abrt 1.1.1 detected a crash. architecture: x86_64 Attached file: backtrace cmdline: cvs update component: cvs crash_function: linevector_free executable: /usr/bin/cvs global_uuid: 29bae33669b6ddf94490623ecb8dad953eba8f0c kernel: 2.6.33.6-147.fc13.x86_64 package: cvs-1.11.23-8.fc13 rating: 4 reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV) release: Fedora release 13 (Goddard)
Created attachment 433571 [details] File: backtrace
Package: cvs-1.11.23-8.fc13 Architecture: x86_64 OS Release: Fedora release 13 (Goddard) Comment ----- cvs update: Updating common/v P common/v/latch_test_ctrl.v cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch P common/v/test_ctrl.v cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch P common/v/test_ctrl_n.v Segmentation fault (core dumped)
/* Free storage associated with linevector. */ static void linevector_free (vec) struct linevector *vec; { unsigned int ln; if (vec->vector != NULL) { for (ln = 0; ln < vec->nlines; ++ln) → if (vec->vector[ln] && --vec->vector[ln]->refcount == 0) free (vec->vector[ln]); free (vec->vector); } } It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.
Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.
*** Bug 639400 has been marked as a duplicate of this bug. ***
I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13. *** This bug has been marked as a duplicate of bug 645386 ***