- Fix sigsegv in stringFormat()
- resolves: #1316903 - Fix reading rpmtd behind its size in formatValue() - resolves: #1316896
This commit is contained in:
parent
367ec3f990
commit
165614f3dd
|
@ -0,0 +1,27 @@
|
|||
From b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Mon, 25 Apr 2016 13:31:08 +0200
|
||||
Subject: [PATCH 1/2] Fix reading rpmtd behind its size in formatValue()
|
||||
(rhbz:1316896)
|
||||
|
||||
When it is read from index higher than size of rpmtd, return "(none)".
|
||||
---
|
||||
lib/headerfmt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/headerfmt.c b/lib/headerfmt.c
|
||||
index fb29d6f..f6fd707 100644
|
||||
--- a/lib/headerfmt.c
|
||||
+++ b/lib/headerfmt.c
|
||||
@@ -623,7 +623,7 @@ static char * formatValue(headerSprintfArgs hsa, sprintfTag tag, int element)
|
||||
char * t, * te;
|
||||
rpmtd td;
|
||||
|
||||
- if ((td = getData(hsa, tag->tag))) {
|
||||
+ if ((td = getData(hsa, tag->tag)) && td->count > element) {
|
||||
td->ix = element; /* Ick, use iterators instead */
|
||||
val = tag->fmt(td);
|
||||
} else {
|
||||
--
|
||||
1.9.3
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
From cddf43a56f19711866371f02f378dc4095b0fadd Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Mon, 25 Apr 2016 14:38:47 +0200
|
||||
Subject: [PATCH 2/2] Fix sigsegv in stringFormat() (rhbz:1316903)
|
||||
|
||||
Just skip duping of NULL and return it. Returned NULL is handled in
|
||||
upper layer.
|
||||
---
|
||||
lib/formats.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/formats.c b/lib/formats.c
|
||||
index e3626ed..bad0b2d 100644
|
||||
--- a/lib/formats.c
|
||||
+++ b/lib/formats.c
|
||||
@@ -44,9 +44,12 @@ static char * stringFormat(rpmtd td)
|
||||
case RPM_NUMERIC_CLASS:
|
||||
rasprintf(&val, "%" PRIu64, rpmtdGetNumber(td));
|
||||
break;
|
||||
- case RPM_STRING_CLASS:
|
||||
- val = xstrdup(rpmtdGetString(td));
|
||||
+ case RPM_STRING_CLASS: {
|
||||
+ const char *str = rpmtdGetString(td);
|
||||
+ if (str)
|
||||
+ val = xstrdup(str);
|
||||
break;
|
||||
+ }
|
||||
case RPM_BINARY_CLASS:
|
||||
val = pgpHexStr(td->data, td->count);
|
||||
break;
|
||||
--
|
||||
1.9.3
|
||||
|
8
rpm.spec
8
rpm.spec
|
@ -27,7 +27,7 @@
|
|||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: %{?snapver:0.%{snapver}.}16%{?dist}
|
||||
Release: %{?snapver:0.%{snapver}.}17%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
|
||||
|
@ -68,6 +68,8 @@ Patch110: rpm-4.12.0-Fix-Python3-import.patch
|
|||
Patch111: rpm-4.12.x-weakdeps-manpage.patch
|
||||
Patch112: rpm-4.12.0-fix-crash-on-corrupted.patch
|
||||
Patch113: rpm-4.12.0-unlimited-macro-expand.patch
|
||||
Patch114: rpm-4.13.0-rpmtd-out-of-bounds.patch
|
||||
Patch115: rpm-4.13.0-stringFormat-sigsegv.patch
|
||||
|
||||
# These are not yet upstream
|
||||
Patch302: rpm-4.7.1-geode-i686.patch
|
||||
|
@ -552,6 +554,10 @@ exit 0
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Mon Apr 25 2016 Lubos Kardos <lkardos@redhat.com> - 4.12.0.1-17
|
||||
- Fix sigsegv in stringFormat() (#1316903)
|
||||
- Fix reading rpmtd behind its size in formatValue() (#1316896)
|
||||
|
||||
* Mon Feb 29 2016 Lubos Kardos <lkardos@redhat.com> - 4.12.0.1-16
|
||||
- Fix problems caused by the changes done in the previous version
|
||||
|
||||
|
|
Loading…
Reference in New Issue