diff options
Diffstat (limited to 'backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch')
| -rw-r--r-- | backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch b/backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch new file mode 100644 index 0000000..69a0dc7 --- /dev/null +++ b/backport-Fix-a-theoretical-use-of-uninitialized-struct-member.patch @@ -0,0 +1,31 @@ +From 656fe42af1d497c35769c740fcc98950e1455bad Mon Sep 17 00:00:00 2001 +From: Panu Matilainen <pmatilai@redhat.com> +Date: Wed, 24 Jan 2024 12:44:34 +0200 +Subject: [PATCH] Fix a theoretical use of uninitialized struct members + +If rpmScriptFromTriggerTag() was called with tm other than the three +handled cases in the switch, the rpmtd_s structs would be uninitialized +and weird things could happen. The value of tm is hardwired in all the +existing callers AFAICS but the extra safety doesn't hurt either. + +Discovered by static analysis in RHEL. +--- + lib/rpmscript.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/rpmscript.c b/lib/rpmscript.c +index b18f851a3..3f6313278 100644 +--- a/lib/rpmscript.c ++++ b/lib/rpmscript.c +@@ -641,6 +641,8 @@ rpmScript rpmScriptFromTriggerTag(Header h, rpmTagVal triggerTag, + headerGet(h, RPMTAG_TRANSFILETRIGGERSCRIPTFLAGS, &tflags, hgflags); + prefix = "transfile"; + break; ++ default: ++ return NULL; + } + + if (rpmtdSetIndex(&tscripts, ix) >= 0 && rpmtdSetIndex(&tprogs, ix) >= 0) { +-- +2.33.0 + |