Bug #648432 “rpmdeps with no input segfaults at rpmfc.c:1257” : Bugs : RPM

Revision history for this message

In Red Hat Bugzilla #637357, Jens (jens-redhat-bugs) wrote on 2010-09-25:

#3

Description of problem:
rpmdeps segfaults if it is run with empty stdin.

Version-Release number of selected component (if applicable):
rpm-4.8.1-2.fc13

How reproducible:
every time

Steps to Reproduce:
$ echo -n | /usr/lib/rpm/rpmdeps

Actual results:
Segmentation fault (core dumped)

Expected results:
no segfault

Additional info:
Probably also happens in F14 - haven't tested yet.

Revision history for this message

In Red Hat Bugzilla #637357, Jens (jens-redhat-bugs) wrote on 2010-09-25:

#4

Download full text (5.1 KiB)

[New Thread 23188]
Core was generated by `/usr/lib/rpm/rpmdeps --provides'.
Program terminated with signal 11, Segmentation fault.
#0 0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
1257 rpmfc.c: No such file or directory.
in rpmfc.c

Thread 1 (Thread 23188):
#0 0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
        fcat = <value optimized out>
        s = <value optimized out>
        se = <value optimized out>
        ds = <value optimized out>
        N = <value optimized out>
        EVR = <value optimized out>
        deptype = <value optimized out>
        nddict = <value optimized out>
        previx = <value optimized out>
        dix = <value optimized out>
        ix = <value optimized out>
        i = <value optimized out>
        skipping = 0
#1 0x0000000000401122 in main (argc=<value optimized out>,
    argv=<value optimized out>) at tools/rpmdeps.c:89
        optCon = 0x21fb130
        av = 0x0
        fc = 0x2243740
        ac = <value optimized out>
        ec = 1
        buf = "\000\000\026\301APx\000\300KK\360\377\177\000\000\060LK\360\377\177\000\000\005\000\000\000\000\000\000\000\300.K\360\377\177\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000]\302 (<", '\000' <repeats 27 times>"\246, \340 (<\000\000\000\270\377A(<\000\000\000\350KK\360\377\177\000\000\360KK\360\377\177\000\000\377KK\360\377\177\000\000 \302 (<\000\000\000\300KK\360\377\177\000\000\000\000\000\000\000\000\000\000x6@\"=\000\000\000\060LK\360\377\177\000\000D\312 (<\000\000\000\000\360\322\277\006\177\000\000\310$\323\277\006\177\000\000\000\000\000\000\000\000\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000\000\000 [\226\340\377\377\000\000\026\301APx", '\000' <repeats 49 times>"\300, KK\360\377\177\000\000\060LK\360\377\177\000\000\000\000\000\000\000\000\000\000\320/K\360\377\177\000\000"...
From To Syms Read Shared Object Library
0x0000003a6fe14b50 0x0000003a6fe512e8 Yes /usr/lib64/librpm.so.1
0x0000003a6fa0b720 0x0000003a6fa226d8 Yes /usr/lib64/librpmio.so.1
0x0000003a702089e0 0x0000003a7021d548 Yes /usr/lib64/librpmbuild.so.1
0x00000037f2605610 0x00000037f2615708 Yes /lib64/libselinux.so.1
0x0000003c2ba01330 0x0000003c2ba02c48 Yes /lib64/libcap.so.2
0x00000033c7401d30 0x00000033c7405c08 Yes /lib64/libacl.so.1
0x0000003c2b6238c0 0x0000003c2b74b588 Yes /lib64/libdb-4.8.so
0x0000003d23218430 0x0000003d232fc708 Yes /usr/lib64/libnss3.so
0x0000003c38201630 0x0000003c3820dcc8 Yes /lib64/libbz2.so.1
0x0000003c29601ef0 0x0000003c2960d228 Yes /lib64/libz.so.1
0x0000003c34a025d0 0x0000003c34a169a8 Yes /usr/lib64/liblzma.so.0
0x0000003a72606d80 0x0000003a72621c28 Yes /usr/lib64/liblua-5.1.so
0x0000003035c03ea0 0x0000003035c43fa8 Yes /lib64/libm.so.6
0x0000003c2be029d0 0x0000003c2be0f758 Yes (*) /usr/lib64/libelf.so.1
0x0000003a64803dc0 0x0000003a648153e8 Yes /usr/lib64/libmagic.so.1
0x0000003c3b601b10 0x0000003c3b606ee8 Yes /lib64/libpopt.so.0
0x0000003c29a02140 0x0000003c29a055a8 Yes /lib6...

[New Thread 23188]
Core was generated by `/usr/lib/rpm/rpmdeps --provides'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
1257	rpmfc.c: No such file or directory.
	in rpmfc.c

Thread 1 (Thread 23188):
#0  0x0000003a702192cc in rpmfcApply (fc=0x2243740) at rpmfc.c:1257
        fcat = <value optimized out>
        s = <value optimized out>
        se = <value optimized out>
        ds = <value optimized out>
        N = <value optimized out>
        EVR = <value optimized out>
        deptype = <value optimized out>
        nddict = <value optimized out>
        previx = <value optimized out>
        dix = <value optimized out>
        ix = <value optimized out>
        i = <value optimized out>
        skipping = 0
#1  0x0000000000401122 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at tools/rpmdeps.c:89
        optCon = 0x21fb130
        av = 0x0
        fc = 0x2243740
        ac = <value optimized out>
        ec = 1
        buf = "\000\000\026\301APx\000\300KK\360\377\177\000\000\060LK\360\377\177\000\000\005\000\000\000\000\000\000\000\300.K\360\377\177\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000]\302 (<", '\000' <repeats 27 times>"\246, \340 (<\000\000\000\270\377A(<\000\000\000\350KK\360\377\177\000\000\360KK\360\377\177\000\000\377KK\360\377\177\000\000 \302 (<\000\000\000\300KK\360\377\177\000\000\000\000\000\000\000\000\000\000x6@\"=\000\000\000\060LK\360\377\177\000\000D\312 (<\000\000\000\000\360\322\277\006\177\000\000\310$\323\277\006\177\000\000\000\000\000\000\000\000\000\000\006\062\340\"=\000\000\000\000\000\323\277\006\177\000\000\000\000 [\226\340\377\377\000\000\026\301APx", '\000' <repeats 49 times>"\300, KK\360\377\177\000\000\060LK\360\377\177\000\000\000\000\000\000\000\000\000\000\320/K\360\377\177\000\000"...
From                To                  Syms Read   Shared Object Library
0x0000003a6fe14b50  0x0000003a6fe512e8  Yes         /usr/lib64/librpm.so.1
0x0000003a6fa0b720  0x0000003a6fa226d8  Yes         /usr/lib64/librpmio.so.1
0x0000003a702089e0  0x0000003a7021d548  Yes         /usr/lib64/librpmbuild.so.1
0x00000037f2605610  0x00000037f2615708  Yes         /lib64/libselinux.so.1
0x0000003c2ba01330  0x0000003c2ba02c48  Yes         /lib64/libcap.so.2
0x00000033c7401d30  0x00000033c7405c08  Yes         /lib64/libacl.so.1
0x0000003c2b6238c0  0x0000003c2b74b588  Yes         /lib64/libdb-4.8.so
0x0000003d23218430  0x0000003d232fc708  Yes         /usr/lib64/libnss3.so
0x0000003c38201630  0x0000003c3820dcc8  Yes         /lib64/libbz2.so.1
0x0000003c29601ef0  0x0000003c2960d228  Yes         /lib64/libz.so.1
0x0000003c34a025d0  0x0000003c34a169a8  Yes         /usr/lib64/liblzma.so.0
0x0000003a72606d80  0x0000003a72621c28  Yes         /usr/lib64/liblua-5.1.so
0x0000003035c03ea0  0x0000003035c43fa8  Yes         /lib64/libm.so.6
0x0000003c2be029d0  0x0000003c2be0f758  Yes (*)     /usr/lib64/libelf.so.1
0x0000003a64803dc0  0x0000003a648153e8  Yes         /usr/lib64/libmagic.so.1
0x0000003c3b601b10  0x0000003c3b606ee8  Yes         /lib64/libpopt.so.0
0x0000003c29a02140  0x0000003c29a055a8  Yes         /lib64/librt.so.1
0x0000003c28e05640  0x0000003c28e10e48  Yes         /lib64/libpthread.so.0
0x0000003c2861e9a0  0x0000003c2872b820  Yes         /lib64/libc.so.6
0x0000003c32602910  0x0000003c32612f48  Yes         /lib64/libgcc_s.so.1
0x0000003c29200de0  0x0000003c29201998  Yes         /lib64/libdl.so.2
0x0000003c28200af0  0x0000003c28218904  Yes         /lib64/ld-linux-x86-64.so.2
0x0000003c33201350  0x0000003c33203448  Yes         /lib64/libattr.so.1
0x0000003d22e08560  0x0000003d22e137e8  Yes         /usr/lib64/libnssutil3.so
0x0000003d222013d0  0x0000003d22202b08  Yes         /lib64/libplc4.so
0x0000003d22a00ea0  0x0000003d22a01d58  Yes         /lib64/libplds4.so
0x0000003d2260cf50  0x0000003d2262c6b8  Yes         /lib64/libnspr4.so
0x00007f06b9c6b110  0x00007f06b9c73258  Yes         /lib64/libnss_files.so.2
0x0000003d24604a10  0x0000003d2462dea8  Yes         /usr/lib64/libsoftokn3.so
0x0000003c3be08b20  0x0000003c3be758c8  Yes         /usr/lib64/libsqlite3.so.0
0x0000003d21a030c0  0x0000003d21a3d838  Yes         /usr/lib64/libfreebl3.so
(*): Shared library is missing debugging information.
$1 = 0x0
No symbol "__glib_assert_msg" in current context.
rax            0x0	0
rbx            0x2243740	35927872
rcx            0x66	102
rdx            0x0	0
rsi            0x0	0
rdi            0x2243740	35927872
rbp            0x0	0x0
rsp            0x7ffff04b2ca0	0x7ffff04b2ca0
r8             0x78	120
r9             0x101010101010101	72340172838076673
r10            0x78	120
r11            0x3c28682902	258375952642
r12            0x7ffff04b2d28	140737224846632
r13            0x21fb130	35631408
r14            0x0	0
r15            0x0	0
rip            0x3a702192cc	0x3a702192cc <rpmfcApply+28>
eflags         0x10206	[ PF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0
Dump of assembler code for function rpmfcApply:
[snipped]
Debuginfo absent: 8215cdc8f819283b3264e036728cdf5679ef4f83

Revision history for this message

In Red Hat Bugzilla #637357, Jindrich (jindrich-redhat-bugs) wrote on 2010-09-26:

#5

Fixed upstream for now. The crash was caused by dereferencing NULL pointer.

Revision history for this message

Jeff Johnson (n3npq) wrote on 2010-09-26:

#1

Fixed here:
http://bazaar.launchpad.net/~rpm5/rpm/rpm.org/revision/10323

tags:

added: rpmdeps segfault

Revision history for this message

Jeff Johnson (n3npq) wrote on 2010-10-07:

#2

And not a problem for @rpm5.org:

    [root@rhel6 rpm]# echo -n | /usr/lib/rpm/bin/rpmdeps
    [root@rhel6 rpm]# rpm --version
    rpm (RPM) 5.3.4

Changed in rpm:
milestone:	none → 4.8.1
status:	New → Triaged
importance:	Undecided → Low
assignee:	nobody → Jeff Johnson (n3npq)

Bug Watch Updater (bug-watch-updater) on 2017-10-27

Changed in fedora:
importance:	Unknown → Medium
status:	Unknown → Won't Fix

Affects		Status	Importance	Assigned to	Milestone
	RPM	Triaged	Low	Jeff Johnson	RPM 4.8.1
	Fedora	Won't Fix	Medium	redhat-bugs #637357

RPM

rpmdeps with no input segfaults at rpmfc.c:1257

Bug Description

Other bug subscribers

Remote bug watches