Bug 24686 - rpm-4.0.1 macro expansion segfaults
rpm-4.0.1 macro expansion segfaults
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-23 08:46 EST by benedict
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-03-28 03:04:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description benedict 2001-01-23 08:46:52 EST
rpm-4.0.1 dies when trying to expand call to macro defined in a macrofile:

%setfilelist() \
  filelist=%1 \
  rm -f ${filelist} \
  filelists="${filelists} ${filelist}" \
%nil

the call is

%setfilelist rpm-filelist

Output with %dump and %trace will be mailed separately to you - it's 535
lines, I don't see any easy way to include such information here.

Below, see the command, then a gdb backtrace.

--- benedict

[benedict@beast:~/rpm-de/specs]$ env -
PATH=/usr/local/bin:/usr/bin/X11:/bin:/us
r/bin:/usr/sbin:/sbin  /usr/local/bin/rpm.daimi -bb --rcfile 
/tmp/benedict/rpmr
c-hello --buildroot /tmp/benedict/INSTALL-hello --define '_topdir
/users/benedic
t/rpm-de' --define '_builddir /tmp/benedict/BUILD-hello' --define '_tmppath
/tmp
/benedict' --define '_defaultdocdir /usr/local/doc' --define '_fixowner :'
--def
ine '_fixgroup :' --define '_fixperms %{__chmod} -R a+r,g-w,o-w' --define
'_gzip
bin /usr/local/bin/gzip' --define '_rpmfilename
i386-none-Linux/%{NAME}-%{VERSIO
N}-%{RELEASE}.rpm'  --clean /tmp/benedict/spec-hello > /tmp/bl 2>&1
Segmentation fault (core dumped)
[benedict@beast:~/rpm-de/specs]$ gdb `which rpm.daimi` core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...

warning: core file may not match specified executable file.
Core was generated by `/usr/local/lib/rpm/rpmb -bb --rcfile
/tmp/benedict/rpmrc-
hello --buildroot /tmp'.
Program terminated with signal 11, Segmentation fault.
#0  0x40109e66 in ?? ()
(gdb) bt
#0  0x40109e66 in ?? ()
#1  0x4010aeb8 in ?? ()
#2  0x4010b087 in ?? ()
#3  0x40026adc in ?? ()
#4  0x40026e0e in ?? ()
#5  0x40021731 in ?? ()
#6  0x4002770d in ?? ()
#7  0x804a58a in main (argc=-1073741940, argv=0x804dbb8) at rpm.c:884
#8  0x804a679 in main (argc=-1073741940, argv=0x804dbb8) at rpm.c:908
#9  0x804b766 in getGnameS (gname=0x1b <Address 0x1b out of bounds>)
    at names.c:129
#10 0x4014f9cb in ?? ()
(gdb)
Comment 1 benedict 2001-01-23 09:09:51 EST
The following spec-file is sufficient to create the error.

Name: hello
Version: 1.3
Release: 1

Copyright: GPL
Distribution: foo
Vendor: foo

Packager: Benedict Lofstedt <benedict@daimi.aau.dk>
URL: foo

Summary: GNU %{name} package
Group: ??
%description

GNU %{name} package

%install

%dump
%define setfilelist()   filelist=%1

%setfilelist a
Comment 2 Jürgen Botz 2001-03-28 03:04:23 EST
This is a bug in parameterized macros which is present in all versions of
rpm-4.x that I've tested.  Basically, define a parameterized macro, try to
expand it with parameters and you get this crash.

You can replicate this by trying to invoke the %GNUconfigure macro in 
/usr/lib/rpm/macros with a parameter, for example.  100% repeatable in
all cases for me.

Comment 3 Jeff Johnson 2001-03-28 11:11:26 EST
FIxed in rpm CVS, will be in rpm-4.0.3. Here's the patch:

Index: macro.c
===================================================================
RCS file: /cvs/devel/rpm/rpmio/macro.c,v
retrieving revision 2.64
retrieving revision 2.53.2.7
diff -u -r2.64 -r2.53.2.7
--- macro.c	2001/01/19 01:38:59	2.64
+++ macro.c	2001/03/23 16:18:12	2.53.2.7
@@ -801,7 +801,7 @@
     /* Build argv array */
     argv = (const char **) alloca((argc + 1) * sizeof(char *));
     be[-1] = ' ';	/*  be - 1 == b + strlen(b) == buf + strlen(buf)  */
-    buf[0] = '\0';
+    be[0] = '\0';
     b = buf;
     for (c = 0; c < argc; c++) {
 	argv[c] = b;

Note You need to log in before you can comment on or make changes to this bug.