Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 874659

Summary: memory corruption on git shortlog
Product: Red Hat Enterprise Linux 6 Reporter: Eric Blake <eblake>
Component: gitAssignee: Petr Stodulka <pstodulk>
Status: CLOSED ERRATA QA Contact: Andrej Dzilský <adzilsky>
Severity: unspecified Docs Contact: Lenka Špačková <lkuprova>
Priority: unspecified    
Version: 6.4CC: adzilsky, eblake, mzhan, ovasik, psklenar, thozza
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: git-1.7.1-7.el6 Doc Type: Bug Fix
Doc Text:
"git shortlog" no longer crashes due to using freed memory Previously, when email address entries differed only in case, the `.mailmap` feature of the "git shortlog" command did not replace a duplicate email entry with a strdup pointer, and freed memory was referenced. Consequently, *Git* terminated unexpectedly due to using already freed memory. A patch has been applied, which ensures that memory is freed before these entries are replaced, and "git shortlog" correctly uses only allocated memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-21 10:00:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1254457, 1355829, 1359264    
Attachments:
Description Flags
abrt report, as logged to a file
none
patch none

Description Eric Blake 2012-11-08 15:35:58 UTC 
Description of problem:
When running 'git shortlog' on libvirt.git, I got a glibc warning about a double free.  I reproduced with a fresh clone, so that there is nothing in my working directory that could be impacting things.

Version-Release number of selected component (if applicable):
git-1.7.1-2.el6_0.1.x86_64

How reproducible:
100%

Steps to Reproduce:
1. git clone git://libvirt.org/libvirt.git libvirt-tmp1
2. cd libvirt-tmp1
3. git shortlog >/dev/null
  
Actual results:
*** glibc detected *** git: double free or corruption (fasttop): 0x00000000022cd770 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3403e760e6]
git[0x489835]
git[0x4b6378]
git[0x456e42]
git[0x45780e]
git[0x404171]
git[0x404352]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3403e1ecdd]
git[0x403b79]
======= Memory map: ========
00400000-00510000 r-xp 00000000 fd:00 1869296                            /usr/bin/git
00710000-00716000 rw-p 00110000 fd:00 1869296                            /usr/bin/git
00716000-00761000 rw-p 00000000 00:00 0 
00915000-00916000 rw-p 00115000 fd:00 1869296                            /usr/bin/git
022cd000-02bde000 rw-p 00000000 00:00 0                                  [heap]
3403a00000-3403a20000 r-xp 00000000 fd:00 1704105                        /lib64/ld-2.12.so
3403c1f000-3403c20000 r--p 0001f000 fd:00 1704105                        /lib64/ld-2.12.so
3403c20000-3403c21000 rw-p 00020000 fd:00 1704105                        /lib64/ld-2.12.so
3403c21000-3403c22000 rw-p 00000000 00:00 0 
3403e00000-3403f8a000 r-xp 00000000 fd:00 1704116                        /lib64/libc-2.12.so
3403f8a000-3404189000 ---p 0018a000 fd:00 1704116                        /lib64/libc-2.12.so
3404189000-340418d000 r--p 00189000 fd:00 1704116                        /lib64/libc-2.12.so
340418d000-340418e000 rw-p 0018d000 fd:00 1704116                        /lib64/libc-2.12.so
340418e000-3404193000 rw-p 00000000 00:00 0 
3404a00000-3404a17000 r-xp 00000000 fd:00 1704122                        /lib64/libpthread-2.12.so
3404a17000-3404c17000 ---p 00017000 fd:00 1704122                        /lib64/libpthread-2.12.so
3404c17000-3404c18000 r--p 00017000 fd:00 1704122                        /lib64/libpthread-2.12.so
3404c18000-3404c19000 rw-p 00018000 fd:00 1704122                        /lib64/libpthread-2.12.so
3404c19000-3404c1d000 rw-p 00000000 00:00 0 
3404e00000-3404e15000 r-xp 00000000 fd:00 1704133                        /lib64/libz.so.1.2.3
3404e15000-3405014000 ---p 00015000 fd:00 1704133                        /lib64/libz.so.1.2.3
3405014000-3405015000 r--p 00014000 fd:00 1704133                        /lib64/libz.so.1.2.3
3405015000-3405016000 rw-p 00015000 fd:00 1704133                        /lib64/libz.so.1.2.3
3c48e00000-3c48e16000 r-xp 00000000 fd:00 1704106                        /lib64/libgcc_s-4.4.7-20120601.so.1
3c48e16000-3c49015000 ---p 00016000 fd:00 1704106                        /lib64/libgcc_s-4.4.7-20120601.so.1
3c49015000-3c49016000 rw-p 00015000 fd:00 1704106                        /lib64/libgcc_s-4.4.7-20120601.so.1
7f625964e000-7f62596cf000 rw-p 00000000 00:00 0 
7f6259731000-7f625f263000 r--p 00000000 fd:03 1596243                    /home/dummy/libvirt-tmp1/.git/objects/pack/pack-6d7c059456c60b4ed58bccc2b2059134112cfaeb.pack
7f625f263000-7f625f4f3000 r--p 00000000 fd:03 1585480                    /home/dummy/libvirt-tmp1/.git/objects/pack/pack-6d7c059456c60b4ed58bccc2b2059134112cfaeb.idx
7f625f4f3000-7f625f4f6000 rw-p 00000000 00:00 0 
7f625f50f000-7f625f512000 rw-p 00000000 00:00 0 
7fff8defd000-7fff8df12000 rw-p 00000000 00:00 0                          [stack]
7fff8dfe5000-7fff8dfe6000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]


Expected results:
no memory corruption

Additional info:
Comment 1 Eric Blake 2012-11-08 15:36:39 UTC 
Created attachment 640886 [details]
abrt report, as logged to a file
Comment 2 Eric Blake 2012-11-08 15:37:58 UTC 
In case it matters, my clone of libvirt.git happened at upstream commit e124f49890742097c7d418d05d671c28340861a1
Comment 4 RHEL Program Management 2013-10-14 00:17:13 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 5 Ondrej Oprala 2014-06-19 13:39:03 UTC 
*** Bug 1111149 has been marked as a duplicate of this bug. ***
Comment 6 Petr Stodulka 2014-12-11 22:26:53 UTC 
Created attachment 967403 [details]
patch

This bug is already fixed in upstream (commit d8d2eb7d6b5e48c2bcb0e71a770f8a05375ac03e). Patch is corrected for actual rhel-6.6 version of git 1.7.1. Memory for entries 'mail' and 'name' of structure mailmap_entry is free only before replacing now.
Comment 12 errata-xmlrpc 2017-03-21 10:00:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0640.html