Bug 24686 - rpm-4.0.1 macro expansion segfaults
Summary: rpm-4.0.1 macro expansion segfaults
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rpm
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-23 13:46 UTC by benedict
Modified: 2007-04-18 16:30 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-03-28 08:04:26 UTC
Embargoed:


Attachments (Terms of Use)

Description benedict 2001-01-23 13:46:52 UTC
rpm-4.0.1 dies when trying to expand call to macro defined in a macrofile:

%setfilelist() \
  filelist=%1 \
  rm -f ${filelist} \
  filelists="${filelists} ${filelist}" \
%nil

the call is

%setfilelist rpm-filelist

Output with %dump and %trace will be mailed separately to you - it's 535
lines, I don't see any easy way to include such information here.

Below, see the command, then a gdb backtrace.

--- benedict

[benedict@beast:~/rpm-de/specs]$ env -
PATH=/usr/local/bin:/usr/bin/X11:/bin:/us
r/bin:/usr/sbin:/sbin  /usr/local/bin/rpm.daimi -bb --rcfile 
/tmp/benedict/rpmr
c-hello --buildroot /tmp/benedict/INSTALL-hello --define '_topdir
/users/benedic
t/rpm-de' --define '_builddir /tmp/benedict/BUILD-hello' --define '_tmppath
/tmp
/benedict' --define '_defaultdocdir /usr/local/doc' --define '_fixowner :'
--def
ine '_fixgroup :' --define '_fixperms %{__chmod} -R a+r,g-w,o-w' --define
'_gzip
bin /usr/local/bin/gzip' --define '_rpmfilename
i386-none-Linux/%{NAME}-%{VERSIO
N}-%{RELEASE}.rpm'  --clean /tmp/benedict/spec-hello > /tmp/bl 2>&1
Segmentation fault (core dumped)
[benedict@beast:~/rpm-de/specs]$ gdb `which rpm.daimi` core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...

warning: core file may not match specified executable file.
Core was generated by `/usr/local/lib/rpm/rpmb -bb --rcfile
/tmp/benedict/rpmrc-
hello --buildroot /tmp'.
Program terminated with signal 11, Segmentation fault.
#0  0x40109e66 in ?? ()
(gdb) bt
#0  0x40109e66 in ?? ()
#1  0x4010aeb8 in ?? ()
#2  0x4010b087 in ?? ()
#3  0x40026adc in ?? ()
#4  0x40026e0e in ?? ()
#5  0x40021731 in ?? ()
#6  0x4002770d in ?? ()
#7  0x804a58a in main (argc=-1073741940, argv=0x804dbb8) at rpm.c:884
#8  0x804a679 in main (argc=-1073741940, argv=0x804dbb8) at rpm.c:908
#9  0x804b766 in getGnameS (gname=0x1b <Address 0x1b out of bounds>)
    at names.c:129
#10 0x4014f9cb in ?? ()
(gdb)

Comment 1 benedict 2001-01-23 14:09:51 UTC
The following spec-file is sufficient to create the error.

Name: hello
Version: 1.3
Release: 1

Copyright: GPL
Distribution: foo
Vendor: foo

Packager: Benedict Lofstedt <benedict.dk>
URL: foo

Summary: GNU %{name} package
Group: ??
%description

GNU %{name} package

%install

%dump
%define setfilelist()   filelist=%1

%setfilelist a


Comment 2 Jürgen Botz 2001-03-28 08:04:23 UTC
This is a bug in parameterized macros which is present in all versions of
rpm-4.x that I've tested.  Basically, define a parameterized macro, try to
expand it with parameters and you get this crash.

You can replicate this by trying to invoke the %GNUconfigure macro in 
/usr/lib/rpm/macros with a parameter, for example.  100% repeatable in
all cases for me.



Comment 3 Jeff Johnson 2001-03-28 16:11:26 UTC
FIxed in rpm CVS, will be in rpm-4.0.3. Here's the patch:

Index: macro.c
===================================================================
RCS file: /cvs/devel/rpm/rpmio/macro.c,v
retrieving revision 2.64
retrieving revision 2.53.2.7
diff -u -r2.64 -r2.53.2.7
--- macro.c	2001/01/19 01:38:59	2.64
+++ macro.c	2001/03/23 16:18:12	2.53.2.7
@@ -801,7 +801,7 @@
     /* Build argv array */
     argv = (const char **) alloca((argc + 1) * sizeof(char *));
     be[-1] = ' ';	/*  be - 1 == b + strlen(b) == buf + strlen(buf)  */
-    buf[0] = '\0';
+    be[0] = '\0';
     b = buf;
     for (c = 0; c < argc; c++) {
 	argv[c] = b;



Note You need to log in before you can comment on or make changes to this bug.