637357 – rpmdeps with no input segfaults at rpmfc.c:1257

Bug 637357 - rpmdeps with no input segfaults at rpmfc.c:1257

Summary: rpmdeps with no input segfaults at rpmfc.c:1257

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jindrich Novy
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-09-25 06:30 UTC by Jens Petersen
Modified:	2013-07-02 23:48 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-09-26 16:49:28 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jens Petersen 2010-09-25 06:30:12 UTC

Description of problem:
rpmdeps segfaults if it is run with empty stdin.

Version-Release number of selected component (if applicable):
rpm-4.8.1-2.fc13

How reproducible:
every time

Steps to Reproduce:
$ echo -n | /usr/lib/rpm/rpmdeps 
  
Actual results:
Segmentation fault (core dumped)

Expected results:
no segfault

Additional info:
Probably also happens in F14 - haven't tested yet.

Comment 1 Jens Petersen 2010-09-25 06:40:51 UTC

[New Thread 23188]
Core was generated by `/usr/lib/rpm/rpmdeps --provides'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
1257	rpmfc.c: No such file or directory.
	in rpmfc.c

Thread 1 (Thread 23188):
#0  0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
        fcat = <value optimized out>
        s = <value optimized out>
        se = <value optimized out>
        ds = <value optimized out>
        N = <value optimized out>
        EVR = <value optimized out>
        deptype = <value optimized out>
        nddict = <value optimized out>
        previx = <value optimized out>
        dix = <value optimized out>
        ix = <value optimized out>
        i = <value optimized out>
        skipping = 0
#1  0x0000000000401122 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at tools/rpmdeps.c:89
        optCon = 0x21fb130
        av = 0x0
        fc = 0x2243740
        ac = <value optimized out>
        ec = 1
        buf = "\000\000\026\301APx\000\300KK\360\377\177\000\000\060LK\360\377\177\000\000\005\000\000\000\000\000\000\000\300.K\360\377\177\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000]\302 (<", '\000' <repeats 27 times>"\246, \340 (<\000\000\000\270\377A(<\000\000\000\350KK\360\377\177\000\000\360KK\360\377\177\000\000\377KK\360\377\177\000\000 \302 (<\000\000\000\300KK\360\377\177\000\000\000\000\000\000\000\000\000\000x6@\"=\000\000\000\060LK\360\377\177\000\000D\312 (<\000\000\000\000\360\322\277\006\177\000\000\310$\323\277\006\177\000\000\000\000\000\000\000\000\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000\000\000 [\226\340\377\377\000\000\026\301APx", '\000' <repeats 49 times>"\300, KK\360\377\177\000\000\060LK\360\377\177\000\000\000\000\000\000\000\000\000\000\320/K\360\377\177\000\000"...
From                To                  Syms Read   Shared Object Library
0x0000003a6fe14b50  0x0000003a6fe512e8  Yes         /usr/lib64/librpm.so.1
0x0000003a6fa0b720  0x0000003a6fa226d8  Yes         /usr/lib64/librpmio.so.1
0x0000003a702089e0  0x0000003a7021d548  Yes         /usr/lib64/librpmbuild.so.1
0x00000037f2605610  0x00000037f2615708  Yes         /lib64/libselinux.so.1
0x0000003c2ba01330  0x0000003c2ba02c48  Yes         /lib64/libcap.so.2
0x00000033c7401d30  0x00000033c7405c08  Yes         /lib64/libacl.so.1
0x0000003c2b6238c0  0x0000003c2b74b588  Yes         /lib64/libdb-4.8.so
0x0000003d23218430  0x0000003d232fc708  Yes         /usr/lib64/libnss3.so
0x0000003c38201630  0x0000003c3820dcc8  Yes         /lib64/libbz2.so.1
0x0000003c29601ef0  0x0000003c2960d228  Yes         /lib64/libz.so.1
0x0000003c34a025d0  0x0000003c34a169a8  Yes         /usr/lib64/liblzma.so.0
0x0000003a72606d80  0x0000003a72621c28  Yes         /usr/lib64/liblua-5.1.so
0x0000003035c03ea0  0x0000003035c43fa8  Yes         /lib64/libm.so.6
0x0000003c2be029d0  0x0000003c2be0f758  Yes (*)     /usr/lib64/libelf.so.1
0x0000003a64803dc0  0x0000003a648153e8  Yes         /usr/lib64/libmagic.so.1
0x0000003c3b601b10  0x0000003c3b606ee8  Yes         /lib64/libpopt.so.0
0x0000003c29a02140  0x0000003c29a055a8  Yes         /lib64/librt.so.1
0x0000003c28e05640  0x0000003c28e10e48  Yes         /lib64/libpthread.so.0
0x0000003c2861e9a0  0x0000003c2872b820  Yes         /lib64/libc.so.6
0x0000003c32602910  0x0000003c32612f48  Yes         /lib64/libgcc_s.so.1
0x0000003c29200de0  0x0000003c29201998  Yes         /lib64/libdl.so.2
0x0000003c28200af0  0x0000003c28218904  Yes         /lib64/ld-linux-x86-64.so.2
0x0000003c33201350  0x0000003c33203448  Yes         /lib64/libattr.so.1
0x0000003d22e08560  0x0000003d22e137e8  Yes         /usr/lib64/libnssutil3.so
0x0000003d222013d0  0x0000003d22202b08  Yes         /lib64/libplc4.so
0x0000003d22a00ea0  0x0000003d22a01d58  Yes         /lib64/libplds4.so
0x0000003d2260cf50  0x0000003d2262c6b8  Yes         /lib64/libnspr4.so
0x00007f06b9c6b110  0x00007f06b9c73258  Yes         /lib64/libnss_files.so.2
0x0000003d24604a10  0x0000003d2462dea8  Yes         /usr/lib64/libsoftokn3.so
0x0000003c3be08b20  0x0000003c3be758c8  Yes         /usr/lib64/libsqlite3.so.0
0x0000003d21a030c0  0x0000003d21a3d838  Yes         /usr/lib64/libfreebl3.so
(*): Shared library is missing debugging information.
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
rax            0x0	0
rbx            0x2243740	35927872
rcx            0x66	102
rdx            0x0	0
rsi            0x0	0
rdi            0x2243740	35927872
rbp            0x0	0x0
rsp            0x7ffff04b2ca0	0x7ffff04b2ca0
r8             0x78	120
r9             0x101010101010101	72340172838076673
r10            0x78	120
r11            0x3c28682902	258375952642
r12            0x7ffff04b2d28	140737224846632
r13            0x21fb130	35631408
r14            0x0	0
r15            0x0	0
rip            0x3a702192cc	0x3a702192cc <rpmfcApply+28>
eflags         0x10206	[ PF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
Dump of assembler code for function rpmfcApply:
[snipped]
Debuginfo absent: 8215cdc8f819283b3264e036728cdf5679ef4f83

Comment 2 Jindrich Novy 2010-09-26 16:49:28 UTC

Fixed upstream for now. The crash was caused by dereferencing NULL pointer.

Note You need to log in before you can comment on or make changes to this bug.