+++ This bug was initially created as a clone of Bug #212833 +++ From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.8.0.7) Gecko/20061011 Fedora/1.5.0.7-7.fc6 Firefox/1.5.0.7 Description of problem: RPM crashes when trying to show info/listing/changelog of sylpheed-claws package from extras. Version-Release number of selected component (if applicable): rpm-4.4.2-32.x86_64 How reproducible: Always Steps to Reproduce: 1. Download sylpheed-claws package "wget http://redhat.download.fedoraproject.org/pub/fedora/linux/extras/6/x86_64/sylpheed-claws-2.5.6-1.fc6.x86_64.rpm" 2. Do "rpm -qipvl --changelog sylpheed-claws-2.5.6-1.fc6.x86_64.rpm" 3. Observe the crash after last file from package is listed Actual Results: *** glibc detected *** /usr/lib/rpm/rpmq: double free or corruption (!prev): 0x000000000065b640 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3e3bc6ea60] /lib64/libc.so.6(cfree+0x8c)[0x3e3bc7217c] /usr/lib64/librpm-4.4.so(showQueryPackage+0x10a)[0x356c02924a] /usr/lib64/librpm-4.4.so[0x356c027f1e] /usr/lib64/librpm-4.4.so(rpmQueryVerify+0xae)[0x356c02848e] /usr/lib64/librpm-4.4.so(rpmcliArgIter+0x12a)[0x356c028e6a] /usr/lib64/librpm-4.4.so(rpmcliQuery+0xa2)[0x356c029062] /usr/lib/rpm/rpmq[0x401fe8] /lib64/libc.so.6(__libc_start_main+0xf4)[0x3e3bc1da44] /usr/lib/rpm/rpmq[0x401779] ======= Memory map: ======== 00400000-00403000 r-xp 00000000 08:06 1529712 /usr/lib/rpm/rpmq 00602000-00605000 rw-p 00002000 08:06 1529712 /usr/lib/rpm/rpmq 00605000-0068b000 rw-p 00605000 00:00 0 [heap] 356ac00000-356ac77000 r-xp 00000000 08:06 2248411 /usr/lib64/librpmio-4.4.so 356ac77000-356ae77000 ---p 00077000 08:06 2248411 /usr/lib64/librpmio-4.4.so 356ae77000-356ae7c000 rw-p 00077000 08:06 2248411 /usr/lib64/librpmio-4.4.so 356ae7c000-356ae9f000 rw-p 356ae7c000 00:00 0 356b000000-356b029000 r-xp 00000000 08:06 2248409 /usr/lib64/libbeecrypt.so.6.4.0 356b029000-356b228000 ---p 00029000 08:06 2248409 /usr/lib64/libbeecrypt.so.6.4.0 356b228000-356b22c000 rw-p 00028000 08:06 2248409 /usr/lib64/libbeecrypt.so.6.4.0 356b400000-356b458000 r-xp 00000000 08:06 2248412 /usr/lib64/libsqlite3.so.0.8.6 356b458000-356b658000 ---p 00058000 08:06 2248412 /usr/lib64/libsqlite3.so.0.8.6 356b658000-356b65a000 rw-p 00058000 08:06 2248412 /usr/lib64/libsqlite3.so.0.8.6 356b800000-356b81e000 r-xp 00000000 08:06 2248410 /usr/lib64/libneon.so.25.0.5 356b81e000-356ba1d000 ---p 0001e000 08:06 2248410 /usr/lib64/libneon.so.25.0.5 356ba1d000-356ba1f000 rw-p 0001d000 08:06 2248410 /usr/lib64/libneon.so.25.0.5 356bc00000-356bd0d000 r-xp 00000000 08:06 2248413 /usr/lib64/librpmdb-4.4.so 356bd0d000-356bf0c000 ---p 0010d000 08:06 2248413 /usr/lib64/librpmdb-4.4.so 356bf0c000-356bf13000 rw-p 0010c000 08:06 2248413 /usr/lib64/librpmdb-4.4.so 356bf13000-356bf14000 rw-p 356bf13000 00:00 0 356c000000-356c058000 r-xp 00000000 08:06 2248444 /usr/lib64/librpm-4.4.so 356c058000-356c257000 ---p 00058000 08:06 2248444 /usr/lib64/librpm-4.4.so 356c257000-356c25d000 rw-p 00057000 08:06 2248444 /usr/lib64/librpm-4.4.so 356c25d000-356c28f000 rw-p 356c25d000 00:00 0 356c400000-356c422000 r-xp 00000000 08:06 2248250 /usr/lib64/librpmbuild-4.4.so 356c422000-356c622000 ---p 00022000 08:06 2248250 /usr/lib64/librpmbuild-4.4.so 356c622000-356c625000 rw-p 00022000 08:06 2248250 /usr/lib64/librpmbuild-4.4.so 356c625000-356c633000 rw-p 356c625000 00:00 0 356d600000-356d725000 r-xp 00000000 08:03 63959 /lib64/libcrypto.so.0.9.8b 356d725000-356d924000 ---p 00125000 08:03 63959 /lib64/libcrypto.so.0.9.8b 356d924000-356d943000 rw-p 00124000 08:03 63959 /lib64/libcrypto.so.0.9.8b 356d943000-356d947000 rw-p 356d943000 00:00 0 356de00000-356de43000 r-xp 00000000 08:03 64009 /lib64/libssl.so.0.9.8b 356de43000-356e043000 ---p 00043000 08:03 64009 /lib64/libssl.so.0.9.8b 356e043000-356e049000 rw-p 00043000 08:03 64009 /lib64/libssl.so.0.9.8b 3e3ac00000-3e3ac1a000 r-xp 00000000 08:03 63998 /lib64/ld-2.5.so 3e3ae19000-3e3ae1a000 r--p 00019000 08:03 63998 /lib64/ld-2.5.so 3e3ae1a000-3e3ae1b000 rw-p 0001a000 08:03 63998 /lib64/ld-2.5.so 3e3b000000-3e3b015000 r-xp 00000000 08:03 64239 /lib64/libselinux.so.1 3e3b015000-3e3b214000 ---p 00015000 08:03 64239 /lib64/libselinux.so.1 3e3b214000-3e3b216000 rw-p 00014000 08:03 64239 /lib64/libselinux.so.1 3e3b216000-3e3b217000 rw-p 3e3b216000 00:00 0 3e3b400000-3e3b43b000 r-xp 00000000 08:03 64238 /lib64/libsepol.so.1 3e3b43b000-3e3b63b000 ---p 0003b000 08:03 64238 /lib64/libsepol.so.1 3e3b63b000-3e3b63c000 rw-p 0003b000 08:03 64238 /lib64/libsepol.so.1 3e3b63c000-3e3b646000 rw-p 3e3b63c000 00:00 0 3e3b800000-3e3b811000 r-xp 00000000 08:06 2247759 /usr/lib64/libelf-0.123.so 3e3b811000-3e3ba11000 ---p 00011000 08:06 2247759 /usr/lib64/libelf-0.123.so 3e3ba11000-3e3ba12000 rw-p 00011000 08:06 2247759 /usr/lib64/libelf-0.123.so 3e3bc00000-3e3bd44000 r-xp 00000000 08:03 63999 /lib64/libc-2.5.so 3e3bd44000-3e3bf44000 ---p 00144000 08:03 63999 /lib64/libc-2.5.so 3e3bf44000-3e3bf48000 r--p 00144000 08:03 63999 /lib64/libc-2.5.so 3e3bf48000-3e3bf49000 rw-p 00148000 08:03 63999 /lib64/libc-2.5.so 3e3bf49000-3e3bf4e000 rw-p 3e3bf49000 00:00 0 3e3c000000-3e3c082000 r-xp 00000000 08:03 64222 /lib64/libm-2.5.so 3e3c082000-3e3c281000 ---p 00082000 08:03 64222 /lib64/libm-2.5.so 3e3c281000-3e3c282000 r--p 00081000 08:03 64222 /lib64/libm-2.5.so 3e3c282000-3e3c283000 rw-p 00082000 08:03 64222 /lib64/libm-2.5.so 3e3c400000-3e3c403000 r-xp 00000000 08:03 64227 /lib64/libdl-2.5.so 3e3c403000-3e3c602000 ---p 00003000 08:03 64227 /lib64/libdl-2.5.so 3e3c602000-3e3c603000 r--p 00002000 08:03 64227 /lib64/libdl-2.5.so 3e3c603000-3e3c604000 rw-p 00003000 08:03 64227 /lib64/libdl-2.5.so 3e3c800000-3e3c815000 r-xp 00000000 08:03 64223 /lib64/libpthread-2.5.so 3e3c815000-3e3ca14000 ---p 00015000 08:03 64223 /lib64/libpthread-2.5.so 3e3ca14000-3e3ca15000 r--p 00014000 08:03 64223 /lib64/libpthread-2.5.so 3e3ca15000-3e3ca16000 rw-p 00015000 08:03 64223 /lib64/libpthread-2.5.so 3e3ca16000-3e3ca1a000 rw-p 3e3ca16000 00:00 0 3e3cc00000-3e3cc14000 r-xp 00000000 08:06 2247696 /usr/lib64/libz.so.1.2.3 3e3cc14000-3e3ce13000 ---p 00014000 08:06 2247696 /usr/lib64/libz.so.1.2.3 3e3ce13000-3e3ce14000 rw-p 00013000 08:06 2247696 /usr/lib64/libz.so.1.2.3 3e3d000000-3e3d008000 r-xp 00000000 08:03 64224 /lib64/librt-2.5.so 3e3d008000-3e3d207000 ---p 00008000 08:03 64224 /lib64/librt-2.5.so 3e3d207000-3e3d208000 r--p 00007000 08:03 64224 /lib64/librt-2.5.so 3e3d208000-3e3d209000 rw-p 00008000 08:03 64224 /lib64/librt-2.5.so 3e3f000000-3e3f020000 r-xp 00000000 08:03 64229 /lib64/libexpat.so.0.5.0 3e3f020000-3e3f21f000 ---p 00020000 08:03 64229 /lib64/libexpat.so.0.5.0 3e3f21f000-3e3f222000 rw-p 0001f000 08:03 64229 /lib64/libexpat.so.0.5.0 3e43a00000-3e43a11000 r-xp 00000000 08:03 64234 /lib64/libresolv-2.5.so 3e43a11000-3e43c11000 ---p 00011000 08:03 64234 /lib64/libresolv-2.5.so 3e43c11000-3e43c12000 r--p 00011000 08:03 64234 /lib64/libresolv-2.5.so 3e43c12000-3e43c13000 rw-p 00012000 08:03 64234 /lib64/libresolv-2.5.so 3e43c13000-3e43c15000 rw-p 3e43c13000 00:00 0 3e44200000-3e44202000 r-xp 00000000 08:03 64235 /lib64/libcom_err.so.2.1 3e44202000-3e44401000 ---p 00002000 08:03 64235 /lib64/libcom_err.so.2.1 3e44401000-3e44402000 rw-p 00001000 08:03 64235 /lib64/libcom_err.so.2.1 3e44a00000-3e44a29000 r-xp 00000000 08:06 2247725 /usr/lib64/libgssapi_krb5.so.2.2 3e44a29000-3e44c28000 ---p 00029000 08:06 2247725 /usr/lib64/libgssapi_krb5.so.2.2 3e44c28000-3e44c2a000 rw-p 00028000 08:06 2247725 /usr/lib64/libgssapi_krb5.so.2.2 3e45200000-3e45223000 r-xp 00000000 08:06 2247723 /usr/lib64/libk5crypto.so.3.0 3e45223000-3e45423000 ---p 00023000 08:06 2247723 /usr/lib64/libk5crypto.so.3.0 3e45423000-3e45425000 rw-p 00023000 08:06 2247723 /usr/lib64/libk5crypto.so.3.0 3e45e00000-3e45e07000 r-xp 00000000 08:06 2247722 /usr/lib64/libkrb5support.so.0.1 3e45e07000-3e46006000 ---p 00007000 08:06 2247722 /usr/lib64/libkrb5support.so.0.1 3e46006000-3e46007000 rw-p 00006000 08:06 2247722 /usr/lib64/libkrb5support.so.0.1 3e46600000-3e46683000 r-xp 00000000 08:06 2247724 /usr/lib64/libkrb5.so.3.2 3e46683000-3e46883000 ---p 00083000 08:06 2247724 /usr/lib64/libkrb5.so.3.2 3e46883000-3e46887000 rw-p 00083000 08:06 2247724 /usr/lib64/libkrb5.so.3.2 3e47200000-3e47207000 r-xp 00000000 08:06 2247735 /usr/lib64/libpopt.so.0.0.0 3e47207000-3e47407000 ---p 00007000 08:06 2247735 /usr/lib64/libpopt.so.0.0.0 3e47407000-3e47408000 rw-p 00007000 08:06 2247735 /usr/lib64/libpopt.so.0.0.0 3e4aa00000-3e4aa0d000 r-xp 00000000 08:03 64242 /lib64/libgcc_s-4.1.1-20061011.so.1 3e4aa0d000-3e4ac0c000 ---p 0000d000 08:03 64242 /lib64/libgcc_s-4.1.1-20061011.so.1 3e4ac0c000-3e4ac0d000 rw-p 0000c000 08:03 64242 /lib64/libgcc_s-4.1.1-20061011.so.1 3e4be00000-3e4bee7000 r-xp 00000000 08:06 2247753 /usr/lib64/libstdc++.so.6.0.8 3e4bee7000-3e4c0e7000 ---p 000e7000 08:06 2247753 /usr/lib64/libstdc++.so.6.0.8 3e4c0e7000-3e4c0ed000 r--p 000e7000 08:06 2247753 /usr/lib64/libstdc++.so.6.0.8 3e4c0ed000-3e4c0f0000 rw-p 000ed000 08:06 2247753 /usr/lib64/libstdc++.so.6.0.8 3e4c0f0000-3e4c102000 rw-p 3e4c0f0000 00:00 0 3e4da00000-3e4da0f000 r-xp 00000000 08:06 2247756 /usr/lib64/libbz2.so.1.0.3 3e4da0f000-3e4dc0e000 ---p 0000f000 08:06 2247756 /usr/lib64/libbz2.so.1.0.3 3e4dc0e000-3e4dc10000 rw-p 0000e000 08:06 2247756 /usr/lib64/libbz2.so.1.0.3 2aaaaaaab000-2aaaaaaac000 rw-p 2aaaaaaab000 00:00 0 2aaaaaac8000-2aaaaaad5000 rw-p 2aaaaaac8000 00:00 0 2aaaaaad5000-2aaaadfca000 r--p 00000000 08:06 1434310 /usr/lib/locale/locale-archive 2aaaadfca000-2aaaadfdb000 r--p 00000000 08:06 2611319 /usr/share/locale/ru/LC_MESSAGES/rpm.mo 2aaaadfdb000-2aaaadfe2000 r--s 00000000 08:06 2245790 /usr/lib64/gconv/gconv-modules.cache 2aaaadfe2000-2aaaadfe4000 r-xp 00000000 08:06 2245755 /usr/lib64/gconv/KOI8-R.so 2aaaadfe4000-2aaaae1e3000 ---p 00002000 08:06 2245755 /usr/lib64/gconv/KOI8-R.so 2aaaae1e3000-2aaaae1e5000 rw-p 00001000 08:06 2245755 /usr/lib64/gconv/KOI8-R.so 2aaaae1e5000-2aaaae29b000 r--p 00000000 08:06 2608472 /usr/share/locale/en_US/LC_MESSAGES/redhat-dist.mo 2aaaae29b000-2aaaae29c000 rw-p 2aaaae29b000 00:00 0 2aaab0000000-2aaab0021000 rw-p 2aaab0000000 00:00 0 2aaab0021000-2aaab4000000 ---p 2aaab0021000 00:00 0 7fff9cf84000-7fff9cfb1000 rw-p 7fff9cf84000 00:00 0 [stack] ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso] Expected Results: No crash Additional info: You can observe the same by doing "less sylpheed-claws-2.5.6-1.fc6.x86_64.rpm" (that's how I noticed this BTW). Maybe the package is broken and bug should be filled against sylpheed-claws instead, but rpm shouldn't crash anyway. -- Additional comment from n3npq on 2006-10-29 12:24 EST -- Here's what I see: $ rpm --version RPM version 4.4.8 $ rpm -qipvl --changelog sylpheed-claws-2.5.6-1.fc6.x86_64.rpm > /tmp/foo $ uname -a Linux wellfleet.jbj.org 2.6.17-1.2532.fc6PAE #1 SMP Tue Aug 8 20:59:36 EDT 2006 i686 i686 i386 GNU/Linux i.e. no segfault (not that I was expecting to be able to reproduce). If the segfault is reproducible, can you try running under valgind please? NEEDINFO -- Additional comment from n3npq on 2006-10-29 12:33 EST -- This command is what I mean (sorry for the typo) valgrind -v /usr/lib/rpm/rpmq -qipvl --changelog sylpheed-claws-2.5.6-1.fc6.x86_64.rpm -- Additional comment from Vladimir.MV on 2006-10-29 17:16 EST -- Created an attachment (id=139682) rpm output under valgrind -- Additional comment from Vladimir.MV on 2006-10-29 17:17 EST -- Well, you are using rpm 4.4.8, probably that makes a difference ;) But we are not talking about rawhide or something, just plain fc6... Valgrind output attached. -- Additional comment from Vladimir.MV on 2006-10-29 17:22 EST -- New information: this doesn't happen under C or English locale. It happens at least under Russian UTF-8 locale, though. So "LANG=C rpm ..." doesn't crash, but "LANG=ru_RU.UTF-8 rpm ..." does. -- Additional comment from n3npq on 2006-10-29 21:52 EST -- Ah, there it is, reproduced with 4.4.8. The LANG=ru_RU.UTF-8 was the hint I needed, thanks. Fixed in rpm cvs, will be in rpm-4.4.8-0.2 when built. UPSTREAM -- Additional comment from bressers on 2006-10-30 09:55 EST -- Created an attachment (id=139715) Patch dug out of upstream CVS -- Additional comment from bressers on 2006-10-31 21:32 EST -- This issue looks to be a heap buffer overflow. The data scribbled onto the heap is random text from the RPM file. I'm not able to reproduce this issue with any language other than LANG=ru_RU.UTF-8. This fact mitigates the potential damage this bug could cause, therefore I'm assigning it low severity. This issue should also affect RHEL3
User pnasrat's account has been closed
Statement: Red Hat non longer plans to fix this flaw in Red Hat Enterprise Linux 4.