Bug 460146 - rpm segfault installing kernel
rpm segfault installing kernel
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Jindrich Novy
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-26 10:00 EDT by jmccann
Modified: 2015-01-14 18:21 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-29 15:12:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description jmccann 2008-08-26 10:00:33 EDT
Description of problem:
Seg fault installing kernel

Version-Release number of selected component (if applicable):
rpm-4.5.90-0.git8461.2.i386


How reproducible:
Every time

sudo gdb --args rpm -ivh kernel-2.6.27-0.278.rc4.git4.fc10.i686.rpm kernel-firmware-2.6.27-0.278.rc4.git4.fc10.noarch.rpm
GNU gdb Fedora (6.8-20.fc10)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) r
Starting program: /bin/rpm -ivh kernel-2.6.27-0.278.rc4.git4.fc10.i686.rpm kernel-firmware-2.6.27-0.278.rc4.git4.fc10.noarch.rpm
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fe3710 (LWP 6191)]
Detaching after fork from child process 6204.
Detaching after fork from child process 6205.
Detaching after fork from child process 6206.
Detaching after fork from child process 6207.
Detaching after fork from child process 6208.
Detaching after fork from child process 6209.
Preparing...                ########################################### [100%]

Program received signal SIGSEGV, Segmentation fault.
0x0036635b in strlen () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install gcc.i386 sqlite.i386
(gdb) bt
#0  0x0036635b in strlen () from /lib/libc.so.6
#1  0x003327c6 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, 
    ap=<value optimized out>) at vfprintf.c:1581
#2  0x003ea432 in ___vsnprintf_chk (s=<value optimized out>, maxlen=<value optimized out>, 
    flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>, 
    args=<value optimized out>) at vsnprintf_chk.c:65
#3  0x009fef7d in vsnprintf () at /usr/include/bits/stdio2.h:78
#4  rasprintf (strp=<value optimized out>, fmt=<value optimized out>) at rpmstring.c:153
#5  0x00a58906 in rpmProblemString (prob=<value optimized out>) at rpmps.c:321
#6  0x00a58c06 in rpmpsPrint (fp=<value optimized out>, ps=<value optimized out>) at rpmps.c:405
#7  0x00a57003 in rpmInstall (ts=<value optimized out>, ia=<value optimized out>, 
    fileArgv=<value optimized out>) at rpminstall.c:557
#8  0x0804ace2 in main (argc=4, argv=0xbffff7d4) at rpmqv.c:751
Comment 1 Yanko Kaneti 2008-08-26 10:26:28 EDT
I guess that would be rpm failing while trying to complain about /boot being full.
Comment 2 jmccann 2008-08-26 11:02:51 EDT
Looks like the trigger was indeed /boot being full.  I had 3 x kernel+initrd installed.  I removed the oldest kernel and then I was able to install the latest kernel.
Comment 3 Jindrich Novy 2008-08-26 12:54:37 EDT
Hmm, this one looks interesting. It actually segfaults in a printing function while figuring out final string size from the format string. And yes, rpm just wants to complain about lack of disc space:

    case RPMPROB_DISKSPACE:
        rc = rasprintf(&buf,
            _("installing package %s needs %ld%cB on the %s filesystem"),
                pkgNEVR,
                prob->num1 > (1024*1024)
                    ? (prob->num1 + 1024 * 1024 - 1) / (1024 * 1024)
                    : (prob->num1 + 1023) / 1024,
                prob->num1 > (1024*1024) ? 'M' : 'K',
                str1);
        break;

The p->num1 is uint64_t and rasprintf() eats just long int, maybe that's the problem. Please write me your arch so that I can point you to likely fixed testing rpms. Thanks.
Comment 4 jmccann 2008-08-26 13:28:50 EDT
Arch is i686
Comment 5 Jindrich Novy 2008-08-26 13:54:16 EDT
The rpms are here: http://koji.fedoraproject.org/koji/taskinfo?taskID=787317

Do you still see the sefault with the new rpms?
Comment 6 jmccann 2008-08-29 14:13:09 EDT
The segfault is gone when using:
rpm-4.5.90-0.git8461.3.i386

I now get:
[('installing package kernel-2.6.27-0.290.rc5.fc10.i686 needs 2MB on the /boot filesystem', (9, '/boot', 2012160L))]


Thanks!
Comment 7 Jindrich Novy 2008-08-29 15:12:26 EDT
Thanks for reporting & testing :)

It's now fixed in rawhide.

Note You need to log in before you can comment on or make changes to this bug.