Re: [PATCH 1/1] rpm: fix rpm2cpio segmentation fault

From: Mark Hatle <mark.hatle@windriver.com>
To: Kang Kai <Kai.Kang@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/1] rpm: fix rpm2cpio segmentation fault
Date: Tue, 12 Mar 2013 10:30:06 -0500	[thread overview]
Message-ID: <513F49FE.5030909@windriver.com> (raw)
In-Reply-To: <513EC3CE.9070206@windriver.com>

On 3/12/13 12:57 AM, Kang Kai wrote:
> On 2013年02月28日 22:34, Mark Hatle wrote:
>> On 2/28/13 1:34 AM, Kang Kai wrote:
>>> When run rpm2cpio, it fails with segmentation fault. The root cause is
>>> no macro "_db_path" defined, when query its value get nothing then
>>> cause segment fault.
>>>
>>> Add patch to parse macro files first to fix this problem.
>>>
>>> [YOCTO #3656]
>>>
>>> Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>> ---
>>> .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch | 24
>>> ++++++++++++++++++++
>>> meta/recipes-devtools/rpm/rpm_5.4.9.bb | 3 +-
>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>> create mode 100644
>>> meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>
>>> diff --git
>>> a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> new file mode 100644
>>> index 0000000..b43a64e
>>> --- /dev/null
>>> +++
>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> @@ -0,0 +1,24 @@
>>> +Upstream-Status: Pending
>>> +
>>> +rpm2cpio fails on target with "Segmentation fault". Because no
>>> "_dbpath"
>>> +defined, when query it will cause seg fault.
>>> +Parse macro files first to fix this bug.
>>> +
>>> +[YOCTO #3656]
>>> +
>>> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>> +
>>> +--- rpm-5.4.9/tools/rpm2cpio.c.orig 2013-02-28 13:14:12.453540767 +0800
>>> ++++ rpm-5.4.9/tools/rpm2cpio.c 2013-02-28 15:09:41.685785192 +0800
>>> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
>>> + (void) rpmtsSetVSFlags(ts, vsflags);
>>> +
>>> + /*@-mustmod@*/ /* LCL: segfault */
>>> ++ rc = rpmReadConfigFiles(NULL, NULL);
>>> ++ if (rc) {
>>> ++ fprintf(stderr, _("read RPM config files failed\n"));
>>> ++ exit(EXIT_FAILURE);
>>> ++ }
>>> + rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
>>> + /*@=mustmod@*/
>>> +
>>
>
> Hi Mark,
>
> Sorry for missed this mail.
>
>> In the RPM2CPIO case, I'm not sure that we want to exit here. It's
>> certainly reasonable for the config files to be unavailable to us.
>
> How about just give warning without quit when read configure files fails?

We shouldn't even need a warning.  When rpm2cpio is used on a target, much of 
the time there is no associated RPM in use (or if it's available, there likely 
isn't a database/home configured.)

>>
>> If the problem is that _dbpath is undefined (and it's needed for some
>> reason), my suggestion is that "some value" be defined, even if it's
>> to a non-existent location. It's be even better if we could simply
>> avoid using the _dbpath at all in the rpm2cpio code.
>
> The segment fault occurs on executing rpmReadPackageFile(). It is a
> library function in rpmdb/package.c. And it finally calls rpmdbNew(),
> and in rpmdbNew() it calls:
>
> db->db_home = rpmdbURIPath( (home && *home ? home : _DB_HOME) );
>
> home passed in is NULL, and _DB_HOME is defined by:
>
> #define _DB_HOME "%{?_dbpath}"

Instead of a warning above, if we were unable to load the database 
configuration, can we just set the value of _dbpath to be "/tmp"?  This should 
provide a valid 'home' path for any temp files, as well as avoid any load 
problems.  If there is a configuration available, we can use it.

> Then segment fault occurs with xstrdup() because no value is definedfor
> _dbpath then it tries to xstrdup() a NULL value in rpmdbURIPath().
>
> That is why I think parse configure files first in rpm2cpio is the way
> to fix the issue.
>
> Regards,
> Kai
>
>>
>> (Note, to folks reading this. Normally in oe-core, if we use rpm2cpio,
>> we're actually using a shell script version which does not have this
>> problem. The rpm2cpio -binary- is used by people on the target or
>> sometimes via the SDK to extract SRPM or RPM packages...)
>>
>>> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> index 39b0481..fcfbde8 100644
>>> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>>>
>>> DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
>>> -PR = "r61"
>>> +PR = "r62"
>>>
>>> # rpm2cpio is a shell script, which is part of the rpm src.rpm. It is
>>> needed
>>> # in order to extract the distribution SRPM into a format we can
>>> extract...
>>> @@ -85,6 +85,7 @@ SRC_URI =
>>> "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>>> file://rpm-reloc-macros.patch \
>>> file://rpm-platform2.patch \
>>> file://rpm-remove-sykcparse-decl.patch \
>>> + file://rpm2cpio-fix-segmentation-fault.patch \
>>> "
>>>
>>> # Uncomment the following line to enable platform score debugging
>>>
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>