On Feb 15, 2011, at 10:10 PM, Jeff Johnson wrote: > > On Feb 15, 2011, at 9:09 PM, Mark Hatle wrote: > >> The reproducer for me is simple. >> >> Setup a /etc/rpm/platform with some entries (not sure if this matters), have >> an >> /etc/rpm/sysinfo/Provides with a "/" as a provide. >> >> Then run rpm -vv --showrc. >> >> I get a double free and crash.. (which is why I started digging into it with >> Valgrind.) >> > > Reproduced on RHEL6 ... hmmm ...
Yah its a missing newrref for the rpmds pointer returned by rpmdsFromPRCO(). So the rpmds is free'd too soon, but there's a cascade of issues ;ater. So your fix is one way, avoid the dereference and premature free. Equivalently, one can nref++ by doing this RCS file: /v/rpm/cvs/rpm/lib/rpmrc.c,v retrieving revision 2.289 diff -p -u -w -r2.289 rpmrc.c --- rpmrc.c 10 Dec 2009 18:52:18 -0000 2.289 +++ rpmrc.c 16 Feb 2011 03:29:58 -0000 @@ -1206,7 +1206,7 @@ int rpmShowRC(FILE * fp) if (rpmIsVerbose()) { rpmPRCO PRCO = rpmdsNewPRCO(NULL); xx = rpmdsSysinfo(PRCO, NULL); - ds = rpmdsFromPRCO(PRCO, RPMTAG_PROVIDENAME); + ds = rpmdsLink(rpmdsFromPRCO(PRCO, RPMTAG_PROVIDENAME), "PRCO"); if (ds != NULL) { const char * fn = (_sysinfo_path ? _sysinfo_path : "/etc/rpm/sysinfo"); fprintf(fp, _("Configured system provides (from %s):\n"), fn); (aside) The (arguable) better fix would be to have rpmdsFromPRCO return a /*@newref@*/ (the splint annotation iirc) on the rpmds object. But that's a global change that has to be checked multiple places, so the spot fix above will do. Compiling to check now ... yep. Committing. Thanks for the report. > > 73 de Jeff > > >
smime.p7s
Description: S/MIME cryptographic signature