Blame rpm-4.13.0-rpmtd-out-of-bounds.patch
|
Lubos Kardos |
177601 |
From b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab Mon Sep 17 00:00:00 2001
|
|
Lubos Kardos |
177601 |
From: Lubos Kardos <lkardos@redhat.com>
|
|
Lubos Kardos |
177601 |
Date: Mon, 25 Apr 2016 13:31:08 +0200
|
|
Lubos Kardos |
177601 |
Subject: [PATCH 1/2] Fix reading rpmtd behind its size in formatValue()
|
|
Lubos Kardos |
177601 |
(rhbz:1316896)
|
|
Lubos Kardos |
177601 |
|
|
Lubos Kardos |
177601 |
When it is read from index higher than size of rpmtd, return "(none)".
|
|
Lubos Kardos |
177601 |
---
|
|
Lubos Kardos |
177601 |
lib/headerfmt.c | 2 +-
|
|
Lubos Kardos |
177601 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Lubos Kardos |
177601 |
|
|
Lubos Kardos |
177601 |
diff --git a/lib/headerfmt.c b/lib/headerfmt.c
|
|
Lubos Kardos |
177601 |
index fb29d6f..f6fd707 100644
|
|
Lubos Kardos |
177601 |
--- a/lib/headerfmt.c
|
|
Lubos Kardos |
177601 |
+++ b/lib/headerfmt.c
|
|
Lubos Kardos |
177601 |
@@ -623,7 +623,7 @@ static char * formatValue(headerSprintfArgs hsa, sprintfTag tag, int element)
|
|
Lubos Kardos |
177601 |
char * t, * te;
|
|
Lubos Kardos |
177601 |
rpmtd td;
|
|
Lubos Kardos |
177601 |
|
|
Lubos Kardos |
177601 |
- if ((td = getData(hsa, tag->tag))) {
|
|
Lubos Kardos |
177601 |
+ if ((td = getData(hsa, tag->tag)) && td->count > element) {
|
|
Lubos Kardos |
177601 |
td->ix = element; /* Ick, use iterators instead */
|
|
Lubos Kardos |
177601 |
val = tag->fmt(td);
|
|
Lubos Kardos |
177601 |
} else {
|
|
Lubos Kardos |
177601 |
--
|
|
Lubos Kardos |
177601 |
1.9.3
|
|
Lubos Kardos |
177601 |
|