Bug 61388 - rpm-4.0.4-7x.5 segfaults on audiofile-0.2.3-1
rpm-4.0.4-7x.5 segfaults on audiofile-0.2.3-1
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: rpm (Show other bugs)
1.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-18 17:56 EST by Olivier Baudron
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-18 18:12:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Olivier Baudron 2002-03-18 17:56:23 EST
$ rpm --checksig audiofile*-0.2.3-1.i386.rpm 
audiofile-0.2.3-1.i386.rpm: md5 OK
audiofile-devel-0.2.3-1.i386.rpm: md5 OK

$ rpm -Uvh audiofile*-0.2.3-1.i386.rpm
Segmentation fault
Comment 1 Jeff Johnson 2002-03-18 18:06:17 EST
Reproduced:

yarmouth:/B/7.2-gnome/audiofile/0.2.3-1/i386 287 bash$ rpm -q rpm
rpm-4.0.4-7x.5
yarmouth:/B/7.2-gnome/audiofile/0.2.3-1/i386 288 bash$ rpm -V rpm
yarmouth:/B/7.2-gnome/audiofile/0.2.3-1/i386 289 bash$ rpm -Kvv
audiofile*-0.2.3-1.i386.rpm
D: Expected size:       102480 = lead(96)+sigs(160)+pad(0)+data(102224)
D:   Actual size:       102480
audiofile-0.2.3-1.i386.rpm:
MD5 sum OK: 1cb7122e01aea389d5ce2a59e8e1185f
D: Expected size:        78979 = lead(96)+sigs(160)+pad(0)+data(78723)
D:   Actual size:        78979
audiofile-devel-0.2.3-1.i386.rpm:
MD5 sum OK: bab86c9733e4c0f2c63e33f221cd647c
yarmouth:/B/7.2-gnome/audiofile/0.2.3-1/i386 290 bash$ sudo rpm -Uvh
audiofile-*0.2.3-1.i386.rpm
Segmentation fault
yarmouth:/B/7.2-gnome/audiofile/0.2.3-1/i386 291 bash$ rpm -qip audiofile-*.rpm
Name        : audiofile                    Relocations: (not relocateable)
Version     : 0.2.3                             Vendor: Red Hat, Inc.
Release     : 1                             Build Date: Fri 11 Jan 2002 01:44:40
PM EST
Install date: (not installed)               Build Host:
stripples.devel.redhat.com
Group       : System Environment/Libraries   Source RPM:
audiofile-0.2.3-1.src.rpm
Size        : 256339                           License: LGPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://oss.sgi.com/projects/audofile/
Summary     : A library for accessing various audio file formats.
Description :
The Audio File library is an implementation of SGI's Audio File
Library, which provides an API for accessing audio file formats like
AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. This library is used
by the EsounD daemon.

Install audiofile if you are installing EsounD or you need an API for
any of the sound file formats it can handle.
Name        : audiofile-devel              Relocations: (not relocateable)
Version     : 0.2.3                             Vendor: Red Hat, Inc.
Release     : 1                             Build Date: Fri 11 Jan 2002 01:44:40
PM EST
Install date: (not installed)               Build Host:
stripples.devel.redhat.com
Group       : Development/Libraries         Source RPM:
audiofile-0.2.3-1.src.rpm
Size        : 236601                           License: LGPL
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://oss.sgi.com/projects/audofile/
Summary     : Development files for Audio File applications.
Description :
The audiofile-devel package contains libraries, include files, and
other resources you can use to develop Audio File applications.

Comment 2 Jeff Johnson 2002-03-18 18:12:27 EST
Reproduced after rebuilding as well.
Comment 3 Jeff Johnson 2002-03-18 19:34:21 EST
Yup, here it is:
--- lib/depends.c	30 Jan 2002 22:11:50 -0000	1.136.2.52
+++ lib/depends.c	19 Mar 2002 00:26:29 -0000
@@ -1105,7 +1105,7 @@
 	match--;
 
     for (ret = NULL, found = 0;
-	 match <= al->index.index + al->index.size &&
+	 match < al->index.index + al->index.size &&
 		indexcmp(match, &needle) == 0;
 	 match++)
     {

Will be fixed in rpm-4.0.4-7x.7, building now.

Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.