Bug 1106594 - huge stack allocation in rpmDoDigest() function
Summary: huge stack allocation in rpmDoDigest() function
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: 20
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-09 16:05 UTC by Peter Schiffer
Modified: 2014-10-04 03:27 UTC (History)
5 users (show)

Fixed In Version: rpm-4.11.3-1.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-19 09:58:43 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
ccpp-2014-06-09-15:50:56-21584.zip (1.36 MB, application/zip)
2014-06-09 16:06 UTC, Peter Schiffer 		no flags Details
rpm-4.11.2-dynamic-buf-allocation.patch (1.27 KB, patch)
2014-06-09 16:06 UTC, Peter Schiffer 		no flags Details | Diff
View All

Description Peter Schiffer 2014-06-09 16:05:12 UTC 
Description of problem:
In function rpmDoDigest() (from rpmio/rpmfileutil.c file, line 143) variable buf is declared as: unsigned char buf[32*BUFSIZ]. Currently, BUFSIZ from stdio.h has value of 8192, which makes the buf variable take 256KB from stack. And this looks like a problem. I'm using rpmDoDigest() and rpmVerifyFile() functions in software provider in OpenLMI project. These providers are running under cimserver, and when I try to call the mentioned functions there, it crashes. Unfortunately, I wasn't able to reproduce the issue outside of cimserver.

I'll attach the abrt data of the crash (which is not very useful) and example patch which fixes the problem for me.

Version-Release number of selected component (if applicable):
rpm-libs-4.11.2-2.fc20.x86_64
Comment 1 Peter Schiffer 2014-06-09 16:06:00 UTC 
Created attachment 904784 [details]
ccpp-2014-06-09-15:50:56-21584.zip

abrt data of the crash
Comment 2 Peter Schiffer 2014-06-09 16:06:48 UTC 
Created attachment 904785 [details]
rpm-4.11.2-dynamic-buf-allocation.patch

example patch fixing the problem for me
Comment 3 Panu Matilainen 2014-06-11 08:05:05 UTC 
256KB is no more than 1/32 of the default 8MB stack limit, I suspect cimserver/providers are actually the bigger stack hog :)

That said, there's no reason (never mind a good one) for such a large stack allocation in rpmDoDigest() as performance is always going to be limited on physical IO + digest calculation, not allocation speed. Will fix.
Comment 4 Panu Matilainen 2014-06-11 10:19:01 UTC 
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=272033470b8f3485ef700213ae3ab2271d882a72
Comment 5 Fedora Update System 2014-09-08 06:56:28 UTC 
rpm-4.11.3-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rpm-4.11.3-1.fc20
Comment 6 Fedora Update System 2014-09-09 22:05:16 UTC 
Package rpm-4.11.3-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rpm-4.11.3-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-10325/rpm-4.11.3-1.fc20
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2014-09-16 07:49:59 UTC 
rpm-4.11.3-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rpm-4.11.3-1.fc19
Comment 8 Fedora Update System 2014-09-19 09:58:43 UTC 
rpm-4.11.3-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2014-10-04 03:27:01 UTC 
rpm-4.11.3-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.