Bug 617037 - [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
[abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was...
Status: CLOSED DUPLICATE of bug 645386
Product: Fedora
Classification: Fedora
Component: cvs (Show other bugs)
13
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Petr Pisar
Fedora Extras Quality Assurance
https://savannah.nongnu.org/bugs/inde...
abrt_hash:29bae33669b6ddf94490623ecb8...
:
: 639400 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-21 22:36 EDT by Joshua Rosen
Modified: 2010-10-21 11:26 EDT (History)
2 users (show)

See Also:
Fixed In Version: cvs-1.11.23-10.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-21 11:26:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (9.76 KB, text/plain)
2010-07-21 22:37 EDT, Joshua Rosen
no flags Details

  None (edit)
Description Joshua Rosen 2010-07-21 22:36:59 EDT
abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: cvs update
component: cvs
crash_function: linevector_free
executable: /usr/bin/cvs
global_uuid: 29bae33669b6ddf94490623ecb8dad953eba8f0c
kernel: 2.6.33.6-147.fc13.x86_64
package: cvs-1.11.23-8.fc13
rating: 4
reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
Comment 1 Joshua Rosen 2010-07-21 22:37:00 EDT
Created attachment 433571 [details]
File: backtrace
Comment 2 Joshua Rosen 2010-07-21 22:40:51 EDT
Package: cvs-1.11.23-8.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


Comment
-----
cvs update: Updating common/v
P common/v/latch_test_ctrl.v
cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch
P common/v/test_ctrl.v
cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch
P common/v/test_ctrl_n.v
Segmentation fault (core dumped)
Comment 3 Petr Pisar 2010-07-22 07:31:34 EDT
/* Free storage associated with linevector.  */
static void
linevector_free (vec)
    struct linevector *vec;
{
    unsigned int ln;

    if (vec->vector != NULL)
    {
        for (ln = 0; ln < vec->nlines; ++ln)
→           if (vec->vector[ln] && --vec->vector[ln]->refcount == 0)
                free (vec->vector[ln]);

        free (vec->vector);
    }
}

It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.
Comment 4 Petr Pisar 2010-07-23 07:58:39 EDT
Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.
Comment 5 Petr Pisar 2010-10-04 04:14:55 EDT
*** Bug 639400 has been marked as a duplicate of this bug. ***
Comment 6 Petr Pisar 2010-10-21 11:26:30 EDT
I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13.

*** This bug has been marked as a duplicate of bug 645386 ***

Note You need to log in before you can comment on or make changes to this bug.