Bug 33126 - [patch] rpm-4.0 crashes during uninstall of packages which were installed by old rpm (2.5?)
[patch] rpm-4.0 crashes during uninstall of packages which were installed by ...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-03-25 14:12 EST by Xubn Baldauf
Modified: 2007-04-18 12:32 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-03-25 14:14:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fix for this bug (446 bytes, patch)
2001-03-25 14:14 EST, Xubn Baldauf
no flags Details | Diff

  None (edit)
Description Xubn Baldauf 2001-03-25 14:12:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8.1) Gecko/20010320


I have a linux system which originally was a SuSE6.0 but which has been
updated for ages, including rpm. Now I wanted to update gcc, but uninstall
of gcc-2.95.2 failed with SEGV. I rebuilt rpm-4.0.2-7x from rpm.org source
(installed rpm-4.0.2 could rebuild itself because of SEGV) (why doesn't rpm
contain symbols by default?) and digged into the crash using gdb. It showed
me, that the crash was at ./lib/transaction.c:1011:

	if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)


Reproducible: Always
Steps to Reproduce:
The bug was reproducible at my home system before I fixed rpm, but I did
not try to reproduce it, because the bug is obvious.

Actual Results:  SEGV

Expected Results:  no SEGV, proper uninstall

The bug is that otherStates is not checked for being NULL before
dereferencing it. otherStates may be NULL if

    headerGetEntryMinMemory(h, RPMTAG_FILESTATES, NULL,
			    (const void **) , NULL);

sets otherStates to NULL, because the entry RPMTAG_FILESTATES was not
found. The entry might always appear when the package database was written
by new rpm, but old rpms might not have written that entry.

This is the fix:

--- transaction.c.orig  Fri Feb  9 14:07:16 2001
+++ transaction.c       Sun Mar 25 18:45:40 2001
@@ -1008,7 +1008,8 @@
        otherFileNum = shared->otherFileNum;
        fileNum = shared->pkgFileNum;
 
-       if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
+       // We must check for otherStates!=NULL in case the tag searched is
not found
+       if (otherStates && otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
            continue;
 
        fi->actions[fileNum] = FA_SKIP;
Comment 1 Xubn Baldauf 2001-03-25 14:14:22 EST
Created attachment 13604 [details]
Fix for this bug
Comment 2 Jeff Johnson 2001-03-26 08:30:17 EST
Yup this is the fix for rpm-4.0, already in rpm-4.0.2.

Note You need to log in before you can comment on or make changes to this bug.