Bug 109919 - [rpm-python] memory corruption with dsSingle()
[rpm-python] memory corruption with dsSingle()
Status: CLOSED ERRATA
Product: Red Hat Raw Hide
Classification: Retired
Component: rpm (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-12 18:30 EST by Enrico Scholz
Modified: 2014-01-21 17:48 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-18 07:05:22 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
testcase (630 bytes, text/plain)
2003-11-12 18:31 EST, Enrico Scholz
no flags Details

  None (edit)
Description Enrico Scholz 2003-11-12 18:30:23 EST
Description of problem:

See the attached program; running it standalone gives complete crap e.g.

| $ python /tmp/rpmpy.py /usr/src/redhat/SRPMS/xemacs-21.4.14-3.src.rpm 
| [P Py_Repr >= 0.2
| , P 
| , P openldap-devel
| , P postgresql-devel
| , P ileNames) <= 3.0.4-1
| , P rpmlib(CompressedFileNames) <= 3.0.4-1
| ]


Using it with efence memory debugger gives yet more crap:

| $ ef python /tmp/rpmpy.py /usr/src/redhat/SRPMS/xemacs-21.4.14-3.src.rpm 
| [P  >= 0.2
| , P 
| , P ?I@?I@?3
| , P ?I@?I@?3
| , P ?I@?I@?3
| , P rpmlib(CompressedFileNames) <= 3.0.4-1
| ]


Running it through valgrind, gives good output

| [P esound >= 0.2
| , P perl
| , P postgresql-devel
| , P openldap-devel
| , P compface-devel
| , P rpmlib(CompressedFileNames) <= 3.0.4-1
| ]

but lots of 'invalid read' errors:

| ==7773== Invalid read of size 1
| ==7773==    at 0x40023098: strlen (mac_replace_strmem.c:164)
| ==7773==    by 0x41961715: rpmdsNewDNEVR (in /usr/lib/librpm-4.2.so)
| ==7773==    by 0x419621B2: rpmdsNext (in /usr/lib/librpm-4.2.so)
| ==7773==    by 0x418A021A: (within /usr/lib/python2.2/site-packages/rpmmodule.so)
| ==7773==    Address 0x41E3ECA0 is 20 bytes inside a block of size 30 free'd
| ==7773==    at 0x4002C5AC: free (vg_replace_malloc.c:231)
| ==7773==    by 0x8055B1E: _PyObject_Del (in /usr/bin/python)
| ==7773==    by 0x80595D4: (within /usr/bin/python)
| ==7773==    by 0x80CEB88: (within /usr/bin/python)


Enabling the commented-out part (this with dsFromHeader), has the same
effect.


Version-Release number of selected component (if applicable):

rpm-4.2.1-0.30



How reproducible:

100%
Comment 1 Enrico Scholz 2003-11-12 18:31:19 EST
Created attachment 95933 [details]
testcase
Comment 2 Seth Vidal 2003-11-12 18:32:55 EST
confirmed on Fedora Core 1, as well.
Comment 3 Jeff Johnson 2003-12-18 07:05:22 EST
Fixed in rpm-4.2.2-0.6 and later when built.
Comment 4 John Flanagan 2004-05-12 00:27:16 EDT
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2004-098.html

Note You need to log in before you can comment on or make changes to this bug.