877512 – rpmbuild segfaults due to heap corruption

Bug 877512 - rpmbuild segfaults due to heap corruption

Summary: rpmbuild segfaults due to heap corruption

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Fedora Packaging Toolset Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	877568 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-11-16 17:49 UTC by Jeff Law
Modified:	2013-04-24 12:31 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-11-17 17:17:54 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	956190	0	unspecified	CLOSED	rpmbuild crashes with double free or corruption (fasttop) when %caps directives are at the end of a %files section or ha...	2021-02-22 00:41:40 UTC

Internal Links: 904818 956190

Description Jeff Law 2012-11-16 17:49:34 UTC

Description of problem:
When building rawhide glibc, rpmbuild segfaults.

Version-Release number of selected component (if applicable):
http://koji.fedoraproject.org/koji/buildinfo?buildID=366626

How reproducible:


Steps to Reproduce:
1. fedpkg clone glibc
2. cd glibc
3. fedpkg build
  
Actual results:
Build fails.  It's not obvious, but it's failing because rpmbuild segfaults (determined using a local mock build)

Expected results:
Build succeeds.


Additional info:
Valgrind report.  Of particular interest is the invalid free report with a backtrace that is consistent when the one I get using gdb on a coredump from rpmbuild


valgrind rpmbuild -bl --short-circuit glibc.spec 
==11039== Memcheck, a memory error detector
==11039== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==11039== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==11039== Command: rpmbuild -bl --short-circuit glibc.spec
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E42E5E: parseDescription (parseDescription.c:38)
==11039==    by 0x4E48FEF: parseSpec (parseSpec.c:607)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8afe6a4 is 4 bytes inside a block of size 5 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E42E5E: parseDescription (parseDescription.c:38)
==11039==    by 0x4E48FEF: parseSpec (parseSpec.c:607)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E45C07: doSetupMacro (parsePrep.c:266)
==11039==    by 0x4E46BC2: parsePrep (parsePrep.c:514)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8e17774 is 20 bytes inside a block of size 23 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E45C07: doSetupMacro (parsePrep.c:266)
==11039==    by 0x4E46BC2: parsePrep (parsePrep.c:514)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E45C07: doSetupMacro (parsePrep.c:266)
==11039==    by 0x4E46BC2: parsePrep (parsePrep.c:514)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8e13010 is 0 bytes inside a block of size 2 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E45C07: doSetupMacro (parsePrep.c:266)
==11039==    by 0x4E46BC2: parsePrep (parsePrep.c:514)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E464A7: doPatchMacro (parsePrep.c:430)
==11039==    by 0x4E46B62: parsePrep (parsePrep.c:516)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8b885c4 is 4 bytes inside a block of size 5 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E464A7: doPatchMacro (parsePrep.c:430)
==11039==    by 0x4E46B62: parsePrep (parsePrep.c:516)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E464E0: doPatchMacro (parsePrep.c:430)
==11039==    by 0x4E46B62: parsePrep (parsePrep.c:516)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8bc6c30 is 0 bytes inside a block of size 2 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E635: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E464E0: doPatchMacro (parsePrep.c:430)
==11039==    by 0x4E46B62: parsePrep (parsePrep.c:516)
==11039==    by 0x4E48FC7: parseSpec (parseSpec.c:595)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E47567: parseScript (parseScript.c:208)
==11039==    by 0x4E49007: parseSpec (parseSpec.c:621)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8ae48c4 is 4 bytes inside a block of size 6 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E47567: parseScript (parseScript.c:208)
==11039==    by 0x4E49007: parseSpec (parseSpec.c:621)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D888: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E4320D: parseFiles (parseFiles.c:39)
==11039==    by 0x4E48FA7: parseSpec (parseSpec.c:625)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0x8c8d08c is 12 bytes inside a block of size 13 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E4320D: parseFiles (parseFiles.c:39)
==11039==    by 0x4E48FA7: parseSpec (parseSpec.c:625)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 4
==11039==    at 0x6F9D89D: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E4320D: parseFiles (parseFiles.c:39)
==11039==    by 0x4E48FA7: parseSpec (parseSpec.c:625)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfd605f0 is 16 bytes inside a block of size 17 alloc'd
==11039==    at 0x4C2C87C: malloc (vg_replace_malloc.c:270)
==11039==    by 0x6F9D79E: ??? (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x6F9E6B5: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.0)
==11039==    by 0x4E4320D: parseFiles (parseFiles.c:39)
==11039==    by 0x4E48FA7: parseSpec (parseSpec.c:625)
==11039==    by 0x402B30: buildForTarget.constprop.1 (rpmbuild.c:447)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 

==11039== Invalid read of size 1
==11039==    at 0x4C2D1E2: strlen (mc_replace_strmem.c:404)
==11039==    by 0x506CA98: dataLength (header.c:363)
==11039==    by 0x506E992: headerPut (header.c:1461)
==11039==    by 0x506C37D: headerPutType (headerutil.c:188)
==11039==    by 0x506C84C: headerPutString (headerutil.c:208)
==11039==    by 0x4E3D065: genCpioListAndHeader (files.c:1111)
==11039==    by 0x4E3F624: processBinaryFiles (files.c:1918)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd
==11039==    at 0x4C2B7E6: free (vg_replace_malloc.c:446)
==11039==    by 0x54E6DE1: rpmExpand (macro.c:1579)
==11039==    by 0x54EE387: rpmGetPath (rpmfileutil.c:527)
==11039==    by 0x54EE418: rpmGenPath (rpmfileutil.c:467)
==11039==    by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615)
==11039==    by 0x4E40447: processBinaryFiles (files.c:1896)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 1
==11039==    at 0x4C2D1F4: strlen (mc_replace_strmem.c:404)
==11039==    by 0x506CA98: dataLength (header.c:363)
==11039==    by 0x506E992: headerPut (header.c:1461)
==11039==    by 0x506C37D: headerPutType (headerutil.c:188)
==11039==    by 0x506C84C: headerPutString (headerutil.c:208)
==11039==    by 0x4E3D065: genCpioListAndHeader (files.c:1111)
==11039==    by 0x4E3F624: processBinaryFiles (files.c:1918)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfcb38c1 is 1 bytes inside a block of size 30 free'd
==11039==    at 0x4C2B7E6: free (vg_replace_malloc.c:446)
==11039==    by 0x54E6DE1: rpmExpand (macro.c:1579)
==11039==    by 0x54EE387: rpmGetPath (rpmfileutil.c:527)
==11039==    by 0x54EE418: rpmGenPath (rpmfileutil.c:467)
==11039==    by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615)
==11039==    by 0x4E40447: processBinaryFiles (files.c:1896)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 1
==11039==    at 0x506C9D0: copyData (header.c:1368)
==11039==    by 0x506E9D1: headerPut (header.c:1473)
==11039==    by 0x506C37D: headerPutType (headerutil.c:188)
==11039==    by 0x506C84C: headerPutString (headerutil.c:208)
==11039==    by 0x4E3D065: genCpioListAndHeader (files.c:1111)
==11039==    by 0x4E3F624: processBinaryFiles (files.c:1918)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd
==11039==    at 0x4C2B7E6: free (vg_replace_malloc.c:446)
==11039==    by 0x54E6DE1: rpmExpand (macro.c:1579)
==11039==    by 0x54EE387: rpmGetPath (rpmfileutil.c:527)
==11039==    by 0x54EE418: rpmGenPath (rpmfileutil.c:467)
==11039==    by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615)
==11039==    by 0x4E40447: processBinaryFiles (files.c:1896)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid read of size 1
==11039==    at 0x506C9DD: copyData (header.c:1369)
==11039==    by 0x506E9D1: headerPut (header.c:1473)
==11039==    by 0x506C37D: headerPutType (headerutil.c:188)
==11039==    by 0x506C84C: headerPutString (headerutil.c:208)
==11039==    by 0x4E3D065: genCpioListAndHeader (files.c:1111)
==11039==    by 0x4E3F624: processBinaryFiles (files.c:1918)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfcb38c0 is 0 bytes inside a block of size 30 free'd
==11039==    at 0x4C2B7E6: free (vg_replace_malloc.c:446)
==11039==    by 0x54E6DE1: rpmExpand (macro.c:1579)
==11039==    by 0x54EE387: rpmGetPath (rpmfileutil.c:527)
==11039==    by 0x54EE418: rpmGenPath (rpmfileutil.c:467)
==11039==    by 0x4E3DD3D: processBinaryFile.isra.7 (files.c:1615)
==11039==    by 0x4E40447: processBinaryFiles (files.c:1896)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039== 
==11039== Invalid free() / delete / delete[] / realloc()
==11039==    at 0x4C2B7E6: free (vg_replace_malloc.c:446)
==11039==    by 0x4E3C596: FileRecordsFree (files.c:1239)
==11039==    by 0x4E3F657: processBinaryFiles (files.c:1249)
==11039==    by 0x4E3B600: buildSpec (build.c:254)
==11039==    by 0x402B69: buildForTarget.constprop.1 (rpmbuild.c:457)
==11039==    by 0x402E22: build.constprop.0 (rpmbuild.c:490)
==11039==    by 0x401FC2: main (rpmbuild.c:625)
==11039==  Address 0xfcb38c0 is not stack'd, malloc'd or (recently) free'd
==11039== 

And from a core dump from a local mock build:

#0  0x00007f992d6caa8d in malloc_consolidate () from /lib64/libc.so.6
#1  0x00007f992d6cb6c8 in _int_free () from /lib64/libc.so.6
#2  0x00007f993019e5a6 in FileRecordsFree (files=files@entry=0x7fff063ce908) at files.c:1241
#3  0x00007f99301a1658 in FileListFree (fl=0x7fff063ce8e0) at files.c:1249
#4  processPackageFiles (test=0, installSpecialDoc=4, pkg=<optimized out>, pkgFlags=0, spec=0x2094150) at files.c:1921
#5  processBinaryFiles (spec=spec@entry=0x2094150, pkgFlags=0, installSpecialDoc=installSpecialDoc@entry=4, test=test@entry=0)
    at files.c:2118
#6  0x00007f993019d601 in buildSpec (buildArgs=buildArgs@entry=0x605a00 <rpmBTArgs>, spec=spec@entry=0x2094150, what=159) at build.c:254
#7  0x00007f993019d7c1 in rpmSpecBuild (spec=spec@entry=0x2094150, buildArgs=buildArgs@entry=0x605a00 <rpmBTArgs>) at build.c:302
#8  0x0000000000402b6a in buildForTarget (ts=ts@entry=0x2094ba0, arg=arg@entry=0x7fff063cf953 "glibc.spec", ba=0x605a00 <rpmBTArgs>)
    at rpmbuild.c:457
#9  0x0000000000402e23 in build (ts=ts@entry=0x2094ba0, arg=0x7fff063cf953 "glibc.spec", rcfile=0x0, ba=0x605a00 <rpmBTArgs>)
    at rpmbuild.c:490
#10 0x0000000000401fc3 in main (argc=<optimized out>, argv=<optimized out>) at rpmbuild.c:625
(

Comment 1 Panu Matilainen 2012-11-17 10:04:42 UTC

Apologies for not seeing this earlier. In case of major failures like this, it's probably best to drop a note to fedora-devel so more people (including rel-eng) know about it.

Thanks for reporting, I'll look into this ASAP (hopefully later today), but in the meanwhile I've untagged the new rpm from rawhide.

Comment 2 Panu Matilainen 2012-11-17 17:17:54 UTC

It turned out to be a silly refactoring mistake causing double-free on %caps, which explains why most packages were not affected.

Fixed in rawhide now (rpm-4.10.90-0.git11989.2.fc19)

Comment 3 Panu Matilainen 2012-11-17 17:18:43 UTC

*** Bug 877568 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.