1769579 – Icon directive in rpm spec-file may trigger memory leak in rpmbuild.

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1769579 - Icon directive in rpm spec-file may trigger memory leak in rpmbuild.

Summary: Icon directive in rpm spec-file may trigger memory leak in rpmbuild.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rpm
Sub Component:
Version:	31
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Panu Matilainen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-11-06 21:50 UTC by Steffen Seeger
Modified:	2019-11-28 01:10 UTC (History)
CC List:	7 users (show)
Fixed In Version:	rpm-4.15.1-1.fc31
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-11-28 01:10:29 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
a sample src.rpm that reproduces the bug. (7.03 KB, application/x-rpm) 2019-11-06 21:50 UTC, Steffen Seeger	no flags	Details
hello-world-icon.xpm (not included in spec file) (4.56 KB, image/x-xpixmap) 2019-11-07 20:58 UTC, Steffen Seeger	no flags	Details
View All

Description Steffen Seeger 2019-11-06 21:50:41 UTC

Created attachment 1633467 [details]
a sample src.rpm that reproduces the bug.

Description of problem:
rpmbuild triggers segmentation fault in final build stage.

Version-Release number of selected component (if applicable):
4.15.0

How reproducible:
Uncomment the Icon directive in the attached src rpm and try to rebuild.

Steps to Reproduce:
1. install attached source rpm
2. uncomment #Icon: directive in spec file
3. try to rebuild.

Actual results:
depending on the actual rpm spec file, the following error messages
may occur and no output files are created.

    Segmentation fault (core dumped).
    free(): invalid next size (normal)


Expected results:
finish build properly and create src.rpm and target package file(s).

Additional info:
none

Comment 1 Panu Matilainen 2019-11-07 10:12:35 UTC

I'm not able to able to reproduce anything remotely like that. Please attach the actual icon file too in case it somehow depends on that, the exact command used to build and the full output of that.

Comment 2 Steffen Seeger 2019-11-07 20:58:37 UTC

Created attachment 1633804 [details]
hello-world-icon.xpm (not included in spec file)

This is the icon file referenced in the spec but not included because the Icon directive had to be commented out to build the source rpm.

Comment 3 Steffen Seeger 2019-11-07 21:19:56 UTC

Here is the full output of the failing build of the sample spec file (with the icon file added to the sources/ directory) and the Icon directive active:
-----------------------------------------------------------------------------------------------
[build@localhost specs]$ rpmbuild -ba hello_world-0.0.spec 
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.xClCoq
+ umask 022
+ cd /scratch/build/build
+ echo 20191107
20191107
+ cd /scratch/build/build
+ rm -rf hello-world-0.0
+ /usr/bin/pbzip2 -dc /home/build/sources/hello-world-0.0.tar.bz2
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd hello-world-0.0
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.2PhZMr
+ umask 022
+ cd /scratch/build/build
+ cd hello-world-0.0
+ export 'CFLAGS= -std=c99 -W -Wall'
+ CFLAGS=' -std=c99 -W -Wall'
+ make 'CFLAGS= -std=c99 -W -Wall' hello-world
cc -std=c99 -W -Wall    hello-world.c   -o hello-world
hello-world.c: In function 'main':
hello-world.c:3:14: warning: unused parameter 'argc' [-Wunused-parameter]
    3 | int main(int argc, char **argv)
      |          ~~~~^~~~
hello-world.c:3:27: warning: unused parameter 'argv' [-Wunused-parameter]
    3 | int main(int argc, char **argv)
      |                    ~~~~~~~^~~~
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.Jkbuas
+ umask 022
+ cd /scratch/build/build
+ '[' /scratch/build/tmp/hello-world-0.0-20191107.fc31 '!=' / ']'
+ rm -rf /scratch/build/tmp/hello-world-0.0-20191107.fc31
++ dirname /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ mkdir -p /scratch/build/tmp
+ mkdir /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ cd hello-world-0.0
+ '[' /scratch/build/tmp/hello-world-0.0-20191107.fc31 '!=' / ']'
+ rm -rf /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ mkdir -p /scratch/build/tmp/hello-world-0.0-20191107.fc31/usr/bin
+ install -m 0755 hello-world /scratch/build/tmp/hello-world-0.0-20191107.fc31/usr/bin/hello-world
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-python-bytecompile /usr/bin/python 1 0
+ /usr/lib/rpm/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
Segmentation fault (core dumped)
[build@localhost specs]$
-----------------------------------------------------------------------------------------------
And here the same but with Icon directive commented out in the spec file:
-----------------------------------------------------------------------------------------------
[build@localhost specs]$ rpmbuild -ba hello_world-0.0.spec 
warning: Macro expanded in comment on line 8: %{name}-icon.xpm

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.GEmbS7
+ umask 022
+ cd /scratch/build/build
+ echo 20191107
20191107
+ cd /scratch/build/build
+ rm -rf hello-world-0.0
+ /usr/bin/pbzip2 -dc /home/build/sources/hello-world-0.0.tar.bz2
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd hello-world-0.0
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.z2qhf8
+ umask 022
+ cd /scratch/build/build
+ cd hello-world-0.0
+ export 'CFLAGS= -std=c99 -W -Wall'
+ CFLAGS=' -std=c99 -W -Wall'
+ make 'CFLAGS= -std=c99 -W -Wall' hello-world
cc -std=c99 -W -Wall    hello-world.c   -o hello-world
hello-world.c: In function 'main':
hello-world.c:3:14: warning: unused parameter 'argc' [-Wunused-parameter]
    3 | int main(int argc, char **argv)
      |          ~~~~^~~~
hello-world.c:3:27: warning: unused parameter 'argv' [-Wunused-parameter]
    3 | int main(int argc, char **argv)
      |                    ~~~~~~~^~~~
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.z8hSD6
+ umask 022
+ cd /scratch/build/build
+ '[' /scratch/build/tmp/hello-world-0.0-20191107.fc31 '!=' / ']'
+ rm -rf /scratch/build/tmp/hello-world-0.0-20191107.fc31
++ dirname /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ mkdir -p /scratch/build/tmp
+ mkdir /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ cd hello-world-0.0
+ '[' /scratch/build/tmp/hello-world-0.0-20191107.fc31 '!=' / ']'
+ rm -rf /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ mkdir -p /scratch/build/tmp/hello-world-0.0-20191107.fc31/usr/bin
+ install -m 0755 hello-world /scratch/build/tmp/hello-world-0.0-20191107.fc31/usr/bin/hello-world
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-python-bytecompile /usr/bin/python 1 0
+ /usr/lib/rpm/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
Processing files: hello-world-0.0-20191107.fc31.x86_64
Provides: hello-world = 0.0-20191107.fc31 hello-world(x86-64) = 0.0-20191107.fc31
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH)
Checking for unpackaged file(s): /usr/lib/rpm/check-files /scratch/build/tmp/hello-world-0.0-20191107.fc31
Wrote: /home/build/srpm/hello-world-0.0-20191107.fc31.src.rpm
Wrote: /scratch/build/rpms/hello-world-0.0-20191107.fc31.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.8yhsK7
+ umask 022
+ cd /scratch/build/build
+ cd hello-world-0.0
+ '[' /scratch/build/tmp/hello-world-0.0-20191107.fc31 '!=' / ']'
+ rm -rf /scratch/build/tmp/hello-world-0.0-20191107.fc31
+ RPM_EC=0
++ jobs -p
+ exit 0
[build@localhost specs]$
-----------------------------------------------------------------------------------------------


The following are the last few lines of output from building other pacakges 
with "rpmbuild -ba <pkg.spec>" that build successfully if the Icon directive
is commented out, but fail if it is active in the spec file:
-----------------------------------------------------------------------------------------------
[ ... some output omitted ... ]
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
mangling shebang in /usr/share/docear/docear.sh from /bin/bash to #!/usr/bin/bash
corrupted double-linked list
Aborted (core dumped)
[build@localhost specs]$
-----------------------------------------------------------------------------------------------
[ ... some output omitted ... ]
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
free(): invalid next size (normal)
Aborted (core dumped)
[build@localhost specs]$
-----------------------------------------------------------------------------------------------

Comment 4 Panu Matilainen 2019-11-08 07:43:28 UTC

> rpmbuild -ba hello_world-0.0.spec
            ^^
And that's the key, I only tried it with -bb, but -bs is sufficient to reproduce. This is a regression in 4.15.0 and will need fixing soon. Thanks for reporting!

Comment 5 Panu Matilainen 2019-11-08 08:55:26 UTC

Okay so, he who breaks it...

It's a regression introduced by me in 4.15.x development so it's (primarily) my responsibility to fix it, sorry Michal for the confusion.

Comment 6 Panu Matilainen 2019-11-08 10:37:24 UTC

https://github.com/rpm-software-management/rpm/pull/930

Comment 7 Fedora Update System 2019-11-19 10:07:00 UTC

FEDORA-2019-72008fcd6d has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-72008fcd6d

Comment 8 Fedora Update System 2019-11-20 01:27:51 UTC

rpm-4.15.1-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-72008fcd6d

Comment 9 Fedora Update System 2019-11-28 01:10:29 UTC

rpm-4.15.1-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.