Description of problem: konq-plugins-4.0.3-0.1.20080409svn.fc9.ppc.rpm: gpg: WARNING: standard input reopened *** glibc detected *** /usr/lib/rpm/rpmk: free(): invalid next size (normal): 0x0000000001f5fee0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x305fc78158] /lib64/libc.so.6(cfree+0x76)[0x305fc7a796] /lib64/libc.so.6(qsort_r+0x308)[0x305fc34ee8] /usr/lib64/librpmdb-4.4.so[0x3061c2b12f] /usr/lib64/librpmdb-4.4.so[0x3061c2cd44] /usr/lib64/librpmdb-4.4.so[0x3061c2d7e1] /usr/lib64/librpm-4.4.so[0x3062446e09] /usr/lib64/librpm-4.4.so(rpmAddSignature+0x20a)[0x30624472fa] /usr/lib64/librpm-4.4.so[0x306242e08b] /usr/lib64/librpm-4.4.so(rpmcliSign+0x24d)[0x306242fbfd] /usr/lib/rpm/rpmk[0x401f5e] /lib64/libc.so.6(__libc_start_main+0xfa)[0x305fc1e32a] /usr/lib/rpm/rpmk[0x401859] ======= Memory map: ======== 00110000-00126000 r-xp 00000000 08:02 10971936 /lib64/libgcc_s-4.3.0-20080416.so.1 00126000-00325000 ---p 00016000 08:02 10971936 /lib64/libgcc_s-4.3.0-20080416.so.1 00325000-00326000 rw-p 00015000 08:02 10971936 /lib64/libgcc_s-4.3.0-20080416.so.1 00400000-00403000 r-xp 00000000 08:02 9727600 /usr/lib/rpm/rpmk 00602000-00604000 rw-p 00002000 08:02 9727600 /usr/lib/rpm/rpmk 00604000-0063d000 r-xp 00000000 08:02 10972059 /lib64/libsoftokn3.so 0063d000-0083c000 ---p 00039000 08:02 10972059 /lib64/libsoftokn3.so 0083c000-0083e000 rw-p 00038000 08:02 10972059 /lib64/libsoftokn3.so 0083e000-00890000 r-xp 00000000 08:02 9481928 /lib64/libfreebl3.so 00890000-00a90000 ---p 00052000 08:02 9481928 /lib64/libfreebl3.so 00a90000-00a91000 rw-p 00052000 08:02 9481928 /lib64/libfreebl3.so 01eab000-01f80000 rw-p 01eab000 00:00 0 [heap] 305f800000-305f81d000 r-xp 00000000 08:02 9481853 /lib64/ld-2.8.so 305fa1c000-305fa1d000 r--p 0001c000 08:02 9481853 /lib64/ld-2.8.so 305fa1d000-305fa1e000 rw-p 0001d000 08:02 9481853 /lib64/ld-2.8.so 305fc00000-305fd62000 r-xp 00000000 08:02 11004774 /lib64/libc-2.8.so 305fd62000-305ff62000 ---p 00162000 08:02 11004774 /lib64/libc-2.8.so 305ff62000-305ff66000 r--p 00162000 08:02 11004774 /lib64/libc-2.8.so 305ff66000-305ff67000 rw-p 00166000 08:02 11004774 /lib64/libc-2.8.so 305ff67000-305ff6c000 rw-p 305ff67000 00:00 0 3060000000-3060084000 r-xp 00000000 08:02 11004857 /lib64/libm-2.8.so 3060084000-3060283000 ---p 00084000 08:02 11004857 /lib64/libm-2.8.so 3060283000-3060284000 r--p 00083000 08:02 11004857 /lib64/libm-2.8.so 3060284000-3060285000 rw-p 00084000 08:02 11004857 /lib64/libm-2.8.so 3060400000-3060402000 r-xp 00000000 08:02 11004848 /lib64/libdl-2.8.so 3060402000-3060602000 ---p 00002000 08:02 11004848 /lib64/libdl-2.8.so 3060602000-3060603000 r--p 00002000 08:02 11004848 /lib64/libdl-2.8.so 3060603000-3060604000 rw-p 00003000 08:02 11004848 /lib64/libdl-2.8.so 3060800000-3060816000 r-xp 00000000 08:02 11004860 /lib64/libpthread-2.8.so 3060816000-3060a15000 ---p 00016000 08:02 11004860 /lib64/libpthread-2.8.so 3060a15000-3060a16000 r--p 00015000 08:02 11004860 /lib64/libpthread-2.8.so 3060a16000-3060a17000 rw-p 00016000 08:02 11004860 /lib64/libpthread-2.8.so 3060a17000-3060a1b000 rw-p 3060a17000 00:00 0 3060c00000-3060c1a000 r-xp 00000000 08:02 11004849 /lib64/libselinux.so.1 3060c1a000-3060e19000 ---p 0001a000 08:02 11004849 /lib64/libselinux.so.1 3060e19000-3060e1a000 r--p 00019000 08:02 11004849 /lib64/libselinux.so.1 3060e1a000-3060e1b000 rw-p 0001a000 08:02 11004849 /lib64/libselinux.so.1 3060e1b000-3060e1c000 rw-p 3060e1b000 00:00 0 3061000000-3061015000 r-xp 00000000 08:02 11004856 /lib64/libz.so.1.2.3 3061015000-3061214000 ---p 00015000 08:02 11004856 /lib64/libz.so.1.2.3 3061214000-3061215000 rw-p 00014000 08:02 11004856 /lib64/libz.so.1.2.3 3061400000-3061463000 r-xp 00000000 08:02 4437905 /usr/lib64/librpmio-4.4.so 3061463000-3061662000 ---p 00063000 08:02 4437905 /usr/lib64/librpmio-4.4.so 3061662000-3061667000 rw-p 00062000 08:02 4437905 /usr/lib64/librpmio-4.4.so 3061667000-3061689000 rw-p 3061667000 00:00 0 3061800000-3061807000 r-xp 00000000 08:02 11004862 /lib64/librt-2.8.so 3061807000-3061a07000 ---p 00007000 08:02 11004862 /lib64/librt-2.8.so 3061a07000-3061a08000 r--p 00007000 08:02 11004862 /lib64/librt-2.8.so 3061a08000-3061a09000 rw-p 00008000 08:02 11004862 /lib64/librt-2.8.so 3061c00000-3061d19000 r-xp 00000000 08:02 5634596 /usr/lib64/librpmdb-4.4.so 3061d19000-3061f18000 ---p 00119000 08:02 5634596 /usr/lib64/librpmdb-4.4.so 3061f18000-3061f1f000 rw-p 00118000 08:02 5634596 /usr/lib64/librpmdb-4.4.so 3061f1f000-3061f20000 rw-p 3061f1f000 00:00 0 3062400000-306245c000 r-xp 00000000 08:02 4438127 /usr/lib64/librpm-4.4.so 306245c000-306265b000 ---p 0005c000 08:02 4438127 /usr/lib64/librpm-4.4.so 306265b000-3062660000 rw-p 0005b000 08:02 4438127 /usr/lib64/librpm-4.4.so 3062660000-3062693000 rw-p 3062660000 00:00 0 306e000000-306e008000 r-xp 00000000 08:02 11004879 /lib64/libpopt.so.0.0.0 306e008000-306e208000 ---p 00008000 08:02 11004879 /lib64/libpopt.so.0.0.0 306e208000-306e209000 rw-p 00008000 08:02 11004879 /lib64/libpopt.so.0.0.0 306f400000-306f46c000 r-xp 00000000 08:02 281896 /usr/lib64/libsqlite3.so.0.8.6 306f46c000-306f66c000 ---p 0006c000 08:02 281896 /usr/lib64/libsqlite3.so.0.8.6 306f66c000-306f66f000 rw-p 0006c000 08:02 281896 /usr/lib64/libsqlite3.so.0.8.6 306f800000-306f813000 r-xp 00000000 08:02 4438077 /usr/lib64/libelf-0.133.so 306f813000-306fa12000 ---p 00013000 08:02 4438077 /usr/lib64/libelf-0.133.so 306fa12000-306fa13000 r--p 00012000 08:02 4438077 /usr/lib64/libelf-0.133.so 306fa13000-306fa14000 rw-p 00013000 08:02 4438077 /usr/lib64/libelf-0.133.so 3070000000-3070003000 r-xp 00000000 08:02 11004889 /lib64/libplds4.so 3070003000-3070202000 ---p 00003000 08:02 11004889 /lib64/libplds4.so 3070202000-3070203000 rw-p 00002000 08:02 11004889 /lib64/libplds4.so 3071800000-3071804000 r-xp 00000000 08:02 11004890 /lib64/libplc4.so 3071804000-3071a03000 ---p 00004000 08:02 11004890 /lib64/libplc4.so 3071a03000-3071a04000 rw-p 00003000 08:02 11004890 /lib64/libplc4.so 3071c00000-3071c37000 r-xp 00000000 08:02 11004888 /lib64/libnspr4.so 3071c37000-3071e37000 ---p 00037000 08:02 11004888 /lib64/libnspr4.so 3071e37000-3071e39000 rw-p 00037000 08:02 11004888 /lib64/libnspr4.so 3071e39000-3071e3c000 rw-p 3071e39000 00:00 0 3072400000-3072541000 r-xp 00000000 08:02 11004893 /lib64/libnss3.so 3072541000-3072740000 ---p 00141000 08:02 11004893 /lib64/libnss3.so 3072740000-3072749000 rw-p 00140000 08:02 11004893 /lib64/libnss3.so 3072749000-307274a000 rw-p 3072749000 00:00 0 3075800000-3075818000 r-xp 00000000 08:02 11004892 /lib64/libnssutil3.so 3075818000-3075a18000 ---p 00018000 08:02 11004892 /lib64/libnssutil3.so 3075a18000-3075a1d000 rw-p 00018000 08:02 11004892 /lib64/libnssutil3.so 34f0800000-34f080f000 r-xp 00000000 08:02 10971925 /lib64/libbz2.so.1.0.4 34f080f000-34f0a0e000 ---p 0000f000 08:02 10971925 /lib64/libbz2.so.1.0.4 34f0a0e000-34f0a10000 rw-p 0000e000 08:02 10971925 /lib64/libbz2.so.1.0.4 7f8748000000-7f8748021000 rw-p 7f8748000000 00:00 0 7f8748021000-7f874c000000 ---p 7f8748021000 00:00 0 7f874ccf0000-7f87518a1000 r--p 00000000 08:02 361150 /usr/lib/locale/locale-archive Happened when signing a package. Version-Release number of selected component (if applicable): rpm-4.4.2.3-1.fc9.x86_64 glibc-2.8-1.x86_64 How reproducible: Every time.
[Switching to Thread 0x7f44ba60a780 (LWP 8895)] 0x000000305fc32215 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) bt #0 0x000000305fc32215 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x000000305fc33d83 in abort () at abort.c:88 #2 0x000000305fc72858 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x000000305fc78158 in malloc_printerr (action=<value optimized out>, str=<value optimized out>, ptr=<value optimized out>) at malloc.c:5949 #4 0x000000305fc7a796 in __libc_free (mem=<value optimized out>) at malloc.c:3625 #5 0x000000305fc34ee8 in qsort_r (b=<value optimized out>, n=<value optimized out>, s=<value optimized out>, cmp=<value optimized out>, arg=<value optimized out>) at msort.c:296 #6 0x0000003061c2b12f in headerSort (h=<value optimized out>) at header.c:266 #7 0x0000003061c2cd44 in doHeaderUnload (h=<value optimized out>, lengthPtr=<value optimized out>) at header.c:859 #8 0x0000003061c2d7e1 in headerWrite (fd=<value optimized out>, h=<value optimized out>, magicp=<value optimized out>) at header.c:1348 #9 0x0000003062446e09 in makeHDRSignature (sigh=<value optimized out>, file=<value optimized out>, sigTag=<value optimized out>, passPhrase=<value optimized out>) at ../rpmdb/hdrinline.h:220 #10 0x00000030624472fa in rpmAddSignature (sigh=<value optimized out>, file=<value optimized out>, sigTag=<value optimized out>, passPhrase=<value optimized out>) at signature.c:842 #11 0x000000306242e08b in rpmReSign (ts=<value optimized out>, qva=<value optimized out>, argv=<value optimized out>) at rpmchecksig.c:329 #12 0x000000306242fbfd in rpmcliSign (ts=<value optimized out>, qva=<value optimized out>, argv=<value optimized out>) at rpmchecksig.c:1079 #13 0x0000000000401f5e in main (argc=5, argv=<value optimized out>) at ./rpmqv.c:840
valgrind says: Pass phrase is good. gpg: WARNING: standard input reopened ==9094== ==9094== Invalid read of size 4 ==9094== at 0x3061C2BC8B: regionSwab (header.c:563) ==9094== by 0x3061C2CA3D: doHeaderUnload (header.c:777) ==9094== by 0x3061C2D7E0: headerWrite (header.c:1348) ==9094== by 0x3062446E08: makeHDRSignature (hdrinline.h:220) ==9094== by 0x30624472F9: rpmAddSignature (signature.c:842) ==9094== by 0x306242E08A: rpmReSign (rpmchecksig.c:329) ==9094== by 0x306242FBFC: rpmcliSign (rpmchecksig.c:1079) ==9094== by 0x401F5D: main (rpmqv.c:840) ==9094== Address 0x508a648 is 0 bytes after a block of size 150,440 alloc'd ==9094== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==9094== by 0x3061C2C8B8: doHeaderUnload (header.c:704) ==9094== by 0x3061C2D7E0: headerWrite (header.c:1348) ==9094== by 0x3062446E08: makeHDRSignature (hdrinline.h:220) ==9094== by 0x30624472F9: rpmAddSignature (signature.c:842) ==9094== by 0x306242E08A: rpmReSign (rpmchecksig.c:329) ==9094== by 0x306242FBFC: rpmcliSign (rpmchecksig.c:1079) ==9094== by 0x401F5D: main (rpmqv.c:840) ==9094== ==9094== Invalid write of size 4 ==9094== at 0x3061C2BC91: regionSwab (header.c:563) ==9094== by 0x3061C2CA3D: doHeaderUnload (header.c:777) ==9094== by 0x3061C2D7E0: headerWrite (header.c:1348) ==9094== by 0x3062446E08: makeHDRSignature (hdrinline.h:220) ==9094== by 0x30624472F9: rpmAddSignature (signature.c:842) ==9094== by 0x306242E08A: rpmReSign (rpmchecksig.c:329) ==9094== by 0x306242FBFC: rpmcliSign (rpmchecksig.c:1079) ==9094== by 0x401F5D: main (rpmqv.c:840) ==9094== Address 0x508a648 is 0 bytes after a block of size 150,440 alloc'd ==9094== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==9094== by 0x3061C2C8B8: doHeaderUnload (header.c:704) ==9094== by 0x3061C2D7E0: headerWrite (header.c:1348) ==9094== by 0x3062446E08: makeHDRSignature (hdrinline.h:220) ==9094== by 0x30624472F9: rpmAddSignature (signature.c:842) ==9094== by 0x306242E08A: rpmReSign (rpmchecksig.c:329) ==9094== by 0x306242FBFC: rpmcliSign (rpmchecksig.c:1079) ==9094== by 0x401F5D: main (rpmqv.c:840) ==9094== ==9094== Invalid read of size 1 ==9094== at 0x3061C2A647: dataLength (header.c:415) ==9094== by 0x3061C2BB3F: regionSwab (header.c:513) ==9094== by 0x3061C2CA3D: doHeaderUnload (header.c:777) ==9094== by 0x3061C2D7E0: headerWrite (header.c:1348) ==9094== by 0x3062446E08: makeHDRSignature (hdrinline.h:220) ==9094== by 0x30624472F9: rpmAddSignature (signature.c:842) ==9094== by 0x306242E08A: rpmReSign (rpmchecksig.c:329) ==9094== by 0x306242FBFC: rpmcliSign (rpmchecksig.c:1079) ==9094== by 0x401F5D: main (rpmqv.c:840) ==9094== Address 0x508ca84 is not stack'd, malloc'd or (recently) free'd --9094-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --9094-- si_code=1; Faulting address: 0xA6B1C158; sp: 0x402E8BE50 valgrind: the 'impossible' happened: Killed by fatal signal ==9094== at 0x3802421D: vgPlain_arena_malloc (m_mallocfree.c:206) ==9094== by 0x38002A75: vgMemCheck_new_block (mc_malloc_wrappers.c:195) ==9094== by 0x38002E74: vgMemCheck_malloc (mc_malloc_wrappers.c:226) ==9094== by 0x38038051: vgPlain_scheduler (scheduler.c:1269) ==9094== by 0x38048620: run_a_thread_NORETURN (syswrap-linux.c:89)
test rpm is at http://notting.fedorapeople.org/test.rpm
Looks like this package got corrupted by the build system file system issues. The way RPM reacts to it scares me though, looks like a potential security hole!
Yup, easily reproduced. The package is corrupted alright and other paths notice something funny about it: [pmatilai@localhost rpm-4.4.x]$ ./rpmk -Kvv /tmp/test.rpm D: Expected size: 1625030 = lead(96)+sigs(180)+pad(4)+data(1624750) D: Actual size: 1625030 error: /tmp/test.rpm: headerGetEntry failed D: May free Score board((nil)) [pmatilai@localhost rpm-4.4.x]$ ./rpmq -qp /tmp/test.rpm warning: /tmp/test.rpm: Header SHA1 digest: NOKEY konq-plugins-4.0.3-0.1.20080409svn.fc9.ppc
Fixed upstream.
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fixed by the new rpm in rawhide, but deserves a fix in 4.4.x branch (and F8+9) too...
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update rpm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11390
rpm-4.4.2.3-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.