Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 232133

Summary: now, "up2date -i anything" always segfaults
Product: Red Hat Enterprise Linux 4 Reporter: Jim Meyering <meyering>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4   
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:22:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
10MB tarball of /var/lib/rpm none

Description Jim Meyering 2007-03-13 22:17:05 UTC 
Description of problem:
up2date -i anything segfaults

Version-Release number of selected component (if applicable):
rpm-4.3.3-18_nonptl
up2date-4.4.69-25

How reproducible:


Steps to Reproduce:
1. suspend up2date -i some-package (I think it was yum)
2. do a few "rpm -Uvh other-package" in another window
3. bring up2date back to foreground, where it dies
  
Actual results:
root@dhcp-4-226# up2date -i yum

Fetching Obsoletes list for channel: rhel-x86_64-as-4...
########################################

Fetching rpm headers...
######################################

[1]+  Stopped                 up2date -i yum
root@dhcp-4-226# fg
up2date -i yum
SSL exception (104, 'Connection reset by peer')
Segmentation fault
[Exit 139 (SIGSEGV)]
root@dhcp-4-226# up2date -i rcs

Fetching Obsoletes list for channel: rhel-x86_64-as-4...

Fetching rpm headers...
Segmentation fault####################
[Exit 139 (SIGSEGV)]


Expected results:
install or fail, but no segfault

Additional info:

Here's a stack trace:
root@dhcp-4-226# gdb --args python /usr/sbin/up2date -i rcs
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
warning: not using untrusted file "/root/.gdbinit"

(no debugging symbols found)
Using host libthread_db library "/lib64/tls/libthread_db.so.1".

(gdb) r
Starting program: /usr/bin/python /usr/sbin/up2date -i rcs
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 182894150880 (LWP 3966)]
(no debugging symbols found)
(no debugging symbols found)
...
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182894150880 (LWP 3966)]
0x0000003d72771f30 in memcpy () from /lib64/tls/libc.so.6
(gdb) w
Ambiguous command "w": watch, wh, whatis, where, while, while-stepping, winheight
, ws.
(gdb) bt
#0  0x0000003d72771f30 in memcpy () from /lib64/tls/libc.so.6
#1  0x0000003d73229a43 in headerNEVRA () from /usr/lib64/librpmdb-4.3.so
#2  0x0000002a986044e2 in hdrLoad ()
   from /usr/lib64/python2.3/site-packages/rpmmodule.so
#3  0x0000003d72e8973f in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#4  0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#5  0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#6  0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#7  0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#8  0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#9  0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#10 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#11 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#12 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#13 0x0000003d72e47d9d in PyFunction_SetClosure ()
   from /usr/lib64/libpython2.3.so.1.0
#14 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#15 0x0000003d72e3c9bb in PyMethod_New () from /usr/lib64/libpython2.3.so.1.0
#16 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#17 0x0000003d72e84b99 in PyEval_CallObjectWithKeywords ()
   from /usr/lib64/libpython2.3.so.1.0
#18 0x0000003d72e7ded5 in _PyUnicodeUCS4_IsAlpha ()
   from /usr/lib64/libpython2.3.so.1.0
#19 0x0000003d72e8973f in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#20 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#21 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#22 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#23 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#24 0x0000003d72e47d9d in PyFunction_SetClosure ()
   from /usr/lib64/libpython2.3.so.1.0
#25 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#26 0x0000003d72e3c9bb in PyMethod_New () from /usr/lib64/libpython2.3.so.1.0
#27 0x0000003d72e35390 in PyObject_Call () from /usr/lib64/libpython2.3.so.1.0
#28 0x0000003d72e84b99 in PyEval_CallObjectWithKeywords ()
   from /usr/lib64/libpython2.3.so.1.0
#29 0x0000003d72e3993f in _PyInstance_Lookup ()
   from /usr/lib64/libpython2.3.so.1.0
#30 0x0000003d72e87653 in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#31 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#32 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#33 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#34 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#35 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#36 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#37 0x0000003d72e8a8de in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#38 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#39 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
#40 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#41 0x0000003d72e89a8a in _PyEval_SliceIndex ()
   from /usr/lib64/libpython2.3.so.1.0
---Type <return> to continue, or q <return> to quit---
#42 0x0000003d72e8b2ae in PyEval_EvalCodeEx ()
   from /usr/lib64/libpython2.3.so.1.0
#43 0x0000003d72e8b512 in PyEval_EvalCode () from /usr/lib64/libpython2.3.so.1.0
#44 0x0000003d72ea4139 in PyErr_Display () from /usr/lib64/libpython2.3.so.1.0
#45 0x0000003d72ea511d in PyRun_SimpleFileExFlags ()
   from /usr/lib64/libpython2.3.so.1.0
#46 0x0000003d72eaa818 in Py_Main () from /usr/lib64/libpython2.3.so.1.0
#47 0x0000003d7271c3fb in __libc_start_main () from /lib64/tls/libc.so.6
#48 0x00000000004006ba in _start ()
#49 0x0000007fbffff938 in ?? ()
#50 0x000000000000001c in ?? ()
#51 0x0000000000000004 in ?? ()
#52 0x0000007fbffffb76 in ?? ()
#53 0x0000007fbffffb86 in ?? ()
#54 0x0000007fbffffb98 in ?? ()
#55 0x0000007fbffffb9b in ?? ()
#56 0x0000000000000000 in ?? ()
(gdb)

Plus, I've attached a 10MB tarball of /var/lib/rpm.
Comment 1 Jim Meyering 2007-03-13 22:17:16 UTC 
Created attachment 149998 [details]
10MB tarball of /var/lib/rpm
Comment 2 Jeff Johnson 2007-03-14 09:41:53 UTC 
The code paths in rpmlib in the backtrace are converting a blob of data transferred
over the wire into a header. Checking that the blob of data can be converted (by verifying
digest or signature) are up to the up2date application, not rpmlib.

More information regarding up2date's use of rpmlib is necessary to attempt a fix.
Comment 3 Jiri Pallich 2012-06-20 13:22:42 UTC 
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.