folkslinux
/
rpm
mirror of https://github.com/rpm-software-management/rpm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix memory allocation for token array 

This fixes a memory corruption due to write access out of
bounds of token array, whose size was computed incorrectly.
It was assumed that only '%' characters separate tokens,
which could lead to crashes on useless uses of '[' tokens,
such as "rpm -qa --qf '[]lalala'".
This commit is contained in:
Lubomir Rintel 2009-06-23 00:49:17 +02:00 committed by Panu Matilainen
parent d8071161f9
commit 52e4b9bcac
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/headerfmt.c
View File

@ -296,7 +296,7 @@ static int parseFormat(headerSprintfArgs hsa, char * str,
numTokens = 0;
if (str != NULL)
for (chptr = str; *chptr != '\0'; chptr++)
if (*chptr == '%') numTokens++;
if (*chptr == '%' || *chptr == '[') numTokens++;
numTokens = numTokens * 2 + 1;
format = xcalloc(numTokens, sizeof(*format));