Bug 33126 - [patch] rpm-4.0 crashes during uninstall of packages which were installed by old rpm (2.5?)
Summary: [patch] rpm-4.0 crashes during uninstall of packages which were installed by ...
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rpm
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-03-25 19:12 UTC by Xubn Baldauf
Modified: 2007-04-18 16:32 UTC (History)
0 users

Clone Of:
Last Closed: 2001-03-25 19:14:25 UTC

Attachments (Terms of Use)
Fix for this bug (446 bytes, patch)
2001-03-25 19:14 UTC, Xubn Baldauf
no flags Details | Diff

Description Xubn Baldauf 2001-03-25 19:12:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8.1) Gecko/20010320

I have a linux system which originally was a SuSE6.0 but which has been
updated for ages, including rpm. Now I wanted to update gcc, but uninstall
of gcc-2.95.2 failed with SEGV. I rebuilt rpm-4.0.2-7x from rpm.org source
(installed rpm-4.0.2 could rebuild itself because of SEGV) (why doesn't rpm
contain symbols by default?) and digged into the crash using gdb. It showed
me, that the crash was at ./lib/transaction.c:1011:

	if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)

Reproducible: Always
Steps to Reproduce:
The bug was reproducible at my home system before I fixed rpm, but I did
not try to reproduce it, because the bug is obvious.

Actual Results:  SEGV

Expected Results:  no SEGV, proper uninstall

The bug is that otherStates is not checked for being NULL before
dereferencing it. otherStates may be NULL if

    headerGetEntryMinMemory(h, RPMTAG_FILESTATES, NULL,
			    (const void **) , NULL);

sets otherStates to NULL, because the entry RPMTAG_FILESTATES was not
found. The entry might always appear when the package database was written
by new rpm, but old rpms might not have written that entry.

This is the fix:

--- transaction.c.orig  Fri Feb  9 14:07:16 2001
+++ transaction.c       Sun Mar 25 18:45:40 2001
@@ -1008,7 +1008,8 @@
        otherFileNum = shared->otherFileNum;
        fileNum = shared->pkgFileNum;
-       if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
+       // We must check for otherStates!=NULL in case the tag searched is
not found
+       if (otherStates && otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
        fi->actions[fileNum] = FA_SKIP;

Comment 1 Xubn Baldauf 2001-03-25 19:14:22 UTC
Created attachment 13604 [details]
Fix for this bug

Comment 2 Jeff Johnson 2001-03-26 13:30:17 UTC
Yup this is the fix for rpm-4.0, already in rpm-4.0.2.

Note You need to log in before you can comment on or make changes to this bug.