30 lines
911 B
Diff
30 lines
911 B
Diff
|
From 54f24ec5486bdacde9419466a2c27defaddf508e Mon Sep 17 00:00:00 2001
|
||
|
From: Lubos Kardos <lkardos@redhat.com>
|
||
|
Date: Mon, 21 Sep 2015 11:02:45 +0200
|
||
|
Subject: [PATCH] Fix reading a memory right after the end of an allocated
|
||
|
area.
|
||
|
|
||
|
The problem evinced itself when somebody tried to use the macro
|
||
|
expansion on the string "%!". The problem was revealed by compiling
|
||
|
with "--fsanitize=memory" (rhbz:#1260248).
|
||
|
---
|
||
|
rpmio/macro.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/rpmio/macro.c b/rpmio/macro.c
|
||
|
index 46e6b87..4b3c41b 100644
|
||
|
--- a/rpmio/macro.c
|
||
|
+++ b/rpmio/macro.c
|
||
|
@@ -993,7 +993,7 @@ expandMacro(MacroBuf mb, const char *src, size_t slen)
|
||
|
chkexist = 0;
|
||
|
switch ((c = *s)) {
|
||
|
default: /* %name substitution */
|
||
|
- while (strchr("!?", *s) != NULL) {
|
||
|
+ while (*s != '\0' && strchr("!?", *s) != NULL) {
|
||
|
switch(*s++) {
|
||
|
case '!':
|
||
|
negate = ((negate + 1) % 2);
|
||
|
--
|
||
|
1.9.3
|
||
|
|