[Rpm-maint] [rpm-software-management/rpm] Couple fixes in rpmdb (double free, and rpmdbCheckTerminate return code) (#92)
Gleb Pfotenhauer-Malinowski
notifications at github.com
Mon Sep 19 16:33:55 UTC 2016
This code:
```
#include <rpm/rpmdb.h>
#include <rpm/rpmts.h>
#include <rpm/rpmlib.h>
#include <signal.h>
class A {
private:
rpmts ts;
rpmdbMatchIterator mi;
public:
A() {
rpmReadConfigFiles(NULL, NULL);
ts = rpmtsCreate();
mi = rpmtsInitIterator(ts, RPMDBI_PACKAGES, NULL, 0);
};
~A() {
rpmdbFreeIterator(mi);
rpmtsFree(ts);
};
};
A a;
int main() {
raise(SIGTERM);
rpmdbCheckSignals();
return 0;
}
```
tries to free `MatchIterator` again in `atexit` destructor.
Program received signal SIGSEGV, Segmentation fault.
#0 0x00007ffff7b57c17 in ?? () from /usr/lib64/librpm.so.7
#1 0x00007ffff7b5fbaa in rpmdbFreeIterator () from /usr/lib64/librpm.so.7
#2 0x00000000004009b6 in A::~A (this=0x601080 <a>, __in_chrg=<optimized out>) at t.cc:17
#3 0x00007ffff77d1ca8 in __run_exit_handlers (status=1, listp=0x7ffff7b395d8 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true) at exit.c:82
#4 0x00007ffff77d1cf5 in __GI_exit (status=<optimized out>) at exit.c:104
#5 0x00007ffff7b5f513 in rpmdbCheckSignals () from /usr/lib64/librpm.so.7
#6 0x00000000004008e9 in main () at t.cc:26
I tried `if (rpmdbCheckTerminate(0) == 0) rpmdbFreeIterator(mi);`, but `rpmdbCheckTerminate` return code is not reliable.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/92
-- Commit Summary --
* rpmdb.c: avoid double free in rpmdbClose, rpmdbMatchIterator, ...
* rpmdb.c: (rpmdbCheckTerminate) return non-zero on subsequent runs
-- File Changes --
M lib/rpmdb.c (17)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/92.patch
https://github.com/rpm-software-management/rpm/pull/92.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/92
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20160919/f567adb6/attachment.html>
More information about the Rpm-maint
mailing list