Bug 234493 - rpm: double free or corruption on update from http
rpm: double free or corruption on update from http
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Paul Nasrat
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-03-29 13:29 EDT by Scott Tsai
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-04 09:44:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Tsai 2007-03-29 13:29:58 EDT
Description of problem:


Version-Release number of selected component (if applicable):
rpm-4.4.2.40.fc7.x86_64

How reproducible:
Failed the fisrt time after installing a fresh fc7test3.
Suceeded the second time.

Steps to Reproduce:
1. install fc7test3
2. rpm -U
http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-release-6.92-1.noarch.rpm

  
Actual results:
error: skipping
http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-release-6.92-1.noarch.rpm
- transfer failed - Unknown or unexpected error
*** glibc detected *** rpm: double free or corruption (out): 0x00002aaaae291b30 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2aaaadfb7d30]
/lib64/libc.so.6(cfree+0x8c)[0x2aaaadfbb41c]
/usr/lib64/librpmio-4.4.so(XurlFree+0x2b0)[0x2aaaab4b3f80]
/usr/lib64/librpmio-4.4.so(urlFreeCache+0x71)[0x2aaaab4b4c81]
rpm[0x403cdc]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2aaaadf669c4]
rpm[0x403549]
======= Memory map: ========
00400000-00413000 r-xp 00000000 ee:00 41320516                           /bin/rpm
00612000-00615000 rw-p 00012000 ee:00 41320516                           /bin/rpm
00615000-00f8a000 rw-p 00615000 00:00 0                                  [heap]
2aaaaaaab000-2aaaaaac5000 r-xp 00000000 ee:00 16089093                  
/lib64/ld-2.5.90.so
2aaaaaac5000-2aaaaaac6000 rw-p 2aaaaaac5000 00:00 0 
2aaaaaacc000-2aaaaaacd000 rw-p 2aaaaaacc000 00:00 0 
2aaaaacc4000-2aaaaacc5000 r--p 00019000 ee:00 16089093                  
/lib64/ld-2.5.90.so
2aaaaacc5000-2aaaaacc6000 rw-p 0001a000 ee:00 16089093                  
/lib64/ld-2.5.90.so
2aaaaacc6000-2aaaaad1e000 r-xp 00000000 ee:00 12723295                  
/usr/lib64/librpm-4.4.so
2aaaaad1e000-2aaaaaf1e000 ---p 00058000 ee:00 12723295                  
/usr/lib64/librpm-4.4.so
2aaaaaf1e000-2aaaaaf23000 rw-p 00058000 ee:00 12723295                  
/usr/lib64/librpm-4.4.so
2aaaaaf23000-2aaaaaf56000 rw-p 2aaaaaf23000 00:00 0 
2aaaaaf56000-2aaaab062000 r-xp 00000000 ee:00 12723297                  
/usr/lib64/librpmdb-4.4.so
2aaaab062000-2aaaab262000 ---p 0010c000 ee:00 12723297                  
/usr/lib64/librpmdb-4.4.so
2aaaab262000-2aaaab269000 rw-p 0010c000 ee:00 12723297                  
/usr/lib64/librpmdb-4.4.so
2aaaab269000-2aaaab26a000 rw-p 2aaaab269000 00:00 0 
2aaaab26a000-2aaaab27f000 r-xp 00000000 ee:00 16089174                  
/lib64/libselinux.so.1
2aaaab27f000-2aaaab47f000 ---p 00015000 ee:00 16089174                  
/lib64/libselinux.so.1
2aaaab47f000-2aaaab481000 rw-p 00015000 ee:00 16089174                  
/lib64/libselinux.so.1
2aaaab481000-2aaaab483000 rw-p 2aaaab481000 00:00 0 
2aaaab483000-2aaaab4fa000 r-xp 00000000 ee:00 12723298                  
/usr/lib64/librpmio-4.4.so
2aaaab4fa000-2aaaab6fa000 ---p 00077000 ee:00 12723298                  
/usr/lib64/librpmio-4.4.so
2aaaab6fa000-2aaaab6ff000 rw-p 00077000 ee:00 12723298                  
/usr/lib64/librpmio-4.4.so
2aaaab6ff000-2aaaab722000 rw-p 2aaaab6ff000 00:00 0 
2aaaab722000-2aaaab729000 r-xp 00000000 ee:00 12718987                  
/usr/lib64/libpopt.so.0.0.0
2aaaab729000-2aaaab929000 ---p 00007000 ee:00 12718987                  
/usr/lib64/libpopt.so.0.0.0
2aaaab929000-2aaaab92a000 rw-p 00007000 ee:00 12718987                  
/usr/lib64/libpopt.so.0.0.0
2aaaab92a000-2aaaab982000 r-xp 00000000 ee:00 12719232                  
/usr/lib64/libsqlite3.so.0.8.6
2aaaab982000-2aaaabb82000 ---p 00058000 ee:00 12719232                  
/usr/lib64/libsqlite3.so.0.8.6
2aaaabb82000-2aaaabb84000 rw-p 00058000 ee:00 12719232                  
/usr/lib64/libsqlite3.so.0.8.6
2aaaabb84000-2aaaabb85000 rw-p 2aaaabb84000 00:00 0 
2aaaabb85000-2aaaabb96000 r-xp 00000000 ee:00 12719058                  
/usr/lib64/libelf-0.126.so
2aaaabb96000-2aaaabd96000 ---p 00011000 ee:00 12719058                  
/usr/lib64/libelf-0.126.so
2aaaabd96000-2aaaabd98000 rw-p 00011000 ee:00 12719058                  
/usr/lib64/libelf-0.126.so
2aaaabd98000-2aaaabdc0000 r-xp 00000000 ee:00 12719065                  
/usr/lib64/libbeecrypt.so.6.4.0
2aaaabdc0000-2aaaabfbf000 ---p 00028000 ee:00 12719065                  
/usr/lib64/libbeecrypt.so.6.4.0
2aaaabfbf000-2aaaabfc3000 rw-p 00027000 ee:00 12719065                  
/usr/lib64/libbeecrypt.so.6.4.0
2aaaabfc3000-2aaaabfe1000 r-xp 00000000 ee:00 12723265                  
/usr/lib64/libneon.so.25.0.5
2aaaabfe1000-2aaaac1e0000 ---p 0001e000 ee:00 12723265                  
/usr/lib64/libneon.so.25.0.5
2aaaac1e0000-2aaaac1e2000 rw-p 0001d000 ee:00 12723265                  
/usr/lib64/libneon.so.25.0.5
2aaaac1e2000-2aaaac1e3000 rw-p 2aaaac1e2000 00:00 0 
2aaaac1e3000-2aaaac226000 r-xp 00000000 ee:00 16089248                  
/lib64/libssl.so.0.9.8b
2aaaac226000-2aaaac426000 ---p 00043000 ee:00 16089248                  
/lib64/libssl.so.0.9.8Aborted


Expected results:
No stderr output.

Additional info:
The same 'rpm -U' command succeeded the second time.
Comment 1 Jeff Johnson 2007-03-29 15:35:15 EDT
Here is rpm-4.4.9 behavior on a (mostly) FC7 system:

# rpm -Uvh http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-
release-6.92-1.noarch.rpm
Retrieving http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-
release-6.92-1.noarch.rpm
Preparing...                ########################################### [100%]
        package fedora-release-6.92-1 is already installed
warning: u 0x9bff360 ctrl 0x9519cd0 nrefs != 0 (mirrors.kernel.org http)

# rpm -e fedora-release --nodeps
warning: /etc/yum.repos.d/fedora-extras-development.repo saved as /etc/yum.repos.d/fedora-
extras-development.repo.rpmsave

# rpm -Uvh http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-
release-6.92-1.noarch.rpm
Retrieving http://mirrors.kernel.org/fedora/core/development/x86_64/os/Fedora/fedora-
release-6.92-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:fedora-release         ########################################### [100%]
warning: u 0xa4ba360 ctrl 0x9dd4cd0 nrefs != 0 (mirrors.kernel.org http)

# rpm --version
RPM version 4.4.9

# uname -a
Linux jack.nc.tekelec.com 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:37:32 EDT 2006 i686 i686 i386 
GNU/Linux

The error message is what is causing the double free, statically linking /bin/rpm will "fix".
Comment 2 Matthew Miller 2007-04-06 15:44:59 EDT
Fedora Core 5 and Fedora Core 6 are, as we're sure you've noticed, no longer
test releases. We're cleaning up the bug database and making sure important bug
reports filed against these test releases don't get lost. It would be helpful if
you could test this issue with a released version of Fedora or with the latest
development / test release. Thanks for your help and for your patience.

[This is a bulk message for all open FC5/FC6 test release bugs. I'm adding
myself to the CC list for each bug, so I'll see any comments you make after this
and do my best to make sure every issue gets proper attention.]
Comment 3 Scott Tsai 2007-04-06 16:57:59 EDT
I meant to file this against fc7test3 but incorrectly choosed fc6test3 instead.
Comment 4 Matthew Miller 2007-04-06 21:51:59 EDT
Yeah, from now on, test release bugs should be filed against "devel". Having
separate versions for test releases just causes 1) this sort of confusion and 2)
bugs left behind.
Comment 5 Panu Matilainen 2007-07-04 09:44:09 EDT
This is duplicate of something.. anyway, F7 and rawhide are not using neon
transport thus don't have this problem. And 4.4.2.1-rc2 has the relevant fix
applied if somebody builds with neon.

Note You need to log in before you can comment on or make changes to this bug.