From bcf4823505adc4c33d8bf722ceafaaaac1727637 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Fri, 25 Oct 2019 18:04:55 +0200 Subject: Handle incomplete escape seq in queryformat (RhBug:1755230) Previously, we assumed a backslash character would always be followed by a character to be escaped, and advanced our "start" pointer by two places before the next iteration. However, this assumption breaks if the lonely backslash happens to be the last character in the query string, in which case we would end up pointing beyond the \0 and let the parser wander into the unknown, possibly crashing later. This commit ensures we detect this corner case and error out gracefully with a message. (cherry picked from commit 1cb3be0009fbfd5549844ec361cc1ae5efa9c153) (cherry picked from commit c634836db4dcbbf31cdc6b55224b3a95245ad744) --- lib/headerfmt.c | 4 ++++ tests/rpmquery.at | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/headerfmt.c b/lib/headerfmt.c index 1f6390b5e..781a78e41 100644 --- a/lib/headerfmt.c +++ b/lib/headerfmt.c @@ -469,6 +469,10 @@ static int parseFormat(headerSprintfArgs hsa, char * str, if (*start == '\\') { start++; + if (*start == '\0') { + hsaError(hsa, _("escaped char expected after \\")); + goto errxit; + } *dst++ = escapedChar(*start++); } else { *dst++ = *start++; diff --git a/tests/rpmquery.at b/tests/rpmquery.at index 0dc6d78b6..36c62339a 100644 --- a/tests/rpmquery.at +++ b/tests/rpmquery.at @@ -849,4 +849,19 @@ runroot rpm \ 355 355 ], []) +AT_CLEANUP + +# ------------------------------ +AT_SETUP([incomplete escape sequence for format query]) +AT_KEYWORDS([query]) +AT_CHECK([ +runroot rpm \ + --queryformat='%{NAME}\n\' \ + -qp /data/RPMS/foo-1.0-1.noarch.rpm +], +[0], +[], +[error: incorrect format: escaped char expected after \ +], +) AT_CLEANUP \ No newline at end of file -- cgit v1.2.1