Red Hat Bugzilla – Bug 1106594
huge stack allocation in rpmDoDigest() function
Last modified: 2014-10-03 23:27:01 EDT
Description of problem:
In function rpmDoDigest() (from rpmio/rpmfileutil.c file, line 143) variable buf is declared as: unsigned char buf[32*BUFSIZ]. Currently, BUFSIZ from stdio.h has value of 8192, which makes the buf variable take 256KB from stack. And this looks like a problem. I'm using rpmDoDigest() and rpmVerifyFile() functions in software provider in OpenLMI project. These providers are running under cimserver, and when I try to call the mentioned functions there, it crashes. Unfortunately, I wasn't able to reproduce the issue outside of cimserver.
I'll attach the abrt data of the crash (which is not very useful) and example patch which fixes the problem for me.
Version-Release number of selected component (if applicable):
Created attachment 904784 [details]
abrt data of the crash
Created attachment 904785 [details]
example patch fixing the problem for me
256KB is no more than 1/32 of the default 8MB stack limit, I suspect cimserver/providers are actually the bigger stack hog :)
That said, there's no reason (never mind a good one) for such a large stack allocation in rpmDoDigest() as performance is always going to be limited on physical IO + digest calculation, not allocation speed. Will fix.
rpm-4.11.3-1.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpm-4.11.3-1.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
rpm-4.11.3-1.fc19 has been submitted as an update for Fedora 19.
rpm-4.11.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
rpm-4.11.3-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.