This code:
#include <rpm/rpmdb.h>
#include <rpm/rpmts.h>
#include <rpm/rpmlib.h>
#include <signal.h>

class A {
        rpmts ts;
        rpmdbMatchIterator mi;
        A() {
            rpmReadConfigFiles(NULL, NULL);
            ts = rpmtsCreate();
            mi = rpmtsInitIterator(ts, RPMDBI_PACKAGES, NULL, 0);
        ~A() {

A a;

int main() {
    return 0;
tries to free `MatchIterator` again in `atexit` destructor.

Program received signal SIGSEGV, Segmentation fault.
#0  0x00007ffff7b57c17 in ?? () from /usr/lib64/
#1  0x00007ffff7b5fbaa in rpmdbFreeIterator () from /usr/lib64/
#2  0x00000000004009b6 in A::~A (this=0x601080 <a>, __in_chrg=<optimized out>) 
#3  0x00007ffff77d1ca8 in __run_exit_handlers (status=1, listp=0x7ffff7b395d8 
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#4  0x00007ffff77d1cf5 in __GI_exit (status=<optimized out>) at exit.c:104
#5  0x00007ffff7b5f513 in rpmdbCheckSignals () from /usr/lib64/
#6  0x00000000004008e9 in main () at

I tried `if (rpmdbCheckTerminate(0) == 0) rpmdbFreeIterator(mi);`, but 
`rpmdbCheckTerminate` return code is not reliable.
You can view, comment on, or merge this pull request online at:

-- Commit Summary --

  * rpmdb.c: avoid double free in rpmdbClose, rpmdbMatchIterator, ...
  * rpmdb.c: (rpmdbCheckTerminate) return non-zero on subsequent runs

-- File Changes --

    M lib/rpmdb.c (17)

-- Patch Links --

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list

Reply via email to