Red Hat Bugzilla – Bug 617037
[abrt] crash in cvs-1.11.23-8.fc13: linevector_free: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
Last modified: 2010-10-21 11:26:30 EDT
abrt 1.1.1 detected a crash.
Attached file: backtrace
cmdline: cvs update
reason: Process /usr/bin/cvs was killed by signal 11 (SIGSEGV)
release: Fedora release 13 (Goddard)
Created attachment 433571 [details]
OS Release: Fedora release 13 (Goddard)
cvs update: Updating common/v
cvs update: checksum failure after patch to common/v/latch_test_ctrl.v; will refetch
cvs update: checksum failure after patch to common/v/test_ctrl.v; will refetch
Segmentation fault (core dumped)
/* Free storage associated with linevector. */
struct linevector *vec;
unsigned int ln;
if (vec->vector != NULL)
for (ln = 0; ln < vec->nlines; ++ln)
→ if (vec->vector[ln] && --vec->vector[ln]->refcount == 0)
It segfaults on derefencing vec->vector[ln]->refcount, while vec->vector[ln] != NULL but it's still invalid pointer.
Forwarding to upstream (see URL) as without data to reproduce it requires code review by somebody how knows the code very well.
*** Bug 639400 has been marked as a duplicate of this bug. ***
I believe this is instance of bug #645386 (corrupted CVS repository crashes CVS client) and it will be fixed in cvs-1.11.23-10.fc13.
*** This bug has been marked as a duplicate of bug 645386 ***