Created attachment 718207 [details] test file 1 Description of problem: The compiler/linker on CentOS 6.? produces a shared object that seems to upset /usr/lib/rpm/debugedit. Version-Release number of selected component (if applicable): gcc-4.4.6-3.el6.x86_64 binutils-2.20.51.0.2-5.28.el6.x86_64 All rpm versions at hand rpm-4.8.0-32.el6.x86_64 (C6) rpm-4.10.2-2.1.1.x86_64 (openSUSE_12.3) rpm f398b09772a25fb930e89a4584d6d5b9461ba391 (git) Steps to Reproduce: 1. /usr/lib/rpm/debugedit libxlocale.so Actual results: Segmentation fault Expected results: exit with status 0 Additional info: GDB trace: -bash-4.1$ LD_LIBRARY_PATH=$PWD/rpmio/.libs gdb .libs/debugedit # /home/abuild/rpmbuild/BUILDROOT/nx-libs-3.5.0.17-0.x86_64//usr/lib64/nx/X11/libxlocale.so.2 GNU gdb (GDB) Red Hat Enterprise Linux (7.2-50.el6) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/abuild/rpm.git/.libs/debugedit...done. (gdb) b edit_dwarf2_line Breakpoint 1 at 0x40281a: file tools/debugedit.c, line 474. (gdb) r /home/abuild/rpmbuild/BUILDROOT/nx-libs-3.5.0.17-0.x86_64//usr/lib64/nx/X11/libxlocale.so.2 Starting program: /home/abuild/rpm.git/.libs/debugedit /home/abuild/rpmbuild/BUILDROOT/nx-libs-3.5.0.17-0.x86_64//usr/lib64/nx/X11/libxlocale.so.2 [Thread debugging using libthread_db enabled] Breakpoint 1, edit_dwarf2_line (dso=0x60ba40, off=0, comp_dir=0x60cc50 "/home/abuild/rpmbuild/BUILD/nx-libs-3.5.0.17/nx-X11/lib/X11/xlibi18n/lc/xlocale", phase=0) at tools/debugedit.c:474 474 { Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 elfutils-libelf-0.152-1.el6.x86_64 glibc-2.12-1.47.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 nspr-4.8.8-3.el6.x86_64 nss-3.12.10-16.el6.x86_64 nss-util-3.12.10-2.el6.x86_64 popt-1.13-7.el6.x86_64 xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_64 zlib-1.2.3-27.el6.x86_64 (gdb) n 475 unsigned char *ptr = debug_sections[DEBUG_LINE].data, *dir; (gdb) 477 unsigned char *endsec = ptr + debug_sections[DEBUG_LINE].size; (gdb) p ptr $1 = (unsigned char *) 0x0 (gdb) n 481 size_t comp_dir_len = strlen (comp_dir); (gdb) 482 size_t abs_file_cnt = 0, abs_dir_cnt = 0; (gdb) n 484 if (phase != 0) (gdb) 487 ptr += off; (gdb) p off $2 = 0 (gdb) n 489 endcu = ptr + 4; (gdb) 490 endcu += read_32 (ptr); (gdb) p ptr $3 = (unsigned char *) 0x0 (gdb) n Program received signal SIGSEGV, Segmentation fault. 0x0000000000401c8e in buf_read_ule32 (data=0x0) at tools/debugedit.c:112 112 return data[0] | (data[1] << 8) | (data[2] << 16) | (data[3] << 24);
Created attachment 718208 [details] one of the component files of the .so (built with C6 gcc-4.4.6) While one probably does not normally pass .o files to debugedit, it also makes it crash, which points that the section problem - if it really is any - is merely carried over from the .o files into the .so.
More observations: debugedit always crashed unless -b and -d were specified with some directory. debugedit anyfile.o ## crash debugedit -b . -d . anyfile.o ## succeed With attachment 718208 [details] as object file, debugedit also crashes when -b and -d is specified.
Avoiding crash on NULL pointer dereference would be easy enough, but figuring out what's actually wrong with the file (and what should debugedit do about it if not just ignore the NULL) is well beyond my limited knowledge of elf/dwarf stuff... Roland/Jakub, care to have a look?
Oh well, fixed in rpm >= 4.11.1 by just skipping the NULL section entirely.