[Rpm-maint] rpm4.14 makes perl-RPM4 testsuite to segfault

Panu Matilainen pmatilai at redhat.com
Thu Oct 5 08:15:52 UTC 2017


On 10/05/2017 11:08 AM, Panu Matilainen wrote:
> On 10/05/2017 10:28 AM, Panu Matilainen wrote:
> [...]
>>> Yeah, I'm getting segfaults all the way to rpm 4.11.x, didn't test 
>>> earlier because this already shows it's not a regression in 4.14.x 
>>> but something else. A bug in perl-RPM4 perhaps, as compiling it with 
>>> -Og makes the crash go away, other optimization levels make it blow 
>>> up with different levels of spectacular. I dont see anything obvious 
>>> in there but that doesn't mean much, I know diddly about perl and its 
>>> extensions.
>>
>> I ran it with some added debugging on rpm side which I'm more familiar 
>> with, and the crash happens because a totally garbage pointer is 
>> passed to headerFree(). Well indeed, it was passing the address of the 
>> header pointer variable as the header itself into the callback, and 
>> when you try do stuff with that, well...
>>
>> This fixes it:
>>
>> diff --git a/src/RPM4.xs b/src/RPM4.xs
>> index 04c65ee..6604477 100644
>> --- a/src/RPM4.xs
>> +++ b/src/RPM4.xs
>> @@ -246,7 +246,7 @@ static void *
>>               s_what = "INST_START";
>>               if (h) {
>>                   mXPUSHs(newSVpv("header", 0));
>> -                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, &h));
>> +                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, h));
>>   #ifdef HDRPMMEM
> 
> 
> Oh and you'll want to fix the debug printf too, even though it's 
> obviously harmless (but then useless for debugging):
> 
>>                   PRINTF_NEW(bless_header, &h, -1);
>                                               ^^

Blech, one of those days...

The above is closer to mark but still not quite right and will crash 
too, only in a different way because the refcount is wrong. Here's the 
real deal:

diff --git a/src/RPM4.xs b/src/RPM4.xs
index 04c65ee..f7cfd33 100644
--- a/src/RPM4.xs
+++ b/src/RPM4.xs
@@ -246,9 +246,9 @@ static void *
              s_what = "INST_START";
              if (h) {
                  mXPUSHs(newSVpv("header", 0));
-                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, &h));
+                mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, 
headerLink(h)));
  #ifdef HDRPMMEM
-                PRINTF_NEW(bless_header, &h, -1);
+                PRINTF_NEW(bless_header, h, -1);
  #endif
              }
          break;

	- Panu -



More information about the Rpm-maint mailing list