Package: RPM Version: 4.11.3 When I invoke #valgrind rpm -i --test <package_attached_below.rpm> I get the Segfault (attached)
Can you please advise, if this is a security issue? I am using current Debian Stable x64
# valgrind rpm -i --test id\:000008\,sig\:11\,src\:000219\,op\:havoc\,rep\:2 ==4876== Memcheck, a memory error detector ==4876== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==4876== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==4876== Command: rpm -i --test id:000008,sig:11,src:000219,op:havoc,rep:2 ==4876== rpm: RPM should not be used directly install RPM packages, use Alien instead! rpm: However assuming you know what you are doing... ==4876== Use of uninitialised value of size 8 ==4876== at 0x4C2C1A2: strlen (vg_replace_strmem.c:412) ==4876== by 0x4E49CEC: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4BAD9: headerPut (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4969A: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E208: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E64C: headerConvert (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6307E: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6370D: rpmReadPackageFile (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7006E: rpmInstall (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4018C9: ??? (in /usr/bin/rpm) ==4876== by 0x5715B44: (below main) (libc-start.c:287) ==4876== ==4876== Invalid read of size 1 ==4876== at 0x4C2C1A2: strlen (vg_replace_strmem.c:412) ==4876== by 0x4E49CEC: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4BAD9: headerPut (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4969A: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E208: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E64C: headerConvert (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6307E: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6370D: rpmReadPackageFile (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7006E: rpmInstall (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4018C9: ??? (in /usr/bin/rpm) ==4876== by 0x5715B44: (below main) (libc-start.c:287) ==4876== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==4876== ==4876== ==4876== Process terminating with default action of signal 11 (SIGSEGV) ==4876== Access not within mapped region at address 0x0 ==4876== at 0x4C2C1A2: strlen (vg_replace_strmem.c:412) ==4876== by 0x4E49CEC: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4BAD9: headerPut (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E4969A: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E208: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7E64C: headerConvert (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6307E: ??? (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E6370D: rpmReadPackageFile (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4E7006E: rpmInstall (in /usr/lib/x86_64-linux-gnu/librpm.so.3.2.2) ==4876== by 0x4018C9: ??? (in /usr/bin/rpm) ==4876== by 0x5715B44: (below main) (libc-start.c:287) ==4876== If you believe this happened as a result of a stack ==4876== overflow in your program's main thread (unlikely but ==4876== possible), you can try to increase the size of the ==4876== main thread stack using the --main-stacksize= flag. ==4876== The main thread stack size used in this run was 8388608. ==4876== ==4876== HEAP SUMMARY: ==4876== in use at exit: 218,301 bytes in 2,901 blocks ==4876== total heap usage: 4,753 allocs, 1,852 frees, 1,494,281 bytes allocated ==4876== ==4876== LEAK SUMMARY: ==4876== definitely lost: 0 bytes in 0 blocks ==4876== indirectly lost: 0 bytes in 0 blocks ==4876== possibly lost: 30,951 bytes in 111 blocks ==4876== still reachable: 187,350 bytes in 2,790 blocks ==4876== suppressed: 0 bytes in 0 blocks ==4876== Rerun with --leak-check=full to see details of leaked memory ==4876== ==4876== For counts of detected and suppressed errors, rerun with: -v ==4876== Use --track-origins=yes to see where uninitialised values come from ==4876== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Segmentation fault
id_000008,sig_11,src_000219,op_havoc,rep_2
Description: Binary data
