Blame rpm-4.13.0-memory-error.patch
|
Lubos Kardos |
c235b19 |
From 54f24ec5486bdacde9419466a2c27defaddf508e Mon Sep 17 00:00:00 2001
|
|
Lubos Kardos |
c235b19 |
From: Lubos Kardos <lkardos@redhat.com>
|
|
Lubos Kardos |
c235b19 |
Date: Mon, 21 Sep 2015 11:02:45 +0200
|
|
Lubos Kardos |
c235b19 |
Subject: [PATCH] Fix reading a memory right after the end of an allocated
|
|
Lubos Kardos |
c235b19 |
area.
|
|
Lubos Kardos |
c235b19 |
|
|
Lubos Kardos |
c235b19 |
The problem evinced itself when somebody tried to use the macro
|
|
Lubos Kardos |
c235b19 |
expansion on the string "%!". The problem was revealed by compiling
|
|
Lubos Kardos |
c235b19 |
with "--fsanitize=memory" (rhbz:#1260248).
|
|
Lubos Kardos |
c235b19 |
---
|
|
Lubos Kardos |
c235b19 |
rpmio/macro.c | 2 +-
|
|
Lubos Kardos |
c235b19 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Lubos Kardos |
c235b19 |
|
|
Lubos Kardos |
c235b19 |
diff --git a/rpmio/macro.c b/rpmio/macro.c
|
|
Lubos Kardos |
c235b19 |
index 46e6b87..4b3c41b 100644
|
|
Lubos Kardos |
c235b19 |
--- a/rpmio/macro.c
|
|
Lubos Kardos |
c235b19 |
+++ b/rpmio/macro.c
|
|
Lubos Kardos |
c235b19 |
@@ -993,7 +993,7 @@ expandMacro(MacroBuf mb, const char *src, size_t slen)
|
|
Lubos Kardos |
c235b19 |
chkexist = 0;
|
|
Lubos Kardos |
c235b19 |
switch ((c = *s)) {
|
|
Lubos Kardos |
c235b19 |
default: /* %name substitution */
|
|
Lubos Kardos |
c235b19 |
- while (strchr("!?", *s) != NULL) {
|
|
Lubos Kardos |
c235b19 |
+ while (*s != '\0' && strchr("!?", *s) != NULL) {
|
|
Lubos Kardos |
c235b19 |
switch(*s++) {
|
|
Lubos Kardos |
c235b19 |
case '!':
|
|
Lubos Kardos |
c235b19 |
negate = ((negate + 1) % 2);
|
|
Lubos Kardos |
c235b19 |
--
|
|
Lubos Kardos |
c235b19 |
1.9.3
|
|
Lubos Kardos |
c235b19 |
|