From 54f24ec5486bdacde9419466a2c27defaddf508e Mon Sep 17 00:00:00 2001
From: Lubos Kardos <lkardos@redhat.com>
Date: Mon, 21 Sep 2015 11:02:45 +0200
Subject: [PATCH] Fix reading a memory right after the end of an allocated
area.
The problem evinced itself when somebody tried to use the macro
expansion on the string "%!". The problem was revealed by compiling
with "--fsanitize=memory" (rhbz:#1260248).
---
rpmio/macro.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rpmio/macro.c b/rpmio/macro.c
index 46e6b87..4b3c41b 100644
--- a/rpmio/macro.c
+++ b/rpmio/macro.c
@@ -993,7 +993,7 @@ expandMacro(MacroBuf mb, const char *src, size_t slen)
chkexist = 0;
switch ((c = *s)) {
default: /* %name substitution */
- while (strchr("!?", *s) != NULL) {
+ while (*s != '\0' && strchr("!?", *s) != NULL) {
switch(*s++) {
case '!':
negate = ((negate + 1) % 2);
--
1.9.3