[Rpm-maint] rpm4.14 makes perl-RPM4 testsuite to segfault
Panu Matilainen
pmatilai at redhat.com
Thu Oct 5 08:15:52 UTC 2017
On 10/05/2017 11:08 AM, Panu Matilainen wrote:
> On 10/05/2017 10:28 AM, Panu Matilainen wrote:
> [...]
>>> Yeah, I'm getting segfaults all the way to rpm 4.11.x, didn't test
>>> earlier because this already shows it's not a regression in 4.14.x
>>> but something else. A bug in perl-RPM4 perhaps, as compiling it with
>>> -Og makes the crash go away, other optimization levels make it blow
>>> up with different levels of spectacular. I dont see anything obvious
>>> in there but that doesn't mean much, I know diddly about perl and its
>>> extensions.
>>
>> I ran it with some added debugging on rpm side which I'm more familiar
>> with, and the crash happens because a totally garbage pointer is
>> passed to headerFree(). Well indeed, it was passing the address of the
>> header pointer variable as the header itself into the callback, and
>> when you try do stuff with that, well...
>>
>> This fixes it:
>>
>> diff --git a/src/RPM4.xs b/src/RPM4.xs
>> index 04c65ee..6604477 100644
>> --- a/src/RPM4.xs
>> +++ b/src/RPM4.xs
>> @@ -246,7 +246,7 @@ static void *
>> s_what = "INST_START";
>> if (h) {
>> mXPUSHs(newSVpv("header", 0));
>> - mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, &h));
>> + mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, h));
>> #ifdef HDRPMMEM
>
>
> Oh and you'll want to fix the debug printf too, even though it's
> obviously harmless (but then useless for debugging):
>
>> PRINTF_NEW(bless_header, &h, -1);
> ^^
Blech, one of those days...
The above is closer to mark but still not quite right and will crash
too, only in a different way because the refcount is wrong. Here's the
real deal:
diff --git a/src/RPM4.xs b/src/RPM4.xs
index 04c65ee..f7cfd33 100644
--- a/src/RPM4.xs
+++ b/src/RPM4.xs
@@ -246,9 +246,9 @@ static void *
s_what = "INST_START";
if (h) {
mXPUSHs(newSVpv("header", 0));
- mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header, &h));
+ mXPUSHs(sv_setref_pv(newSVpvs(""), bless_header,
headerLink(h)));
#ifdef HDRPMMEM
- PRINTF_NEW(bless_header, &h, -1);
+ PRINTF_NEW(bless_header, h, -1);
#endif
}
break;
- Panu -
More information about the Rpm-maint
mailing list