From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8.1) Gecko/20010320 I have a linux system which originally was a SuSE6.0 but which has been updated for ages, including rpm. Now I wanted to update gcc, but uninstall of gcc-2.95.2 failed with SEGV. I rebuilt rpm-4.0.2-7x from rpm.org source (installed rpm-4.0.2 could rebuild itself because of SEGV) (why doesn't rpm contain symbols by default?) and digged into the crash using gdb. It showed me, that the crash was at ./lib/transaction.c:1011: if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL) Reproducible: Always Steps to Reproduce: The bug was reproducible at my home system before I fixed rpm, but I did not try to reproduce it, because the bug is obvious. Actual Results: SEGV Expected Results: no SEGV, proper uninstall The bug is that otherStates is not checked for being NULL before dereferencing it. otherStates may be NULL if headerGetEntryMinMemory(h, RPMTAG_FILESTATES, NULL, (const void **) , NULL); sets otherStates to NULL, because the entry RPMTAG_FILESTATES was not found. The entry might always appear when the package database was written by new rpm, but old rpms might not have written that entry. This is the fix: --- transaction.c.orig Fri Feb 9 14:07:16 2001 +++ transaction.c Sun Mar 25 18:45:40 2001 @@ -1008,7 +1008,8 @@ otherFileNum = shared->otherFileNum; fileNum = shared->pkgFileNum; - if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL) + // We must check for otherStates!=NULL in case the tag searched is not found + if (otherStates && otherStates[otherFileNum] != RPMFILE_STATE_NORMAL) continue; fi->actions[fileNum] = FA_SKIP;
Created attachment 13604 [details] Fix for this bug
Yup this is the fix for rpm-4.0, already in rpm-4.0.2.