When a new struct magic_set is created as the handle to the calling application (in magic_open), the "file" char * is not NULLified. This causes unexplained segfaults in other apps that don't properly have their magic.mgc file created, i.e. in app-arch/rpm-4.4.6-r3. The file pointer is some random value, so when file_magwarn tries to report a missing magic.mgc file, for example, it tries to print ms->file, which is NULL, and the segfault occurs. I have submitted a patch that fixes the problem and allows file to properly tell the user that they are missing a magic.mgc file, instead of just crashing outright. We could also just bzero the struct magic_set after it is malloc'ed. Reproducible: Always Steps to Reproduce: 1. Try to build an rpm using rpmbuild with the current portage tree. It segfaults with no explanation. 2. Or just try to use any app that uses magic_open on an unexisting magic.mgc file, it will segfault. Hopefully you won't need to reproduce the problem, though. It's just bad practice in file's "magic.c" source code to not initialize the pointer properly, and then expect it to be set when an error occurs. --- src/magic.c.orig 2007-01-26 11:00:41.310878002 -0700 +++ src/magic.c 2007-01-26 10:42:51.569916935 -0700 @@ -110,6 +110,7 @@ ms->haderr = 0; ms->error = -1; ms->mlist = NULL; + ms->file = NULL; return ms; free3: free(ms->o.pbuf);
looks sane to me ... added to 4.19-r1 and mailed upstream, cheers