13468 – rpm v3.0.5 core dumps with certain packages

Bug 13468 - rpm v3.0.5 core dumps with certain packages

Summary: rpm v3.0.5 core dumps with certain packages

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	rpm
Sub Component:
Version:	6.2
Hardware:	noarch
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeff Johnson
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-07-04 13:58 UTC by stephens
Modified:	2017-04-05 18:45 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-07-07 00:56:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description stephens 2000-07-04 13:58:31 UTC

I'm not sure which packages cause the problem, but this issue is that
sometimes one of the parameters of lib/depends.c, dirInfoCompare()
is a null value. The function then casts the void* pointer passed
in to a structure and tries to access it, thus causing a core dump.

It needs either a check for NULL in the function (I've tried this and
it works) or a check elsewhere so that null is never passed.

Comment 1 SB 2000-07-07 00:56:01 UTC

Someone on Solaris made note of this problem and said they
thought it only occurred when installing the first package.
My assumption would be (if it indeed happens only when installing
the first package) that an empty or no database would cause it
to crash.  Here is a core dump posted to the rpm-list that illustrates
the problem:
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
142         int lenchk = a->dirNameLen - b->dirNameLen;
(gdb) bt
#0  0x36ad8 in dirInfoCompare (one=0xffbeee28, two=0x0) at depends.c:142
#1  0xff1b9afc in bsearch () from /usr/lib/libc.so.1
#2  0x37f64 in alFileSatisfiesDepend (al=0x3158fc, keyType=0x0, 
    fileName=0x110624 "/bin/sh") at depends.c:773
#3  0x3804c in alSatisfiesDepend (al=0x3158fc, keyType=0x0, keyDepend=0x0, 
    keyName=0x110624 "/bin/sh", keyEVR=0x115104 "", keyFlags=64)
    at depends.c:803
#4  0x386d0 in unsatisfiedDepend (rpmdep=0x3158d0, keyType=0xe1d40 " requires", 
    keyDepend=0x115110 "/bin/sh  ", keyName=0x110624 "/bin/sh", 
    keyEVR=0x115104 "", keyFlags=64, suggestion=0xffbeefd4) at depends.c:963
#5  0x38844 in checkPackageDeps (rpmdep=0x3158d0, psp=0xffbef088, h=0x119d90, 
    keyName=0x0) at depends.c:1007
#6  0x39618 in rpmdepCheck (rpmdep=0x3158d0, conflicts=0xffbef154, 
    numConflicts=0xffbef150) at depends.c:1403
#7  0x4bae0 in rpmInstall (rootdir=0xde610 "/", fileArgv=0x10e1f8, 
    transFlags=0, interfaceFlags=0, probFilter=0, relocations=0x0)
    at rpminstall.c:316
#8  0x267f0 in main (argc=3, argv=0xffbef39c) at rpm.c:1382


From what I can tell no parameters of dirInfoCompare() should
be NULL and thus would indicate that either the database is
not there, empty, or corrupt or that that rpm itself is
incomplete/built incorrectly/corrupt.  It's fixable like you
said, but it is a nice way of finding out if a package is messed
up or not none-the-less.

-Stan Bubrouski

Comment 2 Jeff Johnson 2000-07-10 18:20:22 UTC

This smells like the following patch


/*@dependent@*/ /*@null@*/ static struct availablePackage *
alFileSatisfiesDepend(struct availableList * al,
        const char * keyType, const char * fileName)
{
    int i;
    const char * dirName;
    const char * baseName;
    struct dirInfo dirNeedle;
    struct dirInfo * dirMatch;

+j    if (al->numDirs == 0)       /* Solaris 2.6 bsearch sucks down on this. */
+        return NULL;

which is now added in rpm-3.0.5. Thanks for the report.

Comment 3 openshift-github-bot 2017-04-05 18:45:43 UTC

Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/4f2de74f46f63a1b74bd43f66a65634c547359f4
Merge pull request #13552 from soltysh/issue13468

Merged by openshift-bot

Note You need to log in before you can comment on or make changes to this bug.