Bug 232133 - now, "up2date -i anything" always segfaults
now, "up2date -i anything" always segfaults
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rpm (Show other bugs)
4.4
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Panu Matilainen
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-13 18:17 EDT by Jim Meyering
Modified: 2013-03-13 16:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:22:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
10MB tarball of /var/lib/rpm (9.80 MB, application/x-bzip)
2007-03-13 18:17 EDT, Jim Meyering
no flags Details

  None (edit)
Description Jim Meyering 2007-03-13 18:17:05 EDT
Description of problem:
up2date -i anything segfaults

Version-Release number of selected component (if applicable):
rpm-4.3.3-18_nonptl
up2date-4.4.69-25

How reproducible:


Steps to Reproduce:
1. suspend up2date -i some-package (I think it was yum)
2. do a few "rpm -Uvh other-package" in another window
3. bring up2date back to foreground, where it dies
  
Actual results:
root@dhcp-4-226# up2date -i yum

Fetching Obsoletes list for channel: rhel-x86_64-as-4...
########################################

Fetching rpm headers...
######################################

[1]+  Stopped                 up2date -i yum
root@dhcp-4-226# fg
up2date -i yum
SSL exception (104, 'Connection reset by peer')
Segmentation fault
[Exit 139 (SIGSEGV)]
root@dhcp-4-226# up2date -i rcs

Fetching Obsoletes list for channel: rhel-x86_64-as-4...

Fetching rpm headers...
Segmentation fault####################
[Exit 139 (SIGSEGV)]


Expected results:
install or fail, but no segfault

Additional info:

Here's a stack trace:
root@dhcp-4-226# gdb --args python /usr/sbin/up2date -i rcs
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
warning: not using untrusted file "/root/.gdbinit"

(no debugging symbols found)
Using host libthread_db library "/lib64/tls/libthread_db.so.1".

(gdb) r
Starting program: /usr/bin/python /usr/sbin/up2date -i rcs
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 182894150880 (LWP 3966)]
(no debugging symbols found)
(no debugging symbols found)
...
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182894150880 (LWP 3966)]
0x0000003d72771f30 in memcpy () from /lib64/tls/libc.so.6
(gdb) w
Ambiguous command "w": watch, wh, whatis, where, while, while-stepping, winheight
, ws.
(gdb) bt
#0  0x0000003d72771f30 in memcpy () from /lib64/tls/libc.so.6
#1  0x0000003d73229a43 in headerNEVRA () from /usr/lib64/librpmdb-4.3.so
#2  0x0000002a986044e2 in hdrLoad ()
   from /usr/lib64/python2.3/site-packages/rpmmodule.so
#3  0x0000003d72e8973f in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#4  0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#5  0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#6  0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#7  0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#8  0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#9  0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#10 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#11 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#12 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#13 0x0000003d72e47d9d in PyFunction_SetClosure ()
   from /usr/lib64/libpython2.3.so.1.0
#14 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#15 0x0000003d72e3c9bb in PyMethod_New () from /usr/lib64/libpython2.3.so.1.0
#16 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#17 0x0000003d72e84b99 in PyEval_CallObjectWithKeywords ()
   from /usr/lib64/libpython2.3.so.1.0
#18 0x0000003d72e7ded5 in _PyUnicodeUCS4_IsAlpha ()
   from /usr/lib64/libpython2.3.so.1.0
#19 0x0000003d72e8973f in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#20 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#21 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#22 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#23 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#24 0x0000003d72e47d9d in PyFunction_SetClosure ()
   from /usr/lib64/libpython2.3.so.1.0
#25 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#26 0x0000003d72e3c9bb in PyMethod_New () from /usr/lib64/libpython2.3.so.1.0
#27 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#28 0x0000003d72e84b99 in PyEval_CallObjectWithKeywords ()
   from /usr/lib64/libpython2.3.so.1.0
#29 0x0000003d72e3993f in _PyInstance_Lookup ()
   from /usr/lib64/libpython2.3.so.1.0
#30 0x0000003d72e87653 in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#31 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#32 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#33 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#34 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#35 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#36 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#37 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#38 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#39 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#40 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#41 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
---Type <return> to continue, or q <return> to quit---
#42 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#43 0x0000003d72e8b512 in PyEval_EvalCode () from /usr/lib64/libpython2.3.so.1.0
#44 0x0000003d72ea4139 in PyErr_Display () from /usr/lib64/libpython2.3.so.1.0
#45 0x0000003d72ea511d in PyRun_SimpleFileExFlags ()
   from /usr/lib64/libpython2.3.so.1.0
#46 0x0000003d72eaa818 in Py_Main () from /usr/lib64/libpython2.3.so.1.0
#47 0x0000003d7271c3fb in __libc_start_main () from /lib64/tls/libc.so.6
#48 0x00000000004006ba in _start ()
#49 0x0000007fbffff938 in ?? ()
#50 0x000000000000001c in ?? ()
#51 0x0000000000000004 in ?? ()
#52 0x0000007fbffffb76 in ?? ()
#53 0x0000007fbffffb86 in ?? ()
#54 0x0000007fbffffb98 in ?? ()
#55 0x0000007fbffffb9b in ?? ()
#56 0x0000000000000000 in ?? ()
(gdb)

Plus, I've attached a 10MB tarball of /var/lib/rpm.
Comment 1 Jim Meyering 2007-03-13 18:17:16 EDT
Created attachment 149998 [details]
10MB tarball of /var/lib/rpm
Comment 2 Jeff Johnson 2007-03-14 05:41:53 EDT
The code paths in rpmlib in the backtrace are converting a blob of data transferred
over the wire into a header. Checking that the blob of data can be converted (by verifying
digest or signature) are up to the up2date application, not rpmlib.

More information regarding up2date's use of rpmlib is necessary to attempt a fix.
Comment 3 Jiri Pallich 2012-06-20 09:22:42 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.