Description of problem: glibc stack traceback reports buffer overflow from rpm, when executed by mzbuild from mezzanine: [charlieb@pc-00227 smeserver-spamassassin]$ mzbuild *** buffer overflow detected ***: /bin/rpm terminated ======= Backtrace: ========= /lib64/libc.so.6(__chk_fail+0x2f)[0x369bae0cdf] /usr/lib64/librpmio-4.4.so(rpmExpand+0x66)[0x369de1bd16] /usr/lib64/librpm-4.4.so[0x369ea22d6c] /usr/lib64/libpopt.so.0[0x36a8c024e0] /usr/lib64/libpopt.so.0[0x36a8c02519] /usr/lib64/libpopt.so.0(poptGetNextOpt+0x402)[0x36a8c03342] /bin/rpm[0x4037d9] /lib64/libc.so.6(__libc_start_main+0xf4)[0x369ba1da44] /bin/rpm[0x403549] ======= Memory map: ======== 00400000-00413000 r-xp 00000000 fd:00 18251803 /bin/rpm 00612000-00615000 rw-p 00012000 fd:00 18251803 /bin/rpm 00615000-00621000 rw-p 00615000 00:00 0 00814000-00817000 rw-p 00014000 fd:00 18251803 /bin/rpm 00817000-00858000 rw-p 00817000 00:00 0 [heap] 369b600000-369b61a000 r-xp 00000000 fd:00 15695934 /lib64/ld-2.5.so 369b819000-369b81a000 r--p 00019000 fd:00 15695934 /lib64/ld-2.5.so 369b81a000-369b81b000 rw-p 0001a000 fd:00 15695934 /lib64/ld-2.5.so 369ba00000-369bb44000 r-xp 00000000 fd:00 15696149 /lib64/libc-2.5.so 369bb44000-369bd44000 ---p 00144000 fd:00 15696149 /lib64/libc-2.5.so 369bd44000-369bd48000 r--p 00144000 fd:00 15696149 /lib64/libc-2.5.so 369bd48000-369bd49000 rw-p 00148000 fd:00 15696149 /lib64/libc-2.5.so 369bd49000-369bd4e000 rw-p 369bd49000 00:00 0 369be00000-369be82000 r-xp 00000000 fd:00 15696195 /lib64/libm-2.5.so 369be82000-369c081000 ---p 00082000 fd:00 15696195 /lib64/libm-2.5.so 369c081000-369c082000 r--p 00081000 fd:00 15696195 /lib64/libm-2.5.so 369c082000-369c083000 rw-p 00082000 fd:00 15696195 /lib64/libm-2.5.so 369c200000-369c203000 r-xp 00000000 fd:00 15696196 /lib64/libdl-2.5.so 369c203000-369c402000 ---p 00003000 fd:00 15696196 /lib64/libdl-2.5.so 369c402000-369c403000 r--p 00002000 fd:00 15696196 /lib64/libdl-2.5.so 369c403000-369c404000 rw-p 00003000 fd:00 15696196 /lib64/libdl-2.5.so 369c600000-369c614000 r-xp 00000000 fd:00 28704777 /usr/lib64/libz.so.1.2.3 369c614000-369c813000 ---p 00014000 fd:00 28704777 /usr/lib64/libz.so.1.2.3 369c813000-369c814000 rw-p 00013000 fd:00 28704777 /usr/lib64/libz.so.1.2.3 369ca00000-369ca11000 r-xp 00000000 fd:00 28715379 /usr/lib64/libelf-0.125.so 369ca11000-369cc11000 ---p 00011000 fd:00 28715379 /usr/lib64/libelf-0.125.so 369cc11000-369cc12000 rw-p 00011000 fd:00 28715379 /usr/lib64/libelf-0.125.so 369ce00000-369ce29000 r-xp 00000000 fd:00 28711046 /usr/lib64/libbeecrypt.so.6.4.0 369ce29000-369d028000 ---p 00029000 fd:00 28711046 /usr/lib64/libbeecrypt.so.6.4.0 369d028000-369d02c000 rw-p 00028000 fd:00 28711046 /usr/lib64/libbeecrypt.so.6.4.0 369d200000-369d21e000 r-xp 00000000 fd:00 28715374 /usr/lib64/libneon.so.25.0.5 369d21e000-369d41d000 ---p 0001e000 fd:00 28715374 /usr/lib64/libneon.so.25.0.5 369d41d000-369d41f000 rw-p 0001d000 fd:00 28715374 /usr/lib64/libneon.so.25.0.5 369d600000-369d615000 r-xp 00000000 fd:00 15696202 /lib64/libpthread-2.5.so 369d615000-369d814000 ---p 00015000 fd:00 15696202 /lib64/libpthread-2.5.so 369d814000-369d815000 r--p 00014000 fd:00 15696202 /lib64/libpthread-2.5.so 369d815000-369d816000 rw-p 00015000 fd:00 15696202 /lib64/libpthread-2.5.so 369d816000-369d81a000 rw-p 369d816000 00:00 0 369da00000-369da20000 r-xp 00000000 fd:00 15696194 /lib64/libexpat.so.0.5.0 369da20000-369dc1f000 ---p 00020000 fd:00 15696194 /lib64/libexpat.so.0.5.0 369dc1f000-369dc22000 rw-p 0001f000 fd:00 15696194 /lib64/libexpat.so.0.5.0 369de00000-369de77000 r-xp 00000000 fd:00 28715376 /usr/lib64/librpmio-4.4.so 369de77000-369e077000 ---p 00077000 fd:00 28715376 /usr/lib64/librpmio-4.4.so 369e077000-369e07c000 rw-p 00077000 fd:00 28715376 /usr/lib64/librpmio-4.4.so 369e07c000-369e09f000 rw-p 369e07c000 00:00 0 369e200000-369e258000 r-xp 00000000 fd:00 28715378 /usr/lib64/libsqlite3.so.0.8.6 369e258000-369e458000 ---p 00058000 fd:00 28715378 /usr/lib64/libsqlite3.so.0.8.6 369e458000-369e45a000 rw-p 00058000 fd:00 28715378 /usr/lib64/libsqlite3.so.0.8.6 369e600000-369e70d000 r-xp 00000000 fd:00 28715380 /usr/lib64/librpmdb-4.4.so 369e70d000-369e90c000 ---p 0010d000 fd:00 28715380 /usr/lib64/librpmdb-4.4.so 369e90c000-369e913000 rw-p 0010c000 fd:00 28715380 /usr/lib64/librpmdb-4.4.so 369e913000-369e914000 rw-p 369e913000 00:00 0 369ea00000-369ea58000 r-xp 00000000 fd:00 28715381 /usr/lib64/librpm-4.4.so 369ea58000-369ec57000 ---p 00058000 fd:00 28715381 /usr/lib64/librpm-4.4.so 369ec57000-369ec5d000 rw-p 00057000 fd:00 28715381 /usr/lib64/librpm-4.4.so 369ec5d000-369ec8f000 rw-p 369ec5d000 00:00 0 36a1200000-36a120d000 r-xp 00000000 fd:00 15696197 /lib64/libgcc_s-4.1.1-20070105.so.1 36a120d000-36a140c000 ---p 0000d000 fd:00 15696197 /lib64/libgcc_s-4.1.1-20070105.so.1 36a140c000-36a140d000 rw-p 0000c000 fd:00 15696197 /lib64/libgcc_s-4.1.1-20070105.so.1 36a1a00000-36a1ae6000 r-xp 00000000 fd:00 28709672 /usr/lib64/libstdc++.so.6.0.8 36a1ae6000-36a1ce5000 ---p 000e6000 fd:00 28709672 /usr/lib64/libstdc++.so.6.0.8 36a1ce5000-36a1ceb000 r--p 000e5000 fd:00 28709672 /usr/lib64/libstdc++.so.6.0.8 36a1ceb000-36a1cee000 rw-p 000eb000 fd:00 28709672 /usr/lib64/libstdc++.so.6.0.8 36a1cee000-36a1d00000 rw-p 36a1cee000 00:00 0 36a4c00000-36a4c3b000 r-xp 00000000 fd:00 15695911 /lib64/libsepol.so.1 36a4c3b000-36a4e3b000 ---p 0003b000 fd:00 15695911 /lib64/libsepol.so.1 36a4e3b000-36a4e3c000 rw-p 0003b000 fd:00 15695911 /lib64/libsepol.so.1 36a4e3c000-36a4e46000 rw-p 36a4e3c000 00:00 0 36a5400000-36a5415000 r-xp 00000000 fd:00 15696206 /lib64/libselinux.so.1 36a5415000-36a5615000 ---p 00015000 fd:00 15696206 /lib64/libselinux.so.1 36a5615000-36a5617000 rw-p 00015000 fd:00 15696206 /lib64/libselinux.so.1 36a5617000-36a5618000 rw-p 36a5617000 00:00 0 36a5800000-36a5808000 r-xp 00000000 fd:00 15696205 /lib64/librt-2.5.so 36a5808000-36a5a07000 ---p 00008000 fd:00 15696205 /lib64/librt-2.5.so 36a5a07000-36a5a08000 r--p 00007000 fd:00 15696205 /lib64/librt-2.5.so 36a5a08000-36a5a09000 rw-p 00008000 fd:00 15696205 /lib64/librt-2.5.so 36a6000000-36a6011000 r-xp 00000000 fd:00 15695874 /lib64/libresolv-2.5.so 36a6011000-36a6211000 ---p 00011000 fd:00 15695874 /lib64/libresolv-2.5.so 36a6211000-36a6212000 r--p 00011000 fd:00 15695874 /lib64/libresolv-2.5.so 36a6212000-36a6213000 rw-p 00012000 fd:00 15695874 /lib64/libresolv-2.5.so 36a6213000-36a6215000 rw-p 36a6213000 00:00 0 36a6400000-36a6525000 r-xp 00000000 fd:00 15696200 /lib64/libcrypto.so.0.9.8b 36a6525000-36a6724000 ---p 00125000 fd:00 15696200 /lib64/libcrypto.so.0.9.8b 36a6724000-36a6743000 rw-p 00124000 fd:00 15696200 /lib64/libcrypto.so.0.9.8b 36a6743000-36a6747000 rw-p 36a6743000 00:00 0 36a6800000-36a6802000 r-xp 00000000 fd:00 15696199 /lib64/libcom_err.so.2.1 36a6802000-36a6a01000 ---p 00002000 fd:00 15696199 /lib64/libcom_err.so.2.1 36a6a01000-36a6a02000 rw-p 00001000 fd:00 15696199 /lib64/libcom_err.so.2.1 36a6c00000-36a6c83000 r-xp 00000000 fd:00 28710930 /usr/lib64/libkrb5.so.3.2 36a6c83000-36a6e83000 ---p 00083000 fd:00 28710930 /usr/lib64/libkrb5.so.3.2 36a6e83000-36a6e87000 rw-p 00083000 fd:00 28710930 /usr/lib64/libkrb5.so.3.2 36a7000000-36a7007000 r-xp 00000000 fd:00 28710910 /usr/lib64/libkrb5support.so.0.1 36a7007000-36a7206000 ---p 00007000 fd:00 28710910 /usr/lib64/libkrb5support.so.0.1 36a7206000-36a7207000 rw-p 00006000 fd:00 28710910 /usr/lib64/libkrb5support.so.0.1 36a7400000-36a7423000 r-xp 00000000 fd:00 28710911 /usr/lib64/libk5crypto.so.3.0 36a7423000-36a7623000 ---p 00023000 fd:00 28710911 /usr/lib64/libk5crypto.so.3.0 36a7623000-36a7625000 rw-p 00023000 fd:00 28710911 /usr/lib64/libk5crypto.so.3.0 36a7c00000-36a7c29000 r-xp 00000000 fd:00 28710962 /usr/lib64/libgssapi_krb5.so.2.2 36a7c29000-36a7e28000 ---p 00029000 fd:00 28710962 /usr/lib64/libgssapi_krb5.so.2.2 36a7e28000-36a7e2a000 rw-p 00028000 fd:00 28710962 /usr/lib64/libgssapi_krb5.so.2.2 36a8400000-36a8443000 r-xp 00000000 fd:00 15696201 /lib64/libssl.so.0.9.8b 36a8443000-36a8643000 ---p 00043000 fd:00 15696201 /lib64/libssl.so.0.9.8b 36a8643000-36a8649000 rw-p 00043000 fd:00 15696201 /lib64/libssl.so.0.9.8b 36a8c00000-36a8c07000 r-xp 00000000 fd:00 28715377 /usr/lib64/libpopt.so.0.0.0 36a8c07000-36a8e07000 ---p 00007000 fd:00 28715377 /usr/lib64/libpopt.so.0.0.0 36a8e07000-36a8e08000 rw-p 00007000 fd:00 28715377 /usr/lib64/libpopt.so.0.0.0 36ae800000-36ae80f000 r-xp 00000000 fd:00 28715375 /usr/lib64/libbz2.so.1.0.3 36ae80f000-36aea0e000 ---p 0000f000 fd:00 28715375 /usr/lib64/libbz2.so.1.0.3 36aea0e000-36aea10000 rw-p 0000e000 fd:00 28715375 /usr/lib64/libbz2.so.1.0.3 2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0 2aaaaaad9000-2aaaaaae5000 rw-p 2aaaaaad9000 00:00 0 2aaaaaae5000-2aaaadfd7000 r--p 00000000 fd:00 28709277 /usr/lib/locale/locale-archive 7fffd08ca000-7fffd08e3000 rw-p 7fffd08ca000 00:00 0 [stack] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso] pkgtool: Warning: Pre-processing spec file /home/charlieb/mezzanine/smeserver-spamassassin/build.mezz/SPECS/smeserver-spamassassin.spec failed; using internal parser. pkgtool: Warning: Build dependency installation failed: Unable to install e-smith-devtools (1) error: Failed build dependencies: pkgtool: Error: Package build failed: Building this package requires the following: e-smith-devtools >= 1.11.0-12 [charlieb@pc-00227 smeserver-spamassassin]$ Version-Release number of selected component (if applicable): [charlieb@pc-00227 smeserver-spamassassin]$ rpm -q rpm glibc mezzanine rpm-4.4.2-32 glibc-2.5-10.fc6 glibc-2.5-10.fc6 mezzanine-1.9-0.12.el4.sme [charlieb@pc-00227 smeserver-spamassassin]$
Hey Charlie. :) First, you'll want to fire up mzbuild in debug mode (-d or --debug) to get more detailed tracing information about which invocation of /bin/rpm is causing this. From the look of it, it appears to be the same type of problem I ran into not too long ago which was fixed in upstream RPM, around 4.4.8-0.4 or so. It has to do with Mezz running "rpm --eval" to expand macros in the spec file. The rpm-devel list archives should have the patch jbj worked up for it.
> The rpm-devel list archives should have the patch jbj worked up for it. I couldn't find it. But I did find a patch by Olivier Thauvin: https://lists.dulug.duke.edu/pipermail/rpm-devel/2006-June/001114.html And that patch does fix the problem. --- rpm-4.4.2/rpmio/macro.c 2005-07-13 05:49:40.000000000 -0400 +++ mezzanine_patched_rpm-4.4.2/rpmio/macro.c 2007-02-12 19:33:31.000000000 -0500 @@ -1256,7 +1256,7 @@ chkexist = 0; switch ((c = *s)) { default: /* %name substitution */ - while (strchr("!?", *s) != NULL) { + while (*s && strchr("!?", *s) != NULL) { switch(*s++) { case '!': BTW, jbj does say there are 3-4 other segfaults in macro.c, but doesn't say whether he has fixed them. [BTW, there's another bug here for you to chase. mzimport -L of the rpm src.rpm lost the rpm tarball: ... srctool: Warning: Pre-processing spec file /var/tmp/mezzanine.temp.SPM.32539.2730/rpm/F/rpm.spec failed; using internal parser. You requested local mode. To add this tree to SCM, you will need to import it by hand (mzimport rpm). [charlieb@pc-00227 mezzanine.local]$ ls rpm F P S [charlieb@pc-00227 mezzanine.local]$ ls rpm/S/ mono-find-provides mono-find-requires [charlieb@pc-00227 mezzanine.local]$ ]
If you can find the prpblems in macros.c, I can fix. Meanwhile, gud enuf. My "3-4" estimate is purely a guess eyeballing code ...
(In reply to comment #2) > > The rpm-devel list archives should have the patch jbj worked up for it. > > I couldn't find it. https://lists.dulug.duke.edu/pipermail/rpm-devel/2006-November/001839.html I believe it contains the fixes for the problem I reported as well as other similar issues. Even though you found the fix for your particular problem, this patch will almost certainly correct other problems. > [BTW, there's another bug here for you to chase. mzimport -L of the rpm src.rpm > lost the rpm tarball: > > ... > srctool: Warning: Pre-processing spec file > /var/tmp/mezzanine.temp.SPM.32539.2730/rpm/F/rpm.spec failed; using internal parser. > You requested local mode. To add this tree to SCM, you will need to import it > by hand (mzimport rpm). > [charlieb@pc-00227 mezzanine.local]$ ls rpm > F P S > [charlieb@pc-00227 mezzanine.local]$ ls rpm/S/ > mono-find-provides mono-find-requires > [charlieb@pc-00227 mezzanine.local]$ > ] Yes, this is a known issue with Mezz and the rpm spec file used in older versions of RPM. (It does not occur with RPM 4.4.8.) It has to do with the use of %expand, the failure of /bin/rpm to parse the spec file (as noted in the warning), and the use of the %{rpm_version} macro in the Source0: line. Specifically, Mezz's internal parser does not properly handle this line: %{expand: %%define rpm_version %{version}} which causes this line: Source: ftp://wraptastic.org/pub/rpm-devel/rpm-%{rpm_version}.tar.gz to be erroneously parsed. My work-around in the past has always been to rpm -Uvh the SRPM, edit the spec file, build an SRPM, and then mzimport the new SRPM. However, fixing the problems which are causing the "Pre-processing spec file" failure or updating to RPM 4.4.8 will alleviate the issue.
This bug appears to be unfixed in RHEL5.
User pnasrat's account has been closed
Reassigning to owner after bugzilla made a mess, sorry about the noise...
This should be fixed by rpm 4.4.2.1 now in FC6 updates, if not please reopen.