-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-10.1, rhel-9.7
-
None
-
None
-
Low
-
FutureFeature
-
rhel-swm
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
The rpm command can enter a non-terminating, high-CPU state when querying packages that contain malformed or excessively large metadata fields using the %{*:xml} query formatter.
This behavior is triggered at query time and does not require RPM database corruption or invalid system state. Once the formatter enters this condition, the rpm process does not respond to SIGINT or SIGTERM and must be terminated using SIGKILL. This can block automation, scanning tools, and build pipelines that rely on rpm queries.
While third-party vendors are responsible for correct packaging, rpm is a foundational system tool and should handle malformed or pathological metadata defensively rather than hanging indefinitely.
Operational Impact
• rpm query processes may hang indefinitely
• Dependent tooling (asset scans, security scans, CI pipelines) can cascade into failure
• Requires external timeouts or SIGKILL to recover
• Presents a potential denial-of-service condition when malformed RPM metadata is installed unintentionally
Steps to Reproduce
1. Prepare build environment
# dnf install -y rpm-build
# mkdir -p ~/rpmbuild/{SPECS,SOURCES}
2. Create oversized metadata payload
# python3 - << 'EOF' with open("large_desc.txt", "w") as f: f.write("A" * 50_000_000) # 50 MB description EOF
# mv large_desc.txt ~/rpmbuild/SOURCES/
3. Create SPEC file with oversized metadata
# cat ~/rpmbuild/SPECS/metadata-stress.spec
Name: metadata-stress
Version: 1.0
Release: 1%{?dist}
Summary: Metadata stress test package
License: GPL
Source0: large_desc.txt
%description
%{lua:
local f = io.open(rpm.expand("%{SOURCE0}"), "r")
local data = f:read("*all")
f:close()
print(data)
}
%prep
%build
%install
mkdir -p %{buildroot}/usr/share/metadata-stress
echo test > %{buildroot}/usr/share/metadata-stress/testfile
%files
/usr/share/metadata-stress/testfile
4. Build and install the package
# rpmbuild -ba ~/rpmbuild/SPECS/metadata-stress.spec # dnf install -y ~/rpmbuild/RPMS/*/metadata-stress-1.0-1*.rpm
5. Trigger the hang
# rpm -q --queryformat '[%{*:xml}]' metadata-stress-1.0-1.el9.x86_64
Actual Results
• rpm enters a non-terminating state
• CPU usage spikes (~80% observed)
• SIGINT and SIGTERM are ignored
• Process must be terminated using SIGKILL or job control stop
• rpm remains resident and does not make forward progress
Expected Results
• rpm should fail gracefully with a clear error when encountering malformed or oversized metadata
• or enforce parser limits during XML formatting
• or abort XML generation without hanging indefinitely
Notes
• No rpmdb corruption is involved
• Standard rpm queries without %{*:xml} do not exhibit this behavior
• This RFE requests improved defensive handling and robustness, not a change in rpm semantics
