Description of Problem: There is a typo in rpmio/macro.c in the grabArgs() function. This typo causes segmentation faults due to a NULL pointer dereference. Here is the patch: diff -Nur rpm-4.0.2.orig/rpmio/macro.c rpm-4.0.2/rpmio/macro.c --- rpm-4.0.2.orig/rpmio/macro.c Thu Jan 18 17:47:25 2001 +++ rpm-4.0.2/rpmio/macro.c Thu Jun 28 17:47:08 2001 @@ -801,7 +801,7 @@ /* Build argv array */ argv = (const char **) alloca((argc + 1) * sizeof(char *)); be[-1] = ' '; /* be - 1 == b + strlen(b) == buf + strlen(buf) */ - buf[0] = '\0'; + be[0] = '\0'; b = buf; for (c = 0; c < argc; c++) { argv[c] = b; Setting *buf to NUL erases the first character of the macro name. It also causes buf, and by proxy, b, to be empty strings. Thus, argv[0] becomes an empty string. The subsequent call to strchr(b, ' ') returns NULL (obviously, since b is empty), and the dereference of b on the line after causes rpmb to seg fault. I believe this bug would affect any parameterized macro. I would supply a simple test case, but it would take me longer to construct one than it should take for someone to look at the code and realize the typo.... :-)
Yup. Fixed in rpm-4.0.3 something.