[Rpm-maint] [rpm-software-management/rpm] Couple fixes in rpmdb (double free, and rpmdbCheckTerminate return code) (#92)

Gleb Pfotenhauer-Malinowski notifications at github.com
Mon Sep 19 16:33:55 UTC 2016


This code:
```
#include <rpm/rpmdb.h>
#include <rpm/rpmts.h>
#include <rpm/rpmlib.h>
#include <signal.h>

class A {
    private:
        rpmts ts;
        rpmdbMatchIterator mi;
    public:
        A() {
            rpmReadConfigFiles(NULL, NULL);
            ts = rpmtsCreate();
            mi = rpmtsInitIterator(ts, RPMDBI_PACKAGES, NULL, 0);
        };
        ~A() {
            rpmdbFreeIterator(mi);
            rpmtsFree(ts);
        };
};

A a;

int main() {
    raise(SIGTERM);
    rpmdbCheckSignals();
    return 0;
}
```
tries to free `MatchIterator` again in `atexit` destructor.

Program received signal SIGSEGV, Segmentation fault.
#0  0x00007ffff7b57c17 in ?? () from /usr/lib64/librpm.so.7
#1  0x00007ffff7b5fbaa in rpmdbFreeIterator () from /usr/lib64/librpm.so.7
#2  0x00000000004009b6 in A::~A (this=0x601080 <a>, __in_chrg=<optimized out>) at t.cc:17
#3  0x00007ffff77d1ca8 in __run_exit_handlers (status=1, listp=0x7ffff7b395d8 <__exit_funcs>, run_list_atexit=run_list_atexit at entry=true) at exit.c:82
#4  0x00007ffff77d1cf5 in __GI_exit (status=<optimized out>) at exit.c:104
#5  0x00007ffff7b5f513 in rpmdbCheckSignals () from /usr/lib64/librpm.so.7
#6  0x00000000004008e9 in main () at t.cc:26

I tried `if (rpmdbCheckTerminate(0) == 0) rpmdbFreeIterator(mi);`, but `rpmdbCheckTerminate` return code is not reliable.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/92

-- Commit Summary --

  * rpmdb.c: avoid double free in rpmdbClose, rpmdbMatchIterator, ...
  * rpmdb.c: (rpmdbCheckTerminate) return non-zero on subsequent runs

-- File Changes --

    M lib/rpmdb.c (17)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/92.patch
https://github.com/rpm-software-management/rpm/pull/92.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/92
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20160919/f567adb6/attachment.html>


More information about the Rpm-maint mailing list