From 331afbf2b6b32582b29ceadcd37b43a4f905b7f4 Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Mon, 5 Aug 2024 14:40:57 +0200
Subject: [PATCH] Skip to hashed subpacket data directly

Make OpenScanHub grok the bigger picture here, instead of producing a
spurious overrun warning for v->hashlen when we're dereferencing p
later.

No functional change.

Resolves: RHEL-22607
---
 rpmio/rpmpgp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index d0688ebe9..6a7049954 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -618,10 +618,9 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen,
 	pgpPrtVal(" ", pgpSigTypeTbl, v->sigtype);
 	pgpPrtNL();
 
-	p = &v->hashlen[0];
 	if (pgpGet(v->hashlen, sizeof(v->hashlen), h + hlen, &plen))
 	    return 1;
-	p += sizeof(v->hashlen);
+	p = h + sizeof(*v);
 
 	if ((p + plen) > (h + hlen))
 	    return 1;
-- 
2.45.2