The existing low level sanity test on tag data type in a header checks only
that the data type is within range.
What is *NOT* not checked is that a header tag has the expected type. An
unexpected data type can cause many issues at higher API levels.
Replacing (and possibly backporting) the existing sanity range check using the
expected type is a necessary precursor to any improvement to data typing in
rpm, and also -- if done while a header is being loaded -- hardens *.rpm
headers from fuzzing attacks and makes high level checks on type unnecessary
when accessing header tag data.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Rpm-maint mailing list