Bug 617037 - [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
Summary: [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was...
Status: CLOSED DUPLICATE of bug 645386
Alias: None
Product: Fedora
Classification: Fedora
Component: cvs
Version: 13
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Petr Pisar
QA Contact: Fedora Extras Quality Assurance
URL: https://savannah.nongnu.org/bugs/inde...
Whiteboard: abrt_hash:29bae33669b6ddf94490623ecb8...
: 639400 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-22 02:36 UTC by Joshua Rosen
Modified: 2010-10-21 15:26 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2010-10-21 15:26:30 UTC

Attachments (Terms of Use)
File: backtrace (9.76 KB, text/plain)
2010-07-22 02:37 UTC, Joshua Rosen
no flags Details

Description Joshua Rosen 2010-07-22 02:36:59 UTC
abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: cvs update
component: cvs
crash_function: linevector_free
executable: /usr/bin/cvs
global_uuid: 29bae33669b6ddf94490623ecb8dad953eba8f0c
package: cvs-1.11.23-8.fc13
rating: 4
reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

Comment 1 Joshua Rosen 2010-07-22 02:37:00 UTC
Created attachment 433571 [details]
File: backtrace

Comment 2 Joshua Rosen 2010-07-22 02:40:51 UTC
Package: cvs-1.11.23-8.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)

cvs update: Updating common/v
P common/v/latch_test_ctrl.v
cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch
P common/v/test_ctrl.v
cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch
P common/v/test_ctrl_n.v
Segmentation fault (core dumped)

Comment 3 Petr Pisar 2010-07-22 11:31:34 UTC
/* Free storage associated with linevector.  */
static void
linevector_free (vec)
    struct linevector *vec;
    unsigned int ln;

    if (vec->vector != NULL)
        for (ln = 0; ln < vec->nlines; ++ln)
→           if (vec->vector[ln] && --vec->vector[ln]->refcount == 0)
                free (vec->vector[ln]);

        free (vec->vector);

It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.

Comment 4 Petr Pisar 2010-07-23 11:58:39 UTC
Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.

Comment 5 Petr Pisar 2010-10-04 08:14:55 UTC
*** Bug 639400 has been marked as a duplicate of this bug. ***

Comment 6 Petr Pisar 2010-10-21 15:26:30 UTC
I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13.

*** This bug has been marked as a duplicate of bug 645386 ***

Note You need to log in before you can comment on or make changes to this bug.