[Rpm-maint] rpm4.14 makes perl-RPM4 testsuite to segfault

Panu Matilainen pmatilai at redhat.com
Thu Oct 5 08:08:18 UTC 2017


On 10/05/2017 10:28 AM, Panu Matilainen wrote:
[...]
>> Yeah, I'm getting segfaults all the way to rpm 4.11.x, didn't test 
>> earlier because this already shows it's not a regression in 4.14.x but 
>> something else. A bug in perl-RPM4 perhaps, as compiling it with -Og 
>> makes the crash go away, other optimization levels make it blow up 
>> with different levels of spectacular. I dont see anything obvious in 
>> there but that doesn't mean much, I know diddly about perl and its 
>> extensions.
> 
> I ran it with some added debugging on rpm side which I'm more familiar 
> with, and the crash happens because a totally garbage pointer is passed 
> to headerFree(). Well indeed, it was passing the address of the header 
> pointer variable as the header itself into the callback, and when you 
> try do stuff with that, well...
> 
> This fixes it:
> 
> diff --git a/src/RPM4.xs b/src/RPM4.xs
> index 04c65ee..6604477 100644
> --- a/src/RPM4.xs
> +++ b/src/RPM4.xs
> @@ -246,7 +246,7 @@ static void *
>               s_what = "INST_START";
>               if (h) {
>                   mXPUSHs(newSVpv("header", 0));
> -                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, &h));
> +                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, h));
>   #ifdef HDRPMMEM


Oh and you'll want to fix the debug printf too, even though it's 
obviously harmless (but then useless for debugging):

>                   PRINTF_NEW(bless_header, &h, -1);
                                              ^^
	- Panu -



More information about the Rpm-maint mailing list