1 files changed, 38 insertions, 0 deletions

diff --git a/backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch b/backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch
new file mode 100644
index 0000000..af38276
--- /dev/null
+++ b/backport-Tip-toe-around-rpmfiFN-thin-ice-in-fsm.patch
@@ -0,0 +1,38 @@
+From 7bf818c8344ecbf0e14a26e6393582ae79df864e Mon Sep 17 00:00:00 2001
+From: Panu Matilainen <pmatilai@redhat.com>
+Date: Tue, 30 Jan 2024 15:04:03 +0200
+Subject: [PATCH] Tip-toe around rpmfiFN() thin ice in fsm
+
+Any pointer gotten from rpmfiFN() is only valid until the next
+rpmfiFN() call, and here the path can end up inside plugins which
+may have their own reasons for calling rpmfiFN(). At which point
+the dest we passed would be invalid. strdup() it to appease ASAN,
+but this needs a saner solution really.
+---
+ lib/fsm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/fsm.c b/lib/fsm.c
+index a54e43bae..36708acc3 100644
+--- a/lib/fsm.c
++++ b/lib/fsm.c
+@@ -736,7 +736,7 @@ static int fsmSetmeta(int fd, int dirfd, const char *path,
+ 		      int nofcaps)
+ {
+     int rc = 0;
+-    const char *dest = rpmfiFN(fi);
++    char *dest = xstrdup(rpmfiFN(fi));
+ 
+     if (!rc && !getuid()) {
+ 	rc = fsmChown(fd, dirfd, path, st->st_mode, st->st_uid, st->st_gid);
+@@ -756,6 +756,7 @@ static int fsmSetmeta(int fd, int dirfd, const char *path,
+ 					  fd, path, dest,
+ 					  st->st_mode, action);
+     }
++    free(dest);
+ 
+     return rc;
+ }
+-- 
+2.33.0
+