Bug 1257274 - "scl enable <collection> -" core dumps with large input on stdin
Summary: "scl enable <collection> -" core dumps with large input on stdin
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: scl-utils
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Jan Zeleny
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-26 15:42 UTC by Mat Booth
Modified: 2015-09-24 08:26 UTC (History)
5 users (show)

Fixed In Version: 2.0.1-3.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-07 16:35:04 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Script that causes core dump (10.26 KB, application/x-shellscript)
2015-08-26 15:42 UTC, Mat Booth 		no flags Details
View All

Description Mat Booth 2015-08-26 15:42:55 UTC 
Created attachment 1067323 [details]
Script that causes core dump

Description of problem:

The following construct causes a core dump on both Fedora 22 and 23:

scl enable <collection> - << "EOF"
# some large number of commands here
EOF

Please see attached script for a reproducer. Running this script results in the following:

# ./test.sh 
*** Error in `scl': free(): invalid next size (fast): 0x00007f0340bf40e0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7a2b5)[0x7f033e33f2b5]
/lib64/libc.so.6(+0x8297a)[0x7f033e34797a]
/lib64/libc.so.6(cfree+0x4c)[0x7f033e34b4ec]
scl(_free+0x9)[0x7f033ed53969]
scl(has_old_collection+0x39)[0x7f033ed539a9]
scl(main+0x138)[0x7f033ed51108]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7f033e2e56c0]
scl(_start+0x29)[0x7f033ed511f9]

This bug affects both Fedora 22 and Fedora 23:

scl-utils-2.0.1-2.fc22.x86_64
scl-utils-2.0.1-5.fc23.x86_64


Steps to Reproduce:
1. Build and install this SCL metapackage:
https://fedorapeople.org/~mbooth/copr/eclipse-neon/eclipse-neon-1.0-1.fc24.src.rpm
2. Run the attached script: ./test.sh
Comment 1 Mat Booth 2015-08-26 15:45:03 UTC 
It's worth noting that this is a regression in behaviour from scl-utils < 2

I was able to build eclipse inside a SCL with the old scl-utils, but I now get core dumps since scl-utils >= 2 was released.
Comment 2 Mat Booth 2015-08-26 17:13:23 UTC 
The problem occurs on Fedora 21 also, with:

scl-utils-2.0.1-2.fc21.x86_64

And actually I don't think you even have to have a real SCL installed, simply running the reproducer script on any machine with scl-utils >= 2.0.1 installed triggers the bug.
Comment 3 Mat Booth 2015-08-26 17:34:08 UTC 
Some kind of heap corruption..? Here's what valgrind says:

==29834== Memcheck, a memory error detector
==29834== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29834== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==29834== Command: /usr/bin/scl enable beans -
==29834== 
==29834== Syscall param read(buf) points to unaddressable byte(s)
==29834==    at 0x3EB4AF08E0: __read_nocancel (syscall-template.S:81)
==29834==    by 0x3EB4A790F8: _IO_file_xsgetn (fileops.c:1479)
==29834==    by 0x3EB4A6E8EF: fread (iofread.c:42)
==29834==    by 0x404599: extract_command_stdin (args.c:141)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==  Address 0x4c4a1a1 is 0 bytes after a block of size 8,193 alloc'd
==29834==    at 0x4A08B9C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29834==    by 0x404F1D: xrealloc (sclmalloc.c:35)
==29834==    by 0x404568: extract_command_stdin (args.c:142)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==
Comment 4 Fedora Update System 2015-08-27 13:10:41 UTC 
scl-utils-2.0.1-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 5 Fedora Update System 2015-08-27 13:10:51 UTC 
scl-utils-2.0.1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 6 Fedora Update System 2015-08-28 18:57:44 UTC 
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 7 Fedora Update System 2015-08-31 18:52:50 UTC 
scl-utils-2.0.1-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 8 Fedora Update System 2015-09-06 21:56:52 UTC 
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update 389-ds-base satyr deltarpm ptpd fedup-dracut libhif grub2 openscap perl-RPM-VersionCompare drpm net-snmp libextractor libappstream-glib keepalived foghorn PackageKit createrepo_c cyrus-imapd supermin rpm-ostree rpm scl-utils systemtap libvirt-snmp abrt-java-connector apt opensips pcp sectool rpmreaper anaconda ovaldi abrt perl-RPM2 openlmi-providers openhpi-subagent quagga'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15193
Comment 9 Fedora Update System 2015-09-07 16:35:03 UTC 
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2015-09-24 08:26:56 UTC 
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.