Created attachment 1592751 [details] Simple .spec file to illustrate the problem Description of problem: If a spec file ends with a %postun line (without even a blank line after it), rpmspec and rpm-build give a segmentation fault Version-Release number of selected component (if applicable): rpm-build-libs-4.15.0-0.beta.2.fc31.x86_64 How reproducible: Always Steps to Reproduce: 1. With a spec file ending in a %postun line, say, test.spec 2. rpmspec -q test.spec Actual results: Segmentation fault (core dumped) #0 stripTrailingBlanksStringBuf (sb=0x0) at misc.c:44 #1 0x00007ffff7f8621b in parseScript (spec=spec@entry=0x5555555b0770, parsePart=parsePart@entry=21) at parseScript.c:357 #2 0x00007ffff7f8821a in parseSpec (specFile=specFile@entry=0x7fffffffd9cf "test.spec", flags=flags@entry=3, buildRoot=buildRoot@entry=0x0, recursing=recursing@entry=0) at parseSpec.c:950 #3 0x00007ffff7f88b3b in rpmSpecParse (specFile=specFile@entry=0x7fffffffd9cf "test.spec", flags=flags@entry=3, buildRoot=buildRoot@entry=0x0) at parseSpec.c:1077 #4 0x00007ffff7f8d47f in rpmspecQuery (ts=0x55555559e830, qva=0x5555555592e0 <rpmQVKArgs>, arg=0x7fffffffd9cf "test.spec") at spec.c:517 #5 0x00007ffff7f245a6 in rpmcliArgIter () from /lib64/librpm.so.9 #6 0x00007ffff7f2486a in rpmcliQuery () from /lib64/librpm.so.9 #7 0x00005555555564e3 in main (argc=5, argv=<optimized out>) at rpmspec.c:78 Expected results: Should write the name and version of the package. Adding a blank line after the %postun line works around the problem. Additional info: I hit this bug during a mass rebuild of all our in-house software for rawhide. Some of them had this issue. It seems that the call to parseLines (parseScript.c:355) returns sb as NULL, which is passed onto stripTrailingBlanksStringBuf. Even if that is skipped, the following line results in p being NULL, which is then dereferenced 72 lines later. I think the solution is to only call stripTrailingBlanksStringBuf and getStringBuf if sb is not NULL and set p = "" otherwise.
Created attachment 1592752 [details] Patch to only strip trailing blanks, when the string buffer is not NULL
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
Right, this is a regression introduced in refactoring during 4.15 development. Thanks for the report, reproducer and patch! As often is the case, where there's one there's more and this is no different, there's a similar crash with empty %description at end of spec. Proposed upstream fix for both at https://github.com/rpm-software-management/rpm/pull/816 I'd prefer using your real name for credits over "nvwarr" though.
FEDORA-2019-e4b6ffd824 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4b6ffd824
rpm-4.15.0-0.rc1.1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4b6ffd824
rpm-4.15.0-0.rc1.1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.