Bug 107835
| Summary: | dangling pointer in rpm causes random segfaults and other crashes | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Philip Spencer <pspencer> | ||||
| Component: | rpm | Assignee: | Jeff Johnson <jbj> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Mike McLean <mikem> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 9 | CC: | barryn, bugzilla, herrold, jspaleta, laroche, redhat | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2003-12-18 02:51:11 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Philip Spencer
2003-10-23 15:59:37 UTC
Created attachment 95431 [details]
Patch to fix segfaults in rpm-4.2-1
I'm trying to confirm this on my rhl9 box, and I'm having trouble reproducing this at all. So its either very subtle or I'm just super lucky :->. 1. Install Electric Fence and make sure a lot of RPM packages are installed. I have 1300 or so rpms installed, does that count as a lot? I'd like to nominate this via tracker bug, if I can confirm it. If this is a subtle issue, maybe i can confirm it if i had access to your /var/lib/rpm tree and use rpm with the --dbpath switch to query your rpmdb local on my system. If you could tarball up your /var/lib/rpm directory and give me a place to grab it that might be a useful way for me to attempt to confirm your problem. I have 1279 rpms installed so yes, 1300 should be sufficient. You may need to set EF_PROTECT_FREE=1 in the environment to guarantee that eff traps the error. You can access one of our /var/lib/rpm trees (with a few changes since I last had the problem -- for one thing, I've installed my patched version of rpm since then!) at http://www.fields.utoronto.ca/~pspencer/varlibrpm.tgz It shouldn't be necessary, though. The code clearly reveals that a copy of a pointer is held in a local variable across a call to functions that could potentially realloc the pointed-to memory. Whether any re-alloc'ing will actually occur, of course, depends on whether or not the originally alloc'd space is sufficient, which will presumably depend on the order of packages, etc., etc. Yup, very nice catch, thank you for the patch. Yes, obvious by inspection, but very hard to explicitly reproduce. Apologies for the delay, needed to get rpm devel restarted first. Fixed in rpm-4.2.2-0.6 (when built) and later. *** Bug 112489 has been marked as a duplicate of this bug. *** An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-098.html *** Bug 108032 has been marked as a duplicate of this bug. *** |