct dirInfo * dirMatch;

+       if( al->numDirs == 0 )  // Solaris 2.6 bsearch sucks down on this..
+               return NULL;
+
     {  char * chptr = xstrdup(fileName);
        dirName = chptr;
        chptr = strrchr(chptr, '/');

Note You need to log in before you can comment on or make changes to this bug.