Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1257274

Summary: "scl enable <collection> -" core dumps with large input on stdin
Product: [Fedora] Fedora Reporter: Mat Booth <mat.booth>
Component: scl-utilsAssignee: Jan Zeleny <jzeleny>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 22CC: bkabrda, jzeleny, lkardos, mbenitez, sgehwolf
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 2.0.1-3.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-07 16:35:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Script that causes core dump none

Description Mat Booth 2015-08-26 15:42:55 UTC 
Created attachment 1067323 [details]
Script that causes core dump

Description of problem:

The following construct causes a core dump on both Fedora 22 and 23:

scl enable <collection> - << "EOF"
# some large number of commands here
EOF

Please see attached script for a reproducer. Running this script results in the following:

# ./test.sh 
*** Error in `scl': free(): invalid next size (fast): 0x00007f0340bf40e0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7a2b5)[0x7f033e33f2b5]
/lib64/libc.so.6(+0x8297a)[0x7f033e34797a]
/lib64/libc.so.6(cfree+0x4c)[0x7f033e34b4ec]
scl(_free+0x9)[0x7f033ed53969]
scl(has_old_collection+0x39)[0x7f033ed539a9]
scl(main+0x138)[0x7f033ed51108]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7f033e2e56c0]
scl(_start+0x29)[0x7f033ed511f9]

This bug affects both Fedora 22 and Fedora 23:

scl-utils-2.0.1-2.fc22.x86_64
scl-utils-2.0.1-5.fc23.x86_64


Steps to Reproduce:
1. Build and install this SCL metapackage:
https://fedorapeople.org/~mbooth/copr/eclipse-neon/eclipse-neon-1.0-1.fc24.src.rpm
2. Run the attached script: ./test.sh
Comment 1 Mat Booth 2015-08-26 15:45:03 UTC 
It's worth noting that this is a regression in behaviour from scl-utils < 2

I was able to build eclipse inside a SCL with the old scl-utils, but I now get core dumps since scl-utils >= 2 was released.
Comment 2 Mat Booth 2015-08-26 17:13:23 UTC 
The problem occurs on Fedora 21 also, with:

scl-utils-2.0.1-2.fc21.x86_64

And actually I don't think you even have to have a real SCL installed, simply running the reproducer script on any machine with scl-utils >= 2.0.1 installed triggers the bug.
Comment 3 Mat Booth 2015-08-26 17:34:08 UTC 
Some kind of heap corruption..? Here's what valgrind says:

==29834== Memcheck, a memory error detector
==29834== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29834== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==29834== Command: /usr/bin/scl enable beans -
==29834== 
==29834== Syscall param read(buf) points to unaddressable byte(s)
==29834==    at 0x3EB4AF08E0: __read_nocancel (syscall-template.S:81)
==29834==    by 0x3EB4A790F8: _IO_file_xsgetn (fileops.c:1479)
==29834==    by 0x3EB4A6E8EF: fread (iofread.c:42)
==29834==    by 0x404599: extract_command_stdin (args.c:141)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==  Address 0x4c4a1a1 is 0 bytes after a block of size 8,193 alloc'd
==29834==    at 0x4A08B9C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==29834==    by 0x404F1D: xrealloc (sclmalloc.c:35)
==29834==    by 0x404568: extract_command_stdin (args.c:142)
==29834==    by 0x40477F: parse_run_args (args.c:206)
==29834==    by 0x404D10: scl_args_get (args.c:356)
==29834==    by 0x402084: main (scl.c:49)
==29834==
Comment 4 Fedora Update System 2015-08-27 13:10:41 UTC 
scl-utils-2.0.1-3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 5 Fedora Update System 2015-08-27 13:10:51 UTC 
scl-utils-2.0.1-6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 6 Fedora Update System 2015-08-28 18:57:44 UTC 
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14409
Comment 7 Fedora Update System 2015-08-31 18:52:50 UTC 
scl-utils-2.0.1-6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update scl-utils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14410
Comment 8 Fedora Update System 2015-09-06 21:56:52 UTC 
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update 389-ds-base satyr deltarpm ptpd fedup-dracut libhif grub2 openscap perl-RPM-VersionCompare drpm net-snmp libextractor libappstream-glib keepalived foghorn PackageKit createrepo_c cyrus-imapd supermin rpm-ostree rpm scl-utils systemtap libvirt-snmp abrt-java-connector apt opensips pcp sectool rpmreaper anaconda ovaldi abrt perl-RPM2 openlmi-providers openhpi-subagent quagga'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15193
Comment 9 Fedora Update System 2015-09-07 16:35:03 UTC 
389-ds-base-1.3.4.4-1.fc23.1, PackageKit-1.0.8-3.fc23, abrt-2.6.2-6.fc23, abrt-java-connector-1.1.0-6.fc23, anaconda-23.19.2-2.fc23, apt-0.5.15lorg3.95-21.git522.fc23, createrepo_c-0.9.0-4.fc23, cyrus-imapd-2.4.17-13.fc23, deltarpm-3.6-11.fc23, drpm-0.2.0-3.fc23, fedup-dracut-0.9.2-3.fc23, foghorn-0.1.6-10.fc23, grub2-2.02-0.23.fc23, keepalived-1.2.19-2.fc23, libappstream-glib-0.5.0-2.fc23, libextractor-1.3-7.fc23, libhif-0.2.1-4.fc23, libvirt-snmp-0.0.3-6.fc23, net-snmp-5.7.3-7.fc23, openhpi-subagent-2.3.4-26.fc23, openlmi-providers-0.6.0-3.fc23, openscap-1.2.5-2.fc23, opensips-1.10.5-5.fc23, ovaldi-5.9.1-14.fc23, pcp-3.10.6-2.fc23.1, perl-RPM-VersionCompare-0.1.1-14.fc23, perl-RPM2-1.0-15.fc23, ptpd-2.3.1-3.fc23, quagga-0.99.24.1-2.fc23, rpm-4.13.0-0.rc1.2.fc23, rpm-ostree-2015.9-2.fc23, rpmreaper-0.2.0-6.fc23, satyr-0.19-2.fc23, scl-utils-2.0.1-7.fc23, sectool-0.9.5-16.fc23, supermin-5.1.13-3.fc23, systemtap-2.9-0.20150713git9d0b65f.fc23.1 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2015-09-24 08:26:56 UTC 
scl-utils-2.0.1-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.