Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: rhel-10.0.beta
Affects Version/s: rhel-10.0.beta
Component/s: rpm
Labels:
- dev+
- patch+
- qe+

Fixed in Build:
rpm-4.19.1.1-3.el10
Regression:
None
Severity:
Moderate

Pool Team:

rhel-sst-cs-software-management
Sub-System Group:

ssg_core_services

Dev Target Milestone:
24
Internal Target Milestone:
26
Story Points:
None
Target Version:

rhel-10.0.beta
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Acceptance Criteria:
Hide

AC: Issue from the OpenScanHub mentioned in the description is fixed.

Test: Manual verification

Find the build here: https://cov01.lab.eng.brq2.redhat.com/osh/task/

Compare the results with old build (in this case here: https://cov01.lab.eng.brq2.redhat.com/osh/task/412838/log/rpm-4.16.1.3-25.el9/scan-results.err)

Verify that the Error from description is in the old OpenScanHub run, but not the new one.
Show
AC: Issue from the OpenScanHub mentioned in the description is fixed. Test: Manual verification Find the build here: https://cov01.lab.eng.brq2.redhat.com/osh/task/ Compare the results with old build (in this case here: https://cov01.lab.eng.brq2.redhat.com/osh/task/412838/log/rpm-4.16.1.3-25.el9/scan-results.err ) Verify that the Error from description is in the old OpenScanHub run, but not the new one.
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/136294
Test Coverage:

Automated

Release Note Type:
Release Note Not Required

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Findings from https://issues.redhat.com/browse/RHEL-22390:

Error: UNINIT (CWE-457):
rpm-4.16.1.3/lib/rpmscript.c:274: var_decl: Declaring variable "inpipe" without initializer.
rpm-4.16.1.3/lib/rpmscript.c:398: uninit_use: Using uninitialized value "inpipe[0]".

396| fclose(in);
397|
398|-> if (inpipe[0])
399| close(inpipe[0]);
400|

inpipe can be uninitialized in the case writing the to-be-executed scriptlet to the disk failed. Closing a random file descriptor could have weird effects of course.

clones

RHEL-22604 Potential use of unitialized variable in scriptlet execution

Closed

links to

RHBA-2024:136294 rpm bug fix and enhancement update

Assignee:: Michal Domonkos

Reporter:: Panu Matilainen

Developer:: packaging-team-maint

QA Contact:: Tomas Bajer

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/08/12 4:05 PM

Updated:: 2024/09/23 2:37 PM

Dev Target end:: 2024/08/12

Target end:: 2024/08/26

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates