1 --- rpm-5.4.9/rpmio/mire.c.str_nul~ 2012-04-16 05:21:22.000000000 +0200
2 +++ rpm-5.4.9/rpmio/mire.c 2012-05-15 03:20:14.361970779 +0200
3 @@ -415,11 +415,10 @@ int mireRegexec(miRE mire, const char *
5 /* XXX rpmgrep: ensure that the string is NUL terminated. */
7 - if (val[vallen] != '\0') {
8 - char * t = strncpy((char *)alloca(vallen+1), val, vallen);
12 + /* if (val[vallen] != '\0') might go outside of allocated memory */
13 + char * t = strncpy(alloca(vallen+1), val, vallen);
19 @@ -466,6 +465,13 @@ int mireRegexec(miRE mire, const char *
21 if (mire->pattern == NULL)
23 + /* XXX rpmgrep: ensure that the string is NUL terminated. */
25 + /* if (val[vallen] != '\0') might go outside of allocated memory */
26 + char * t = strncpy(alloca(vallen+1), val, vallen);
30 rc = fnmatch(mire->pattern, val, mire->fnflags);
32 case 0: rc = 0; /*@innerbreak@*/ break;