Bug 617037 – [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 617037 - [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)

Summary:	[abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was...

Status:	CLOSED DUPLICATE of bug 645386

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	cvs (Show other bugs)
Sub Component:
Version:	13
Hardware:	x86_64 Linux

Priority	low Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Petr Pisar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:

URL:	https://savannah.nongnu.org/bugs/inde...
Whiteboard:	abrt_hash:29bae33669b6ddf94490623ecb8...
Keywords:

Duplicates:	639400 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-07-21 22:36 EDT by Joshua Rosen
Modified:	2010-10-21 11:26 EDT (History)
CC List:	2 users (show)

See Also:
Fixed In Version:	cvs-1.11.23-10.fc13
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2010-10-21 11:26:30 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
File: backtrace (9.76 KB, text/plain) 2010-07-21 22:37 EDT, Joshua Rosen	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Joshua Rosen 2010-07-21 22:36:59 EDT

abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: cvs update
component: cvs
crash_function: linevector_free
executable: /usr/bin/cvs
global_uuid: 29bae33669b6ddf94490623ecb8dad953eba8f0c
kernel: 2.6.33.6-147.fc13.x86_64
package: cvs-1.11.23-8.fc13
rating: 4
reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

Comment 1 Joshua Rosen 2010-07-21 22:37:00 EDT

Created attachment 433571 [details]
File: backtrace

Comment 2 Joshua Rosen 2010-07-21 22:40:51 EDT

Package: cvs-1.11.23-8.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


Comment
-----
cvs update: Updating common/v
P common/v/latch_test_ctrl.v
cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch
P common/v/test_ctrl.v
cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch
P common/v/test_ctrl_n.v
Segmentation fault (core dumped)

Comment 3 Petr Pisar 2010-07-22 07:31:34 EDT

/* Free storage associated with linevector.  */
static void
linevector_free (vec)
    struct linevector *vec;
{
    unsigned int ln;

    if (vec->vector != NULL)
    {
        for (ln = 0; ln < vec->nlines; ++ln)
→           if (vec->vector[ln] && --vec->vector[ln]->refcount == 0)
                free (vec->vector[ln]);

        free (vec->vector);
    }
}

It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.

Comment 4 Petr Pisar 2010-07-23 07:58:39 EDT

Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.

Comment 5 Petr Pisar 2010-10-04 04:14:55 EDT

*** Bug 639400 has been marked as a duplicate of this bug. ***

Comment 6 Petr Pisar 2010-10-21 11:26:30 EDT

I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13.

*** This bug has been marked as a duplicate of bug 645386 ***

Note You need to log in before you can comment on or make changes to this bug.