On Wed, Aug 27, 2008 at 09:16:50AM -0400, Jeff Johnson wrote:
> >Damaged headers are due to FILESTATES from older rpmdb.
> >
> >rpmdb/header.c (regionSwab):
> >   522      for (; il > 0; il--, pe++) {
> >   523          struct indexEntry_s ie;
> >   524          rpmTagType type;
> >   525
> >   526          ie.info.tag = (rpmuint32_t) ntohl(pe->tag);
> >   527          ie.info.type = (rpmuint32_t) ntohl(pe->type);
> >   528          ie.info.count = (rpmuint32_t) ntohl(pe->count);
> >   529          ie.info.offset = (rpmint32_t) ntohl(pe->offset);
> >   530  assert(ie.info.offset >= 0);    /* XXX insurance */
> >   531
> >Bails out right here:
> >   532          if (hdrchkType(ie.info.type))
> >   533              return 0;
> >   534          if (hdrchkData(ie.info.count))
> >   535              return 0;
> >   536          if (hdrchkData(ie.info.offset))
> >   537              return 0;
> >   538          if (hdrchkAlign(ie.info.type, ie.info.offset))
> >   539              return 0;
> >
> >Older FILESTATES have type RPM_CHAR_TYPE (= 1), and new value
> >for RPM_MIN_TYPE is 2, which is RPM_UINT8_TYPE.
> 
> Nice catch! Changing RPM_MIN_TYPE back to 1 is the obvious fix.
> 
> However, I do wonder why this has not been reported before. AFAICT
> the issue should have been very very loud and obvious.

This apparently means that rpm5 is not that widely used.  
Perhaps you should call for yet more major distributions.

> What was the full calling context where the problem was seen?

It goes like this:

$ ./rpm -q -vvv --whatprovides /a
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Basenames rdonly mode=0x0
error: rpmdb: damaged header #625 retrieved -- skipping.
error: rpmdb: damaged header #625 retrieved -- skipping.
D: opening  db index       /var/lib/rpm/Providename rdonly mode=0x0
file /a: No such file or directory
D: closed   db index       /var/lib/rpm/Providename
D: closed   db index       /var/lib/rpm/Basenames
D: closed   db index       /var/lib/rpm/Packages
$ ./rpm -q -vvv --whatprovides /bin/cat
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Basenames rdonly mode=0x0
error: rpmdb: damaged header #90 retrieved -- skipping.
error: rpmdb: damaged header #90 retrieved -- skipping.
error: rpmdb: damaged header #531 retrieved -- skipping.
error: rpmdb: damaged header #585 retrieved -- skipping.
error: rpmdb: damaged header #1101 retrieved -- skipping.
error: rpmdb: damaged header #1173 retrieved -- skipping.
D: opening  db index       /var/lib/rpm/Providename rdonly mode=0x0
file /bin/cat is not owned by any package
D: closed   db index       /var/lib/rpm/Providename
D: closed   db index       /var/lib/rpm/Basenames
D: closed   db index       /var/lib/rpm/Packages
$ 

(I don't know why --whatprovides is special; simple -q queries
whithout join-key lookup work fine.)

Actually it was an infinite loop with ever increasing mi->mi_setx
and all signals blocked, so I thought that first I had to fix that
infinite loop.  And then it was some printf-style debugging; the
surprising thing is that printf debuggins sometimes goes faster than
gdb breakpoints etc.