Red Hat Bugzilla – Bug 161091
overflow in macro expansion if last character is a '%'
Last modified: 2007-11-30 17:11:08 EST
From Bugzilla Helper:
Description of problem:
The macro expansion code skip '%' to find the macro name, but don't check if
this one is the latest character of the string. It result the macro expansion
continue after the end of the query.
Version-Release number of selected component (if applicable):
rpm-4.4.1 (cvs included)
Steps to Reproduce:
1. on command line: rpm --eval '%' or whatever ending by a '%'
2. if nothing wrong appear, try to use some --define to change memory pointer
Actual Results: The result is unpredictible
Expected Results: '%' should return '%'.
Of course, rpm can crash, depending of the pointer location.
Created attachment 115695 [details]
check next character is not NULL
This patch add a check of next character before skipping '%', is next one is
NULL, don't skip it.
CHecked into cvs, should be in rpm-4.4.2-0.8 when built. Thanks for the patch.