Bug 972646 - Segmentation fault of rpm -E
Segmentation fault of rpm -E
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: packaging-team-maint
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-10 06:28 EDT by Christopher Meng
Modified: 2013-08-07 11:34 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-20 04:48:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher Meng 2013-06-10 06:28:07 EDT
Description of problem:
Running this command will cause a weird problem:

[root@fab log]# rpm -E %{lua}
Segmentation fault (core dumped)

However this should not be happened as if I run this:

[root@fab log]# rpm -E %{luaa}
%{luaa}

As you can see, it returns the input, but it seems that %{lua} is a special case.

Version-Release number of selected component (if applicable):
rpm-4.11.0.1-7.fc20
Comment 1 Nicolas Chauvet (kwizart) 2013-06-10 06:35:06 EDT
I can reproduce on f18 x86_64
# rpm -E %{lua}
Segmentation fault (core dumped)
# rpm -E %{optflags}
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m64 -mtune=generic
Comment 2 Panu Matilainen 2013-06-10 06:54:09 EDT
%{lua} is indeed special as its used to invoke rpm's embedded lua interpreter, eg:

[pmatilai@localhost ~]$ rpm --eval "%{lua:print(1+2)}"
3
[pmatilai@localhost ~]$

And yes its reproducable all the way back to rpm 4.3.x where the embedded lua interpreter was introduced, its just missing some sanity checks. Will fix.
Comment 3 Christopher Meng 2013-06-10 07:00:26 EDT
(In reply to Panu Matilainen from comment #2)
> %{lua} is indeed special as its used to invoke rpm's embedded lua
> interpreter, eg:
> 
> [pmatilai@localhost ~]$ rpm --eval "%{lua:print(1+2)}"
> 3
> [pmatilai@localhost ~]$
> 
> And yes its reproducable all the way back to rpm 4.3.x where the embedded
> lua interpreter was introduced, its just missing some sanity checks. Will
> fix.

Thanks, it's my first time to know about that.
Comment 4 Panu Matilainen 2013-06-10 07:56:46 EDT
Fixed upstream now:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=43a34e155432354454ba11b2d9decf86cfba26a6

Oh and thanks for reporting, its amazing how long bugs can stay dormant sometimes, close to decade in this case :)
Comment 5 Panu Matilainen 2013-06-10 08:34:25 EDT
Hmm, except that turns out to be not so good a fix as it behaves differently from other built-ins afterall.

Anyway, just use a non-reserved macro name to avoid the issue, defining and using %{lua} for your own purposes is not going to work.
Comment 6 Panu Matilainen 2013-06-20 04:48:20 EDT
The segfault is fixed in rpm-4.11.1-0.rc2.1.fc20.
Comment 7 devzero2000 2013-08-07 08:47:44 EDT
The segfault was fixed with commit 43a34e155432354454ba11b2d9decf86cfba26a6
but reverted here f173f747cda11e3f6778d2553fcb0db4b4e1d571

I think that the bug is open again now
Comment 8 Panu Matilainen 2013-08-07 08:50:49 EDT
(In reply to devzero2000 from comment #7)
> The segfault was fixed with commit 43a34e155432354454ba11b2d9decf86cfba26a6
> but reverted here f173f747cda11e3f6778d2553fcb0db4b4e1d571
> 
> I think that the bug is open again now

No. The initial fix was reverted and replaced with a better one.
Comment 9 devzero2000 2013-08-07 11:34:43 EDT
I am sorry. My bad. I've seen it now (ae5795897159319923b60f5c141a2ae5aa6f8d68). 

Thanks

Note You need to log in before you can comment on or make changes to this bug.