automatic import of rpm

1 files changed, 29 insertions, 0 deletions

diff --git a/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
new file mode 100644
index 0000000..d237fa5
--- /dev/null
+++ b/backport-Avoid-reading-out-of-bounds-of-the-i18ntable.patch
@@ -0,0 +1,29 @@
+From db8fc1057e38839adc04e263fe255ce86cab9fa7 Mon Sep 17 00:00:00 2001
+From: Demi Marie Obenour <demi@invisiblethingslab.com>
+Date: Sat, 12 Feb 2022 13:46:28 -0500
+Subject: [PATCH] Avoid reading out of bounds of the i18ntable
+
+If the i18ntable was smaller than the i18nstring entry an out of bounds
+read could result.  This should not happen in a valid package, but even
+if RPM rejected such packages during load, this situation could still
+result as a result of usage of the RPM API.
+---
+ lib/header.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/header.c b/lib/header.c
+index 098ea5d..c939006 100644
+--- a/lib/header.c
++++ b/lib/header.c
+@@ -1311,7 +1311,7 @@ static int copyI18NEntry(Header h, indexEntry entry, rpmtd td,
+ 
+ 	/* For each entry in the header ... */
+ 	for (langNum = 0, t = table->data, ed = entry->data;
+-	     langNum < entry->info.count;
++	     langNum < entry->info.count && langNum < table->info.count;
+ 	     langNum++, t += strlen(t) + 1, ed += strlen(ed) + 1) {
+ 
+ 	    int match = headerMatchLocale(t, l, le);
+-- 
+1.8.3.1
+