On Feb 15, 2011, at 10:10 PM, Jeff Johnson wrote: > > On Feb 15, 2011, at 9:09 PM, Mark Hatle wrote: > >> The reproducer for me is simple. >> >> Setup a /etc/rpm/platform with some entries (not sure if this matters), have >> an >> /etc/rpm/sysinfo/Provides with a "/" as a provide. >> >> Then run rpm -vv --showrc. >> >> I get a double free and crash.. (which is why I started digging into it with >> Valgrind.) >> > > Reproduced on RHEL6 ... hmmm ...
Yah its a missing newrref for the rpmds pointer returned by rpmdsFromPRCO().
So the rpmds is free'd too soon, but there's a cascade of issues ;ater.
So your fix is one way, avoid the dereference and premature free.
Equivalently, one can nref++ by doing this
RCS file: /v/rpm/cvs/rpm/lib/rpmrc.c,v
retrieving revision 2.289
diff -p -u -w -r2.289 rpmrc.c
--- rpmrc.c 10 Dec 2009 18:52:18 -0000 2.289
+++ rpmrc.c 16 Feb 2011 03:29:58 -0000
@@ -1206,7 +1206,7 @@ int rpmShowRC(FILE * fp)
if (rpmIsVerbose()) {
rpmPRCO PRCO = rpmdsNewPRCO(NULL);
xx = rpmdsSysinfo(PRCO, NULL);
- ds = rpmdsFromPRCO(PRCO, RPMTAG_PROVIDENAME);
+ ds = rpmdsLink(rpmdsFromPRCO(PRCO, RPMTAG_PROVIDENAME), "PRCO");
if (ds != NULL) {
const char * fn = (_sysinfo_path ? _sysinfo_path :
"/etc/rpm/sysinfo");
fprintf(fp, _("Configured system provides (from %s):\n"), fn);
(aside)
The (arguable) better fix would be to have rpmdsFromPRCO return a /*@newref@*/
(the splint annotation iirc) on the rpmds object. But that's a global
change that has to be checked multiple places, so the spot fix above will do.
Compiling to check now ... yep.
Committing. Thanks for the report.
>
> 73 de Jeff
>
>
>
smime.p7s
Description: S/MIME cryptographic signature
