617037 – [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)

Bug 617037 - [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)

Summary: [abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was...

Status:	CLOSED DUPLICATE of bug 645386
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cvs
Sub Component:
Version:	13
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Petr Pisar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://savannah.nongnu.org/bugs/inde...
Whiteboard:	abrt_hash:29bae33669b6ddf94490623ecb8...
Keywords:
Duplicates (1):	639400 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-07-22 02:36 UTC by Joshua Rosen
Modified:	2010-10-21 15:26 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2010-10-21 15:26:30 UTC
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (9.76 KB, text/plain) 2010-07-22 02:37 UTC, Joshua Rosen	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Joshua Rosen 2010-07-22 02:36:59 UTC

abrt 1.1.1 detected a crash.

architecture: x86_64
Attached file: backtrace
cmdline: cvs update
component: cvs
crash_function: linevector_free
executable: /usr/bin/cvs
global_uuid: 29bae33669b6ddf94490623ecb8dad953eba8f0c
kernel: 2.6.33.6-147.fc13.x86_64
package: cvs-1.11.23-8.fc13
rating: 4
reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)

Comment 1 Joshua Rosen 2010-07-22 02:37:00 UTC

Created attachment 433571 [details]
File: backtrace

Comment 2 Joshua Rosen 2010-07-22 02:40:51 UTC

Package: cvs-1.11.23-8.fc13
Architecture: x86_64
OS Release: Fedora release 13 (Goddard)


Comment
-----
cvs update: Updating common/v
P common/v/latch_test_ctrl.v
cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch
P common/v/test_ctrl.v
cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch
P common/v/test_ctrl_n.v
Segmentation fault (core dumped)

Comment 3 Petr Pisar 2010-07-22 11:31:34 UTC

/* Free storage associated with linevector.  */
static void
linevector_free (vec)
    struct linevector *vec;
{
    unsigned int ln;

    if (vec->vector != NULL)
    {
        for (ln = 0; ln < vec->nlines; ++ln)
→           if (vec->vector[ln] && --vec->vector[ln]->refcount == 0)
                free (vec->vector[ln]);

        free (vec->vector);
    }
}

It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.

Comment 4 Petr Pisar 2010-07-23 11:58:39 UTC

Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.

Comment 5 Petr Pisar 2010-10-04 08:14:55 UTC

*** Bug 639400 has been marked as a duplicate of this bug. ***

Comment 6 Petr Pisar 2010-10-21 15:26:30 UTC

I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13.

*** This bug has been marked as a duplicate of bug 645386 ***

Note You need to log in before you can comment on or make changes to this bug.