https://bugzilla.novell.com/show_bug.cgi?id=490033 Summary: VUL-0: satsolver: 3rd party crashes rpmmd2solv with memory corruption Classification: openSUSE Product: openSUSE 11.0 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: libzypp AssignedTo: zypp-maintainers@forge.provo.novell.com ReportedBy: meissner@novell.com QAContact: qa@suse.de Found By: Customer This night the packman repo started to crash rpmmd2solv. Erzeuge Zwischenspeicher für Repository 'Packman Repository' [fertig] Fehler beim Aufbau des lokalen Zwischenspeichers: 'repo2solv.sh' '-o' '/var/cache/zypp/solv/Packman_Repository/solv' '/var/cache/zypp/raw/Packman_Repository' /usr/bin/repo2solv.sh: line 227: 10620 Broken pipe $cmd "$i" 10621 Segmentation fault (core dumped) | rpmmd2solv $parser_options > $primfile gdb rpmmd2solv core (gdb) bt #0 0x00007fea2ec08279 in strncmp () from /lib64/libc.so.6 #1 0x0000000000404a3f in endElement (userData=0x7fff3753dc10, name=<value optimized out>) at /usr/src/debug/satsolver-0.9.6/tools/repo_rpmmd.c:519 #2 0x00007fea2f103e43 in doContent (parser=0x726f663c3e2f226d, startTagLevel=1869768506, enc=0x62694c20554e473e, s=0x736f68646c697562 <Address 0x736f68646c697562 out of bounds>, end=0x3e726f646e65763a <Address 0x3e726f646e65763a out of bounds>, nextPtr=0x6d70722f3c65642e, haveMore=120 'x') at lib/xmlparse.c:2449 #3 0x00007fea2f104d74 in contentProcessor (parser=0x723c3e2f22373335, start=0x8ec250 "\001", end=0x0, endPtr=0x2) at lib/xmlparse.c:2023 #4 0x00007fea2f0fd211 in XML_ParseBuffer (parser=0x720e70, len=108, isFinal=1882877296) at lib/xmlparse.c:1573 #5 0x0000000000405b50 in repo_add_rpmmd (repo=<value optimized out>, fp=0x31223d7265762022, flags=<value optimized out>) at /usr/src/debug/satsolver-0.9.6/tools/repo_rpmmd.c:935 #6 0x0000000000403d9e in main (argc=0, argv=0x0) at /usr/src/debug/satsolver-0.9.6/tools/rpmmd2solv.c:125 (gdb) up #1 0x0000000000404a3f in endElement (userData=0x7fff3753dc10, name=<value optimized out>) at /usr/src/debug/satsolver-0.9.6/tools/repo_rpmmd.c:519 519 if (!strncmp(sourcerpm, name, sevr - sourcerpm - 1) && name[sevr - sourcerpm - (gdb) print sourcerpm No symbol "sourcerpm" in current context. (gdb) list 514 repodata_set_constantid(data, handle, SOLVABLE_SOURCEARCH, strn2id(pool, sarch, strlen(sarch) - 4, 1)); 515 if (!strncmp(sevr, evr, sarch - sevr - 1) && evr[sarch - sevr - 1] == 0) 516 repodata_set_void(data, handle, SOLVABLE_SOURCEEVR); 517 else 518 repodata_set_id(data, handle, SOLVABLE_SOURCEEVR, strn2id(pool, sevr, sarch - sevr - 1, 1)); 519 if (!strncmp(sourcerpm, name, sevr - sourcerpm - 1) && name[sevr - sourcerpm - 520 1] == 0) 521 repodata_set_void(data, handle, SOLVABLE_SOURCENAME); 522 else 523 repodata_set_id(data, handle, SOLVABLE_SOURCENAME, strn2id(pool, sourcerpm, sevr - sourcerpm - 1, 1)); (gdb) down #0 0x00007fea2ec08279 in strncmp () from /lib64/libc.so.6 (gdb) x /i $pc 0x7fea2ec08279 <strncmp+25>: movzbl (%rsi),%ecx (gdb) print $rsi $1 = 140643782922223 (gdb) print /x $rsi $2 = 0x7fea2eb88fef (gdb) print s $5 = <value optimized out> (gdb) not all helpful I am afraid. will debug further -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.