Patchwork [1/1] rpm: fix rpm2cpio segmentation fault

login
register
mail settings
Submitter Kang Kai
Date Feb. 28, 2013, 7:34 a.m.
Message ID <c100eba8e21c76e85e5250020c0b1d68c96e02d9.1362035905.git.kai.kang@windriver.com>
Download mbox | patch
Permalink /patch/45263/
State New
Headers show

Comments

Kang Kai - Feb. 28, 2013, 7:34 a.m.
When run rpm2cpio, it fails with segmentation fault. The root cause is
no macro "_db_path" defined, when query its value get nothing then
cause segment fault.

Add patch to parse macro files first to fix this problem.

[YOCTO #3656]

Signed-off-by: Kang Kai <kai.kang@windriver.com>
---
 .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch  |   24 ++++++++++++++++++++
 meta/recipes-devtools/rpm/rpm_5.4.9.bb             |    3 +-
 2 files changed, 26 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
Mark Hatle - Feb. 28, 2013, 2:34 p.m.
On 2/28/13 1:34 AM, Kang Kai wrote:
> When run rpm2cpio, it fails with segmentation fault. The root cause is
> no macro "_db_path" defined, when query its value get nothing then
> cause segment fault.
>
> Add patch to parse macro files first to fix this problem.
>
> [YOCTO #3656]
>
> Signed-off-by: Kang Kai <kai.kang@windriver.com>
> ---
>   .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch  |   24 ++++++++++++++++++++
>   meta/recipes-devtools/rpm/rpm_5.4.9.bb             |    3 +-
>   2 files changed, 26 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>
> diff --git a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
> new file mode 100644
> index 0000000..b43a64e
> --- /dev/null
> +++ b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
> @@ -0,0 +1,24 @@
> +Upstream-Status: Pending
> +
> +rpm2cpio fails on target with "Segmentation fault". Because no "_dbpath"
> +defined, when query it will cause seg fault.
> +Parse macro files first to fix this bug.
> +
> +[YOCTO #3656]
> +
> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
> +
> +--- rpm-5.4.9/tools/rpm2cpio.c.orig	2013-02-28 13:14:12.453540767 +0800
> ++++ rpm-5.4.9/tools/rpm2cpio.c	2013-02-28 15:09:41.685785192 +0800
> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
> + 	(void) rpmtsSetVSFlags(ts, vsflags);
> +
> + 	/*@-mustmod@*/      /* LCL: segfault */
> ++	rc = rpmReadConfigFiles(NULL, NULL);
> ++	if (rc) {
> ++		fprintf(stderr, _("read RPM config files failed\n"));
> ++		exit(EXIT_FAILURE);
> ++	}
> + 	rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
> + 	/*@=mustmod@*/
> +

In the RPM2CPIO case, I'm not sure that we want to exit here.  It's certainly 
reasonable for the config files to be unavailable to us.

If the problem is that _dbpath is undefined (and it's needed for some reason), 
my suggestion is that "some value" be defined, even if it's to a non-existent 
location.  It's be even better if we could simply avoid using the _dbpath at all 
in the rpm2cpio code.

(Note, to folks reading this.  Normally in oe-core, if we use rpm2cpio, we're 
actually using a shell script version which does not have this problem.  The 
rpm2cpio -binary- is used by people on the target or sometimes via the SDK to 
extract SRPM or RPM packages...)

> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
> index 39b0481..fcfbde8 100644
> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>   LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>
>   DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
> -PR = "r61"
> +PR = "r62"
>
>   # rpm2cpio is a shell script, which is part of the rpm src.rpm.  It is needed
>   # in order to extract the distribution SRPM into a format we can extract...
> @@ -85,6 +85,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>   	   file://rpm-reloc-macros.patch \
>   	   file://rpm-platform2.patch \
>        file://rpm-remove-sykcparse-decl.patch \
> +	   file://rpm2cpio-fix-segmentation-fault.patch \
>   	  "
>
>   # Uncomment the following line to enable platform score debugging
>
Kang Kai - March 12, 2013, 5:57 a.m.
On 2013?02?28? 22:34, Mark Hatle wrote:
> On 2/28/13 1:34 AM, Kang Kai wrote:
>> When run rpm2cpio, it fails with segmentation fault. The root cause is
>> no macro "_db_path" defined, when query its value get nothing then
>> cause segment fault.
>>
>> Add patch to parse macro files first to fix this problem.
>>
>> [YOCTO #3656]
>>
>> Signed-off-by: Kang Kai <kai.kang@windriver.com>
>> ---
>> .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch | 24 
>> ++++++++++++++++++++
>> meta/recipes-devtools/rpm/rpm_5.4.9.bb | 3 +-
>> 2 files changed, 26 insertions(+), 1 deletions(-)
>> create mode 100644 
>> meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>
>> diff --git 
>> a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch 
>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>> new file mode 100644
>> index 0000000..b43a64e
>> --- /dev/null
>> +++ 
>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>> @@ -0,0 +1,24 @@
>> +Upstream-Status: Pending
>> +
>> +rpm2cpio fails on target with "Segmentation fault". Because no 
>> "_dbpath"
>> +defined, when query it will cause seg fault.
>> +Parse macro files first to fix this bug.
>> +
>> +[YOCTO #3656]
>> +
>> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
>> +
>> +--- rpm-5.4.9/tools/rpm2cpio.c.orig 2013-02-28 13:14:12.453540767 +0800
>> ++++ rpm-5.4.9/tools/rpm2cpio.c 2013-02-28 15:09:41.685785192 +0800
>> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
>> + (void) rpmtsSetVSFlags(ts, vsflags);
>> +
>> + /*@-mustmod@*/ /* LCL: segfault */
>> ++ rc = rpmReadConfigFiles(NULL, NULL);
>> ++ if (rc) {
>> ++ fprintf(stderr, _("read RPM config files failed\n"));
>> ++ exit(EXIT_FAILURE);
>> ++ }
>> + rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
>> + /*@=mustmod@*/
>> +
>

Hi Mark,

Sorry for missed this mail.

> In the RPM2CPIO case, I'm not sure that we want to exit here. It's 
> certainly reasonable for the config files to be unavailable to us.

How about just give warning without quit when read configure files fails?

>
> If the problem is that _dbpath is undefined (and it's needed for some 
> reason), my suggestion is that "some value" be defined, even if it's 
> to a non-existent location. It's be even better if we could simply 
> avoid using the _dbpath at all in the rpm2cpio code.

The segment fault occurs on executing rpmReadPackageFile(). It is a 
library function in rpmdb/package.c. And it finally calls rpmdbNew(), 
and in rpmdbNew() it calls:

db->db_home = rpmdbURIPath( (home && *home ? home : _DB_HOME) );

home passed in is NULL, and _DB_HOME is defined by:

#define _DB_HOME "%{?_dbpath}"

Then segment fault occurs with xstrdup() because no value is definedfor 
_dbpath then it tries to xstrdup() a NULL value in rpmdbURIPath().

That is why I think parse configure files first in rpm2cpio is the way 
to fix the issue.

Regards,
Kai

>
> (Note, to folks reading this. Normally in oe-core, if we use rpm2cpio, 
> we're actually using a shell script version which does not have this 
> problem. The rpm2cpio -binary- is used by people on the target or 
> sometimes via the SDK to extract SRPM or RPM packages...)
>
>> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb 
>> b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>> index 39b0481..fcfbde8 100644
>> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>> LIC_FILES_CHKSUM = 
>> "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>>
>> DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
>> -PR = "r61"
>> +PR = "r62"
>>
>> # rpm2cpio is a shell script, which is part of the rpm src.rpm. It is 
>> needed
>> # in order to extract the distribution SRPM into a format we can 
>> extract...
>> @@ -85,6 +85,7 @@ SRC_URI = 
>> "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>> file://rpm-reloc-macros.patch \
>> file://rpm-platform2.patch \
>> file://rpm-remove-sykcparse-decl.patch \
>> + file://rpm2cpio-fix-segmentation-fault.patch \
>> "
>>
>> # Uncomment the following line to enable platform score debugging
>>
>
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>
Mark Hatle - March 12, 2013, 3:30 p.m.
On 3/12/13 12:57 AM, Kang Kai wrote:
> On 2013?02?28? 22:34, Mark Hatle wrote:
>> On 2/28/13 1:34 AM, Kang Kai wrote:
>>> When run rpm2cpio, it fails with segmentation fault. The root cause is
>>> no macro "_db_path" defined, when query its value get nothing then
>>> cause segment fault.
>>>
>>> Add patch to parse macro files first to fix this problem.
>>>
>>> [YOCTO #3656]
>>>
>>> Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>> ---
>>> .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch | 24
>>> ++++++++++++++++++++
>>> meta/recipes-devtools/rpm/rpm_5.4.9.bb | 3 +-
>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>> create mode 100644
>>> meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>
>>> diff --git
>>> a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> new file mode 100644
>>> index 0000000..b43a64e
>>> --- /dev/null
>>> +++
>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>> @@ -0,0 +1,24 @@
>>> +Upstream-Status: Pending
>>> +
>>> +rpm2cpio fails on target with "Segmentation fault". Because no
>>> "_dbpath"
>>> +defined, when query it will cause seg fault.
>>> +Parse macro files first to fix this bug.
>>> +
>>> +[YOCTO #3656]
>>> +
>>> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>> +
>>> +--- rpm-5.4.9/tools/rpm2cpio.c.orig 2013-02-28 13:14:12.453540767 +0800
>>> ++++ rpm-5.4.9/tools/rpm2cpio.c 2013-02-28 15:09:41.685785192 +0800
>>> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
>>> + (void) rpmtsSetVSFlags(ts, vsflags);
>>> +
>>> + /*@-mustmod@*/ /* LCL: segfault */
>>> ++ rc = rpmReadConfigFiles(NULL, NULL);
>>> ++ if (rc) {
>>> ++ fprintf(stderr, _("read RPM config files failed\n"));
>>> ++ exit(EXIT_FAILURE);
>>> ++ }
>>> + rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
>>> + /*@=mustmod@*/
>>> +
>>
>
> Hi Mark,
>
> Sorry for missed this mail.
>
>> In the RPM2CPIO case, I'm not sure that we want to exit here. It's
>> certainly reasonable for the config files to be unavailable to us.
>
> How about just give warning without quit when read configure files fails?

We shouldn't even need a warning.  When rpm2cpio is used on a target, much of 
the time there is no associated RPM in use (or if it's available, there likely 
isn't a database/home configured.)

>>
>> If the problem is that _dbpath is undefined (and it's needed for some
>> reason), my suggestion is that "some value" be defined, even if it's
>> to a non-existent location. It's be even better if we could simply
>> avoid using the _dbpath at all in the rpm2cpio code.
>
> The segment fault occurs on executing rpmReadPackageFile(). It is a
> library function in rpmdb/package.c. And it finally calls rpmdbNew(),
> and in rpmdbNew() it calls:
>
> db->db_home = rpmdbURIPath( (home && *home ? home : _DB_HOME) );
>
> home passed in is NULL, and _DB_HOME is defined by:
>
> #define _DB_HOME "%{?_dbpath}"

Instead of a warning above, if we were unable to load the database 
configuration, can we just set the value of _dbpath to be "/tmp"?  This should 
provide a valid 'home' path for any temp files, as well as avoid any load 
problems.  If there is a configuration available, we can use it.

> Then segment fault occurs with xstrdup() because no value is definedfor
> _dbpath then it tries to xstrdup() a NULL value in rpmdbURIPath().
>
> That is why I think parse configure files first in rpm2cpio is the way
> to fix the issue.
>
> Regards,
> Kai
>
>>
>> (Note, to folks reading this. Normally in oe-core, if we use rpm2cpio,
>> we're actually using a shell script version which does not have this
>> problem. The rpm2cpio -binary- is used by people on the target or
>> sometimes via the SDK to extract SRPM or RPM packages...)
>>
>>> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> index 39b0481..fcfbde8 100644
>>> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>>> LIC_FILES_CHKSUM =
>>> "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>>>
>>> DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
>>> -PR = "r61"
>>> +PR = "r62"
>>>
>>> # rpm2cpio is a shell script, which is part of the rpm src.rpm. It is
>>> needed
>>> # in order to extract the distribution SRPM into a format we can
>>> extract...
>>> @@ -85,6 +85,7 @@ SRC_URI =
>>> "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>>> file://rpm-reloc-macros.patch \
>>> file://rpm-platform2.patch \
>>> file://rpm-remove-sykcparse-decl.patch \
>>> + file://rpm2cpio-fix-segmentation-fault.patch \
>>> "
>>>
>>> # Uncomment the following line to enable platform score debugging
>>>
>>
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>
>
Kang Kai - April 12, 2013, 9:18 a.m.
On 2013?03?12? 23:30, Mark Hatle wrote:
> On 3/12/13 12:57 AM, Kang Kai wrote:
>> On 2013?02?28? 22:34, Mark Hatle wrote:
>>> On 2/28/13 1:34 AM, Kang Kai wrote:
>>>> When run rpm2cpio, it fails with segmentation fault. The root cause is
>>>> no macro "_db_path" defined, when query its value get nothing then
>>>> cause segment fault.
>>>>
>>>> Add patch to parse macro files first to fix this problem.
>>>>
>>>> [YOCTO #3656]
>>>>
>>>> Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>>> ---
>>>> .../rpm/rpm/rpm2cpio-fix-segmentation-fault.patch | 24
>>>> ++++++++++++++++++++
>>>> meta/recipes-devtools/rpm/rpm_5.4.9.bb | 3 +-
>>>> 2 files changed, 26 insertions(+), 1 deletions(-)
>>>> create mode 100644
>>>> meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>>
>>>> diff --git
>>>> a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> new file mode 100644
>>>> index 0000000..b43a64e
>>>> --- /dev/null
>>>> +++
>>>> b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
>>>> @@ -0,0 +1,24 @@
>>>> +Upstream-Status: Pending
>>>> +
>>>> +rpm2cpio fails on target with "Segmentation fault". Because no
>>>> "_dbpath"
>>>> +defined, when query it will cause seg fault.
>>>> +Parse macro files first to fix this bug.
>>>> +
>>>> +[YOCTO #3656]
>>>> +
>>>> +Signed-off-by: Kang Kai <kai.kang@windriver.com>
>>>> +
>>>> +--- rpm-5.4.9/tools/rpm2cpio.c.orig 2013-02-28 13:14:12.453540767 
>>>> +0800
>>>> ++++ rpm-5.4.9/tools/rpm2cpio.c 2013-02-28 15:09:41.685785192 +0800
>>>> +@@ -88,6 +88,11 @@ int main(int argc, char **argv)
>>>> + (void) rpmtsSetVSFlags(ts, vsflags);
>>>> +
>>>> + /*@-mustmod@*/ /* LCL: segfault */
>>>> ++ rc = rpmReadConfigFiles(NULL, NULL);
>>>> ++ if (rc) {
>>>> ++ fprintf(stderr, _("read RPM config files failed\n"));
>>>> ++ exit(EXIT_FAILURE);
>>>> ++ }
>>>> + rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
>>>> + /*@=mustmod@*/
>>>> +
>>>
>>
>> Hi Mark,
>>
>> Sorry for missed this mail.
>>
>>> In the RPM2CPIO case, I'm not sure that we want to exit here. It's
>>> certainly reasonable for the config files to be unavailable to us.
>>
>> How about just give warning without quit when read configure files 
>> fails?
>
> We shouldn't even need a warning.  When rpm2cpio is used on a target, 
> much of the time there is no associated RPM in use (or if it's 
> available, there likely isn't a database/home configured.)
>
>>>
>>> If the problem is that _dbpath is undefined (and it's needed for some
>>> reason), my suggestion is that "some value" be defined, even if it's
>>> to a non-existent location. It's be even better if we could simply
>>> avoid using the _dbpath at all in the rpm2cpio code.
>>
>> The segment fault occurs on executing rpmReadPackageFile(). It is a
>> library function in rpmdb/package.c. And it finally calls rpmdbNew(),
>> and in rpmdbNew() it calls:
>>
>> db->db_home = rpmdbURIPath( (home && *home ? home : _DB_HOME) );
>>
>> home passed in is NULL, and _DB_HOME is defined by:
>>
>> #define _DB_HOME "%{?_dbpath}"
>

Hi Mark,

> Instead of a warning above, if we were unable to load the database 
> configuration, can we just set the value of _dbpath to be "/tmp"?  
> This should provide a valid 'home' path for any temp files, as well as 
> avoid any load problems.  If there is a configuration available, we 
> can use it.

More vars found need to be set with a value. When run rpm2cpio, it calls 
rpmReadPackageFile() to open the rpm file, and then do some read and 
test work. When call rpmVerifySignature() it calls rpmdbOpen() and 
finally calls db3new(). In function db3new() in rpmdb/dbconfig.c around 
line 485, vars "_dbi_config_*" are expanded and var "_dbi_config" is 
asserted not to be NULL. But without parsing the macros file, assertion 
fails. "_dbi_config" is a complicated var and seems can not be set directly.

Would you like to give more help?

Thanks,
Kai

>
>> Then segment fault occurs with xstrdup() because no value is definedfor
>> _dbpath then it tries to xstrdup() a NULL value in rpmdbURIPath().
>>
>> That is why I think parse configure files first in rpm2cpio is the way
>> to fix the issue.
>>
>> Regards,
>> Kai
>>
>>>
>>> (Note, to folks reading this. Normally in oe-core, if we use rpm2cpio,
>>> we're actually using a shell script version which does not have this
>>> problem. The rpm2cpio -binary- is used by people on the target or
>>> sometimes via the SDK to extract SRPM or RPM packages...)
>>>
>>>> diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> index 39b0481..fcfbde8 100644
>>>> --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
>>>> @@ -43,7 +43,7 @@ LICENSE = "LGPLv2.1"
>>>> LIC_FILES_CHKSUM =
>>>> "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
>>>>
>>>> DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
>>>> -PR = "r61"
>>>> +PR = "r62"
>>>>
>>>> # rpm2cpio is a shell script, which is part of the rpm src.rpm. It is
>>>> needed
>>>> # in order to extract the distribution SRPM into a format we can
>>>> extract...
>>>> @@ -85,6 +85,7 @@ SRC_URI =
>>>> "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
>>>> file://rpm-reloc-macros.patch \
>>>> file://rpm-platform2.patch \
>>>> file://rpm-remove-sykcparse-decl.patch \
>>>> + file://rpm2cpio-fix-segmentation-fault.patch \
>>>> "
>>>>
>>>> # Uncomment the following line to enable platform score debugging
>>>>
>>>
>>>
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
>>>
>>
>
>

Patch

diff --git a/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
new file mode 100644
index 0000000..b43a64e
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpm2cpio-fix-segmentation-fault.patch
@@ -0,0 +1,24 @@ 
+Upstream-Status: Pending
+
+rpm2cpio fails on target with "Segmentation fault". Because no "_dbpath"
+defined, when query it will cause seg fault.
+Parse macro files first to fix this bug.
+
+[YOCTO #3656]
+
+Signed-off-by: Kang Kai <kai.kang@windriver.com>
+
+--- rpm-5.4.9/tools/rpm2cpio.c.orig	2013-02-28 13:14:12.453540767 +0800
++++ rpm-5.4.9/tools/rpm2cpio.c	2013-02-28 15:09:41.685785192 +0800
+@@ -88,6 +88,11 @@ int main(int argc, char **argv)
+ 	(void) rpmtsSetVSFlags(ts, vsflags);
+ 
+ 	/*@-mustmod@*/      /* LCL: segfault */
++	rc = rpmReadConfigFiles(NULL, NULL);
++	if (rc) {
++		fprintf(stderr, _("read RPM config files failed\n"));
++		exit(EXIT_FAILURE);
++	}
+ 	rc = rpmReadPackageFile(ts, fdi, "rpm2cpio", &h);
+ 	/*@=mustmod@*/
+ 
diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
index 39b0481..fcfbde8 100644
--- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb
+++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb
@@ -43,7 +43,7 @@  LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1"
 
 DEPENDS = "libpcre attr acl popt ossp-uuid file bison-native"
-PR = "r61"
+PR = "r62"
 
 # rpm2cpio is a shell script, which is part of the rpm src.rpm.  It is needed
 # in order to extract the distribution SRPM into a format we can extract...
@@ -85,6 +85,7 @@  SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex
 	   file://rpm-reloc-macros.patch \
 	   file://rpm-platform2.patch \
      file://rpm-remove-sykcparse-decl.patch \
+	   file://rpm2cpio-fix-segmentation-fault.patch \
 	  "
 
 # Uncomment the following line to enable platform score debugging