From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b Description of problem: If rpmbuild is invoked with a wrong source package (a source package which contains bit errors), rpmbuild may abort with this output: *** glibc detected *** double free or corruption (fasttop): 0x080952a0 *** Aborted Apparently, rpmbuild does not detect the errorneous nature of the input data and does something it should never do on any input (e.g. double free or corruption). Version-Release number of selected component (if applicable): rpm-4.1.1-222 How reproducible: Always Steps to Reproduce: 1. Download http://suse.mirrors.tds.net/pub/opensuse/distribution/SL-10.0-OSS/inst-source/suse/src/wxGTK-2.6.1.0-4.src.rpm 2. Apply the attached file "wxGTK-2.6.1.0-4.src.rpm.makeBroken.xdelta" using the command "xdelta patch wxGTK-2.6.1.0-4.src.rpm.makeBroken.xdelta wxGTK-2.6.1.0-4.src.rpm wxGTK-2.6.1.0-4.src.rpm.broken.new" 3. Run "rpmbuild --rebuild wxGTK-2.6.1.0-4.src.rpm.broken.new" Actual Results: rpmbuild's output is: Installing wxGTK-2.6.1.0-4.src.rpm.broken.new *** glibc detected *** double free or corruption (fasttop): 0x080952a0 *** Aborted Expected Results: rpmbuild should invoke the build process fine. Additional info: Although I'm an OpenSuSE user, I'm reporting here, because "rpm.org" points to this bugzilla instance for reporting rpm bugs. I'm not reporting at the OpenSuSE bugzilla, because Novell requires me to enclose too much private information. I believe that this bug applies to every RPM i386 distribution. I reproduced the problem using this rpm binary: http://suse.mirrors.tds.net/pub/opensuse/distribution/SL-10.0-OSS/inst-source/suse/src/rpm-4.1.1-222.src.rpm I'm not attaching the complete test case file "wxGTK-2.6.1.0-4.src.rpm.broken.new", as it is 14000669 bytes long. The files used in reproduction should have following md5sums: bdbe2a58f813a99d16c83c467b1cace5 wxGTK-2.6.1.0-4.src.rpm b11d23efe2ac7a4b3a17311600d16cb6 wxGTK-2.6.1.0-4.src.rpm.broken.new 140c65795f6717a859da4f2183bbc6f7 wxGTK-2.6.1.0-4.src.rpm.makeBroken.xdelta
Created attachment 122724 [details] The patch to make a test case "wxGTK-2.6.1.0-4.src.rpm.broken.new" out of a correct "wxGTK-2.6.1.0-4.src.rpm" This is an xdelta patch, as ordinary "diff" patches are not suitable for binary packages. If you have problems, I may also post the full "wxGTK-2.6.1.0-4.src.rpm.broken.new" file (which is about 14 MB long).
rpm-4.1.1 (and later) has the ability to verify signatures and/or digests of the package before attempting processing (where the double free is occurring). Whether SuSE or users wish to enable and use that feature is not an rpm problem.
Did you try the test case before declarng "WORKSFORME"?