From Bugzilla Helper: User-Agent: Description of problem: The macro expansion code skip '%' to find the macro name, but don't check if this one is the latest character of the string. It result the macro expansion continue after the end of the query. Version-Release number of selected component (if applicable): rpm-4.4.1 (cvs included) How reproducible: Always Steps to Reproduce: 1. on command line: rpm --eval '%' or whatever ending by a '%' 2. if nothing wrong appear, try to use some --define to change memory pointer Actual Results: The result is unpredictible Expected Results: '%' should return '%'. Additional info: Of course, rpm can crash, depending of the pointer location.
Created attachment 115695 [details] check next character is not NULL This patch add a check of next character before skipping '%', is next one is NULL, don't skip it.
CHecked into cvs, should be in rpm-4.4.2-0.8 when built. Thanks for the patch.