User-Agent: Build Identifier: Newer glibc have checks - aborting programs with double free. A case of this with rpm was mentioned on #fedora-devel. Reproducible: Always Steps to Reproduce: 1. LANG=ko_KR.UTF8 rpm --dbpath /usr/lib/rpmdb/i386-redhat-linux/redhat/ -qi mc Actual Results: *** glibc detected *** double free or corruption: 0x0992cd68 *** Aborted Expected Results: Lovely information about mc
Backtrace #0 0x0017b782 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x0062e625 in raise () from /lib/tls/libc.so.6 #2 0x0062ffe9 in abort () from /lib/tls/libc.so.6 #3 0x006675eb in malloc_printerr () from /lib/tls/libc.so.6 #4 0x0066808a in free () from /lib/tls/libc.so.6 #5 0x0023cec8 in singleSprintf (hsa=0xfeec6360, token=0x82195d8, element=0) at header.c:141 #6 0x0023cfb4 in singleSprintf (hsa=0xfeec6360, token=0x8215128, element=0) at header.c:3250 #7 0x0023d343 in headerSprintf (h=0x0, fmt=0x81cf898 "Name : %-27{NAME} Relocations: %|PREFIXES?{[%{PREFIXES} ]}:{(not relocatable)}|\\nVersion : %-27{VERSION} Vendor: %{VENDOR}\\nRelease : %-27{RELEASE} Build Date: %{BUILDTIME:date"..., tbltags=0x6, extensions=0x6, errmsg=0xfeec644c) at header.c:3462 #8 0x00d80e96 in showQueryPackage (qva=0xdb1960, ts=0x0, h=0x81fca90) at hdrinline.h:24 #9 0x00d812d1 in rpmcliShowMatches (qva=0xdb1960, ts=0x81cf2d8) at query.c:367 #10 0x00d816de in rpmQueryVerify (qva=0xdb1960, ts=0x81cf2d8, arg=0xfef689e5 "mc") at query.c:771 #11 0x00d82452 in rpmcliQuery (ts=0x81cf2d8, qva=0xdb1960, argv=0x81bac24) at query.c:831 #12 0x080497ac in main (argc=6, argv=0xfeec76c4) at rpmqv.c:789 #13 0x0061bb03 in __libc_start_main () from /lib/tls/libc.so.6
I'm still missing some tidbit to reproduce this. Currently using fc3 glibc-2.3.3-68 ...
I installed korean support group prior to testing: glibc-2.3.3-68 glibc-common-2.3.3-68 h2ps-2.06-12 iiimf-gtk-12.0.1-16.svn1994 nabi-0.14-3 system-switch-im-0.1.2-3 iiimf-x-12.0.1-16.svn1994 iiimf-le-hangul-12.0.1-16.svn1994 ttfonts-ko-1.0.11-32.2 man-pages-ko-1.48-14 iiimf-docs-12.0.1-16.svn1994 iiimf-gnome-im-switcher-12.0.1-16.svn1994 nhpf-1.42-8 iiimf-server-12.0.1-16.svn1994 iiimf-csconv-12.0.1-16.svn1994
Removed the non glibc packages above: [pauln@anu ~]$ rpm -q mc mc-4.6.1-0.5 [pauln@anu ~]$ LANG=ko_KR.UTF-8 rpm -qi mc *** glibc detected *** double free or corruption: 0x08493c88 *** Aborted If need be I can provide ssh access to the box
*** Bug 137399 has been marked as a duplicate of this bug. ***
Move blocker/CC from dupe
The specific package changes I guess depending on initial setup (my package is now jpackage-utils LANG=ko_KR.UTF-8 rpm -qia is probably the reliable reproducer. Based on the fact that the rogue package now does not have any translated strings, I'm guessing it's something like the date formatting. Can you reproduce with: LANG=ko_KR.UTF-8 LC_TIME=C rpm -qia (or translated package).
Created attachment 105885 [details] Core rpm-4.3.2-13 rpm-debuginfo-4.3.2-13 #6 0x009a0fb4 in singleSprintf (hsa=0xfee88960, token=0x8cf06b0, element=0) at header.c:3250 3250 te = singleSprintf(hsa, spft, element); (gdb) x 0x8cf0b0 0x8cf0b0 <pgpPrtSig+698>: 0xdc758bd4 (gdb) x 0xfee8960 Looks like signature is causing it in my instance: LANG=ko_KR.UTF-8 rpm --qf '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|\n' -q jpackage-utils *** glibc detected *** double free or corruption: 0x0838ed88 *** Aborted I wonder if it's the first signed package - which will vary a lot in rawhide.
Thank you. I have not been able to reproduce, and was expecting an entirely different issue, freeing header date retrieved from dcgettext used for look aside retrieve.
Fixed in rpm-4.3.2-19. Thanks for the patch.
Confirmed fixed in 4.3.2-19 thanks.
In /var/log/messages i see: *** glibc detected *** double free or corruption (!prev): 0x094c8f18 *** What could be the cause of this and how can it be resolved.