doFoo() contains this:
```
if (expand) {
(void) expandThis(mb, g, gn, &buf);
} else {
buf = xmalloc(MACROBUFSIZ + fn + gn);
buf[0] = '\0';
}
```
If `expand` is true (which is the default), expandThis() will allocate the
buffer, rounding up the size of the allocated buffer to MACROBUFSIZ.
The code further down in doFoo() expects that the arg can fit *twice* in the
buffer, which is not true if the arg is large enough.
Example: Put this in your .rpmmacros file:
```
%xx1
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
%xx2 %xx1%xx1
%xx3 %xx2%xx2
%xx4 %xx3%xx3
%xx5 %xx4%xx4
%xx6 %xx5%xx5
```
Then:
```
$ rpm --eval '%{S:%xx6}'
*** Error in `rpm': double free or corruption (!prev): 0x0000000001eaae70 ***
Abort (core dumped)
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1019_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
