From e7f2f13a6de2ea4eb8a9881502eae48383933784 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Fri, 25 Oct 2019 18:04:55 +0200 Subject: [PATCH] Handle incomplete escape seq in queryformat (RhBug:1755230) Previously, we assumed a backslash character would always be followed by a character to be escaped, and advanced our "start" pointer by two places before the next iteration. However, this assumption breaks if the lonely backslash happens to be the last character in the query string, in which case we would end up pointing beyond the \0 and let the parser wander into the unknown, possibly crashing later. This commit ensures we detect this corner case and error out gracefully with a message. --- lib/headerfmt.c | 4 ++++ tests/rpmquery.at | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/headerfmt.c b/lib/headerfmt.c index 7c0da1bd92..f4c249a26c 100644 --- a/lib/headerfmt.c +++ b/lib/headerfmt.c @@ -469,6 +469,10 @@ static int parseFormat(headerSprintfArgs hsa, char * str, if (*start == '\\') { start++; + if (*start == '\0') { + hsaError(hsa, _("escaped char expected after \\")); + goto errxit; + } *dst++ = escapedChar(*start++); } else { *dst++ = *start++; diff --git a/tests/rpmquery.at b/tests/rpmquery.at index 0dc6d78b65..36c62339ae 100644 --- a/tests/rpmquery.at +++ b/tests/rpmquery.at @@ -849,4 +849,19 @@ runroot rpm \ 355 355 ], []) +AT_CLEANUP + +# ------------------------------ +AT_SETUP([incomplete escape sequence for format query]) +AT_KEYWORDS([query]) +AT_CHECK([ +runroot rpm \ + --queryformat='%{NAME}\n\' \ + -qp /data/RPMS/foo-1.0-1.noarch.rpm +], +[0], +[], +[error: incorrect format: escaped char expected after \ +], +) AT_CLEANUP \ No newline at end of file