From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6) Gecko/20011120 Description of problem: Found by accident. :-) Version-Release number of selected component (if applicable): 4.0.3-1.03 How reproducible: Always Steps to Reproduce: 1. rpm --recompile /etc/rpm 2. rpm --recompile /etc/service 3. rpm --recompile rpm.spec Actual Results: $ rpm --recompile /etc/rpm Installing /etc/rpm error: read failed: Is a directory (21) Segmentation fault $ rpm --recompile /etc/services Installing /etc/services Segmentation fault $ rpm --recompile rpm.spec Installing rpm.spec Segmentation fault Expected Results: $ rpm --recompile /etc/rpm Installing /etc/rpm error: read failed: Is a directory (21) error: source package expected $ rpm --recompile /etc/services Installing /etc/services error: source package expected $ rpm --recompile rpm.spec Installing rpm.spec error: source package expected
This works w/o segfaulting for me: bash$ rpm --recompile /etc/rpm Installing /etc/rpm error: read failed: Is a directory (21) error: /etc/rpm cannot be installed bash$ rpm --recompile /etc/services Installing /etc/services error: /etc/services cannot be installed
Coincidence? $ rpm -q rpm rpm-4.0.3-1.03 $ rpm --recompile /etc/rpm Installing /etc/rpm error: read failed: Is a directory (21) Segmentation fault [...] gettimeofday({1008799960, 651048}, NULL) = 0 brk(0x805f000) = 0x805f000 write(2, "error: ", 7error: ) = 7 write(2, "read failed: Is a directory (21)"..., 33read failed: Is a directory (21) ) = 33 --- SIGSEGV (Segmentation fault) --- +++ killed by SIGSEGV +++ On a different machine, P1/133 MHz running fully updated Enigma, I get a completely different behaviour: $ rpm --recompile /etc/inittab /etc/inittab: No such file or directory $ rpm -qf /etc/inittab initscripts-6.40-1 Any ideas? Looks to me as if RPM could be depending on uninitialized variables or something like.
I still can't reproduce this problem.
[I've added some comments and a patch to the wrong RPM bug report, bug #50197.] Debugging revealed that lib/psm.c rpmInstallSourcePackage(...) defines a structure "Header h", but doesn't initialize it. It then calls lib/package.c rpmReadPackageHeader(...) with the struct as argument and there returns from rpmReadPackageHeaders(...) with rc = RPMRC_BADMAGIC and still without having initialized/cleared the header struct. psm.c then jumps to the exit label where "h = headerFree(h);" is called shortly after and causes a segfault. The attached patch which initializes the Header structure is enough to fix this bug on my system, but might cause a memory leak when the code simply overwrites the structure later on. Anyway, this should make clear, where the segfault and misbehaviour is coming from.
Created attachment 41209 [details] patch which fixes symptoms, but may not be correct
Patch is wrong, initialize to NULL. Fixed AFAIK in rpm-4.0.3-7x final available from ftp://ftp.rpm.org/pub/rpm/dist/rpm-4.0.x
Well, in above comment I did not claim it would be a correct patch. ;-) Btw, meanwhile I've found the following comment in both the spec and CHANGES file: * Mon Aug 13 2001 Jeff Johnson <jbj> - fix: segfault on headerFree given malicious data. So, a few months ago you knew about this bug, too, but the real fix has went in sometime between Enigma and RPM 4.0.3 final. Aha!
Nope, that changelog entry refers to an exploit that is/was on various security lists this past fall.
*** Bug 60274 has been marked as a duplicate of this bug. ***
Fyi, I had segfaults with rpmbuild --rebuild file.spec, until today's rpm-build package update. I didn't have time to file a report until just now, but then I found that a) it had been fixed, and b) this report has been closed. ;) But here it is: $ rpmbuild --rebuild file.spec Installing file.spec Segmentation fault If I do the same thing today: $ rpmbuild --rebuild file.spec Installing file.spec error: file.spec cannot be installed (file.spec is an empty file in the example, but it also occurs with valid spec files.) The first example is on an RH7.2 machine owned by a friend, I have no control over whether he will update his packages today or not, but I have a core dump if you want it.
Whether --rebuild or --recompile, whether "rpm" or "rpmbuild", doesn't matter. Same bug, same symptoms, and fixed in rpm-4.0.4-7x. No more segfaults doing stupid things... ;-)