Description of Problem:

There is a typo in rpmio/macro.c in the grabArgs() function.  This typo
causes segmentation faults due to a NULL pointer dereference.  Here is the
patch:

diff -Nur rpm-4.0.2.orig/rpmio/macro.c rpm-4.0.2/rpmio/macro.c
--- rpm-4.0.2.orig/rpmio/macro.c     Thu Jan 18 17:47:25 2001
+++ rpm-4.0.2/rpmio/macro.c      Thu Jun 28 17:47:08 2001
@@ -801,7 +801,7 @@
     /* Build argv array */
     argv = (const char **) alloca((argc + 1) * sizeof(char *));
     be[-1] = ' ';      /*  be - 1 == b + strlen(b) == buf + strlen(buf)  
*/
-    buf[0] = '\0';
+    be[0] = '\0';
     b = buf;
     for (c = 0; c < argc; c++) {
        argv[c] = b;

Setting *buf to NUL erases the first character of the macro name.  It also
causes buf, and by proxy, b, to be empty strings.  Thus, argv[0] becomes
an empty string.  The subsequent call to strchr(b, ' ') returns NULL
(obviously, since b is empty), and the dereference of b on the line after
causes rpmb to seg fault.  I believe this bug would affect any
parameterized macro.

I would supply a simple test case, but it would take me longer to
construct one than it should take for someone to look at the code and
realize the typo....  :-)