Bug 13468 - rpm v3.0.5 core dumps with certain packages
rpm v3.0.5 core dumps with certain packages
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
6.2
noarch Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-07-04 09:58 EDT by stephens
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-06 20:56:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description stephens 2000-07-04 09:58:31 EDT
I'm not sure which packages cause the problem, but this issue is that
sometimes one of the parameters of lib/depends.c, dirInfoCompare()
is a null value. The function then casts the void* pointer passed
in to a structure and tries to access it, thus causing a core dump.

It needs either a check for NULL in the function (I've tried this and
it works) or a check elsewhere so that null is never passed.
Comment 1 SB 2000-07-06 20:56:01 EDT
Someone on Solaris made note of this problem and said they
thought it only occurred when installing the first package.
My assumption would be (if it indeed happens only when installing
the first package) that an empty or no database would cause it
to crash.  Here is a core dump posted to the rpm-list that illustrates
the problem:
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
142         int lenchk = a->dirNameLen - b->dirNameLen;
(gdb) bt
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
#1  0xff1b9afc in bsearch () from /usr/lib/libc.so.1
#2  0x37f64 in alFileSatisfiesDepend (al=0x3158fc, keyType=0x0, 
    fileName=0x110624 "/bin/sh") at depends.c:773
#3  0x3804c in alSatisfiesDepend (al=0x3158fc, keyType=0x0, keyDepend=0x0, 
    keyName=0x110624 "/bin/sh", keyEVR=0x115104 "", keyFlags=64)
    at depends.c:803
#4  0x386d0 in unsatisfiedDepend (rpmdep=0x3158d0, keyType=0xe1d40 " requires", 
    keyDepend=0x115110 "/bin/sh  ", keyName=0x110624 "/bin/sh", 
    keyEVR=0x115104 "", keyFlags=64, suggestion=0xffbeefd4) at depends.c:963
#5  0x38844 in checkPackageDeps (rpmdep=0x3158d0, psp=0xffbef088, h=0x119d90, 
    keyName=0x0) at depends.c:1007
#6  0x39618 in rpmdepCheck (rpmdep=0x3158d0, conflicts=0xffbef154, 
    numConflicts=0xffbef150) at depends.c:1403
#7  0x4bae0 in rpmInstall (rootdir=0xde610 "/", fileArgv=0x10e1f8, 
    transFlags=0, interfaceFlags=0, probFilter=0, relocations=0x0)
    at rpminstall.c:316
#8  0x267f0 in main (argc=3, argv=0xffbef39c) at rpm.c:1382


From what I can tell no parameters of dirInfoCompare() should
be NULL and thus would indicate that either the database is
not there, empty, or corrupt or that that rpm itself is
incomplete/built incorrectly/corrupt.  It's fixable like you
said, but it is a nice way of finding out if a package is messed
up or not none-the-less.

-Stan Bubrouski
Comment 2 Jeff Johnson 2000-07-10 14:20:22 EDT
This smells like the following patch


/*@dependent@*/ /*@null@*/ static struct availablePackage *
alFileSatisfiesDepend(struct availableList * al,
        const char * keyType, const char * fileName)
{
    int i;
    const char * dirName;
    const char * baseName;
    struct dirInfo dirNeedle;
    struct dirInfo * dirMatch;

+j    if (al->numDirs == 0)       /* Solaris 2.6 bsearch sucks down on this. */
+        return NULL;

which is now added in rpm-3.0.5. Thanks for the report.


Note You need to log in before you can comment on or make changes to this bug.