From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; 0.8.1) Gecko/20010320


I have a linux system which originally was a SuSE6.0 but which has been
updated for ages, including rpm. Now I wanted to update gcc, but uninstall
of gcc-2.95.2 failed with SEGV. I rebuilt rpm-4.0.2-7x from rpm.org source
(installed rpm-4.0.2 could rebuild itself because of SEGV) (why doesn't rpm
contain symbols by default?) and digged into the crash using gdb. It showed
me, that the crash was at ./lib/transaction.c:1011:

	if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)


Reproducible: Always
Steps to Reproduce:
The bug was reproducible at my home system before I fixed rpm, but I did
not try to reproduce it, because the bug is obvious.

Actual Results:  SEGV

Expected Results:  no SEGV, proper uninstall

The bug is that otherStates is not checked for being NULL before
dereferencing it. otherStates may be NULL if

    headerGetEntryMinMemory(h, RPMTAG_FILESTATES, NULL,
			    (const void **) , NULL);

sets otherStates to NULL, because the entry RPMTAG_FILESTATES was not
found. The entry might always appear when the package database was written
by new rpm, but old rpms might not have written that entry.

This is the fix:

--- transaction.c.orig  Fri Feb  9 14:07:16 2001
+++ transaction.c       Sun Mar 25 18:45:40 2001
@@ -1008,7 +1008,8 @@
        otherFileNum = shared->otherFileNum;
        fileNum = shared->pkgFileNum;
 
-       if (otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
+       // We must check for otherStates!=NULL in case the tag searched is
not found
+       if (otherStates && otherStates[otherFileNum] != RPMFILE_STATE_NORMAL)
            continue;
 
        fi->actions[fileNum] = FA_SKIP;