What | Removed | Added |
---|---|---|
Status | NEW | RESOLVED |
Resolution | --- | WONTFIX |
The manifest reading code in rpm-4.18 is a bit... peculiar. It works by joining all the lines into one string and then splitting them again via a call to popt. Popt knows about quoting, so the single quote of the "didn't" is matched against the next single quote resulting in a quite long string. This string is then fed into rpm's internal glob implementation, which is a very outdated copy from the glibc implementation. This code then tries to expand any {} constructs, leading the quite a bit of recursion. Plus, the patterns are using stack space via "char onealt[strlen(pattern) - 1];". So it's not surprising that this runs into the stack limit. All this already has been fixed in rpm-upstream, so the upcoming rpm update for Fectory will no longer run into this. And as this is not a security problem I will not try to backport the (quite big) changeset.