[OE-core] [PATCH 1/1] rpm: fix rpm2cpio segmentation fault

Kang Kai Kai.Kang at windriver.com
Fri Apr 12 09:18:49 UTC 2013 

On 2013年03月12日 23:30, Mark Hatle wrote:
> On 3/12/13 12:57 AM, Kang Kai wrote:
>> On 2013年02月28日 22:34, Mark Hatle wrote:
>>> On 2/28/13 1:34 AM, Kang Kai wrote:
>>>> When run rpm2cpio, it fails with segmentation fault. The root cause is
>>>> no macro "_db_path" defined, when query its value get nothing then
>>>> cause segment fault.
>>>>
>>>> Add patch to parse macro files first to fix this problem.
>>>>
>>>> [YOCTO #3656]
>>>>
>>>> Signed-off-by: Kang Kai <kai.kang at windriver.com>
>>>> ---
>>>> .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch | 24
>>>> ++++++++++++++++++++
>>>> meta/recipes-devtools/rpm/rpm_5.4.9.bb | 3 +-
>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>> create mode 100644
>>>> meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>>
>>>> diff --git
>>>> a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> new file mode 100644
>>>> index 0000000..b43a64e
>>>> --- /dev/null
>>>> +++
>>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> @@ -0,0 +1,24 @@
>>>> +Upstream-Status: Pending
>>>> +
>>>> +rpm2cpio fails on target with "Segmentation fault". Because no
>>>> "_dbpath"
>>>> +defined, when query it will cause seg fault.
>>>> +Parse macro files first to fix this bug.
>>>> +
>>>> +[YOCTO #3656]
>>>> +
>>>> +Signed-off-by: Kang Kai <kai.kang at windriver.com>
>>>> +
>>>> +--- rpm-5.4.9/tools/rpm2cpio.c.orig 2013-02-28 13:14:12.453540767 
>>>> +0800
>>>> ++++ rpm-5.4.9/tools/rpm2cpio.c 2013-02-28 15:09:41.685785192 +0800
>>>> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
>>>> + (void) rpmtsSetVSFlags(ts, vsflags);
>>>> +
>>>> + /*@-mustmod@*/ /* LCL: segfault */
>>>> ++ rc = rpmReadConfigFiles(NULL, NULL);
>>>> ++ if (rc) {
>>>> ++ fprintf(stderr, _("read RPM config files failed\n"));
>>>> ++ exit(EXIT_FAILURE);
>>>> ++ }
>>>> + rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
>>>> + /*@=mustmod@*/
>>>> +
>>>
>>
>> Hi Mark,
>>
>> Sorry for missed this mail.
>>
>>> In the RPM2CPIO case, I'm not sure that we want to exit here. It's
>>> certainly reasonable for the config files to be unavailable to us.
>>
>> How about just give warning without quit when read configure files 
>> fails?
>
> We shouldn't even need a warning.  When rpm2cpio is used on a target, 
> much of the time there is no associated RPM in use (or if it's 
> available, there likely isn't a database/home configured.)
>
>>>
>>> If the problem is that _dbpath is undefined (and it's needed for some
>>> reason), my suggestion is that "some value" be defined, even if it's
>>> to a non-existent location. It's be even better if we could simply
>>> avoid using the _dbpath at all in the rpm2cpio code.
>>
>> The segment fault occurs on executing rpmReadPackageFile(). It is a
>> library function in rpmdb/package.c. And it finally calls rpmdbNew(),
>> and in rpmdbNew() it calls:
>>
>> db->db_home = rpmdbURIPath( (home && *home ? home : _DB_HOME) );
>>
>> home passed in is NULL, and _DB_HOME is defined by:
>>
>> #define _DB_HOME "%{?_dbpath}"
>

Hi Mark,

> Instead of a warning above, if we were unable to load the database 
> configuration, can we just set the value of _dbpath to be "/tmp"?  
> This should provide a valid 'home' path for any temp files, as well as 
> avoid any load problems.  If there is a configuration available, we 
> can use it.

More vars found need to be set with a value. When run rpm2cpio, it calls 
rpmReadPackageFile() to open the rpm file, and then do some read and 
test work. When call rpmVerifySignature() it calls rpmdbOpen() and 
finally calls db3new(). In function db3new() in rpmdb/dbconfig.c around 
line 485, vars "_dbi_config_*" are expanded and var "_dbi_config" is 
asserted not to be NULL. But without parsing the macros file, assertion 
fails. "_dbi_config" is a complicated var and seems can not be set directly.

Would you like to give more help?

Thanks,
Kai

>
>> Then segment fault occurs with xstrdup() because no value is definedfor
>> _dbpath then it tries to xstrdup() a NULL value in rpmdbURIPath().
>>
>> That is why I think parse configure files first in rpm2cpio is the way
>> to fix the issue.
>>
>> Regards,
>> Kai
>>
>>>
>>> (Note, to folks reading this. Normally in oe-core, if we use rpm2cpio,
>>> we're actually using a shell script version which does not have this
>>> problem. The rpm2cpio -binary- is used by people on the target or
>>> sometimes via the SDK to extract SRPM or RPM packages...)
>>>
>>>> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> index 39b0481..fcfbde8 100644
>>>> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>>>>
>>>> DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
>>>> -PR = "r61"
>>>> +PR = "r62"
>>>>
>>>> # rpm2cpio is a shell script, which is part of the rpm src.rpm. It is
>>>> needed
>>>> # in order to extract the distribution SRPM into a format we can
>>>> extract...
>>>> @@ -85,6 +85,7 @@ SRC_URI =
>>>> "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>>>> file://rpm-reloc-macros.patch \
>>>> file://rpm-platform2.patch \
>>>> file://rpm-remove-sykcparse-decl.patch \
>>>> + file://rpm2cpio-fix-segmentation-fault.patch \
>>>> "
>>>>
>>>> # Uncomment the following line to enable platform score debugging
>>>>
>>>
>>>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core at lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>
>>
>
>


-- 
Regards,
Neil | Kai Kang

More information about the Openembedded-core mailing list