Bug 1257274 - "scl enable <collection> -" core dumps with large input on stdin
"scl enable <collection> -" core dumps with large input on stdin
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: scl-utils (Show other bugs)
22
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Jan Zeleny
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-26 11:42 EDT by Mat Booth
Modified: 2015-09-24 04:26 EDT (History)
5 users (show)

See Also:
Fixed In Version: 2.0.1-3.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-07 12:35:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Script that causes core dump (10.26 KB, application/x-shellscript)
2015-08-26 11:42 EDT, Mat Booth
no flags Details

  None (edit)
Description Mat Booth 2015-08-26 11:42:55 EDT
Created attachment 1067323 [details]
Script that causes core dump

Description of problem:

The following construct causes a core dump on both Fedora 22 and 23:

scl enable <collection> - << "EOF"
# some large number of commands here
EOF

Please see attached script for a reproducer. Running this script results in the following:

# ./test.sh 
*** Error in `scl': free(): invalid next size (fast): 0x00007f0340bf40e0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7a2b5)[0x7f033e33f2b5]
/lib64/libc.so.6(+0x8297a)[0x7f033e34797a]
/lib64/libc.so.6(cfree+0x4c)[0x7f033e34b4ec]
scl(_free+0x9)[0x7f033ed53969]
scl(has_old_collection+0x39)[0x7f033ed539a9]
scl(main+0x138)[0x7f033ed51108]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7f033e2e56c0]
scl(_start+0x29)[0x7f033ed511f9]

This bug affects both Fedora 22 and Fedora 23:

scl-utils-2.0.1-2.fc22.x86_64
scl-utils-2.0.1-5.fc23.x86_64


Steps to Reproduce:
1. Build and install this SCL metapackage:
https://fedorapeople.org/~mbooth/copr/eclipse-neon/eclipse-neon-1.0-1.fc24.src.rpm
2. Run the attached script: ./test.sh
Comment 1 Mat Booth 2015-08-26 11:45:03 EDT
It's worth noting that this is a regression in behaviour from scl-utils < 2

I was able to build eclipse inside a SCL with the old scl-utils, but I now get core dumps since scl-utils >= 2 was released.
Comment 2 Mat Booth 2015-08-26 13:13:23 EDT
The problem occurs on Fedora 21 also, with:

scl-utils-2.0.1-2.fc21.x86_64

And actually I don't think you even have to have a real SCL installed, simply running the reproducer script on any machine with scl-utils >= 2.0.1 installed triggers the bug.
Comment 3 Mat Booth 2015-08-26 13:34:08 EDT
Some kind of heap corruption..? Here's what valgrind says:

==29834== Memcheck, a memory error detector
==29834== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29834== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==29834== Command: /usr/bin/scl enable beans -
==29834== 
==29834== Syscall param read(buf) points to unaddressable byte(s)
==29834==    at 0x3EB4AF08E0: __read_nocancel (syscall-template.S:81)
==29834==    by 0x3EB4A790F8: _IO_file_xsgetn (fileops.c:1479)
==29834==    by 0x3EB4A6E8EF: fread (iofread.c:42)
==29834==    by 0x404599: extract_command_stdin (args.c:141)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==  Address 0x4c4a1a1 is 0 bytes after a block of size 8,193 alloc'd
==29834==    at 0x4A08B9C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29834==    by 0x404F1D: xrealloc (sclmalloc.c:35)
==29834==    by 0x404568: extract_command_stdin (args.c:142)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==
Comment 4 Fedora Update System 2015-08-27 09:10:41 EDT
scl-utils-2.0.1-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 5 Fedora Update System 2015-08-27 09:10:51 EDT
scl-utils-2.0.1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 6 Fedora Update System 2015-08-28 14:57:44 EDT
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 7 Fedora Update System 2015-08-31 14:52:50 EDT
scl-utils-2.0.1-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 8 Fedora Update System 2015-09-06 17:56:52 EDT
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update 389-ds-base satyr deltarpm ptpd fedup-dracut libhif grub2 openscap perl-RPM-VersionCompare drpm net-snmp libextractor libappstream-glib keepalived foghorn PackageKit createrepo_c cyrus-imapd supermin rpm-ostree rpm scl-utils systemtap libvirt-snmp abrt-java-connector apt opensips pcp sectool rpmreaper anaconda ovaldi abrt perl-RPM2 openlmi-providers openhpi-subagent quagga'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15193
Comment 9 Fedora Update System 2015-09-07 12:35:03 EDT
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2015-09-24 04:26:56 EDT
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.