From 54f24ec5486bdacde9419466a2c27defaddf508e Mon Sep 17 00:00:00 2001
From: Lubos Kardos <lkardos@redhat.com>
Date: Mon, 21 Sep 2015 11:02:45 +0200
Subject: [PATCH] Fix reading a memory right after the end of an allocated
 area.

The problem evinced itself when somebody tried to use the macro
expansion on the string "%!". The problem was revealed by compiling
with "--fsanitize=memory" (rhbz:#1260248).
---
 rpmio/macro.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpmio/macro.c b/rpmio/macro.c
index 46e6b87..4b3c41b 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -993,7 +993,7 @@ expandMacro(MacroBuf mb, const char *src, size_t slen)
 	chkexist = 0;
 	switch ((c = *s)) {
 	default:		/* %name substitution */
-		while (strchr("!?", *s) != NULL) {
+		while (*s != '\0' && strchr("!?", *s) != NULL) {
 			switch(*s++) {
 			case '!':
 				negate = ((negate + 1) % 2);
-- 
1.9.3