fix a buffer overflow in the query function [#218983]
rh#212833

--- lib/query.c.orig	2006-11-24 13:24:30.000000000 +0000
+++ lib/query.c	2006-11-24 13:43:47.000000000 +0000
@@ -133,8 +133,10 @@ int showQueryPackage(QVA_t qva, rpmts ts
     int rc = 0;		/* XXX FIXME: need real return code */
     int nonewline = 0;
     int i;
+    size_t tsize;
 
-    te = t = xmalloc(BUFSIZ);
+    tsize = BUFSIZ * 2;
+    te = t = xmalloc(tsize);
 /*@-boundswrite@*/
     *te = '\0';
 /*@=boundswrite@*/
@@ -147,8 +149,9 @@ int showQueryPackage(QVA_t qva, rpmts ts
 	    size_t tb = (te - t);
 	    size_t sb = strlen(str);
 
-	    if (sb >= (BUFSIZ - tb)) {
-		t = xrealloc(t, BUFSIZ+sb);
+	    if (sb > 0) {
+		tsize += sb;
+		t = xrealloc(t, tsize);
 		te = t + tb;
 	    }
 /*@-boundswrite@*/
@@ -261,6 +264,13 @@ int showQueryPackage(QVA_t qva, rpmts ts
 	}
 /*@=boundswrite@*/
 
+	if (strlen(fn) + BUFSIZ > tsize) {
+	    size_t tb = (te - t);
+	    tsize = strlen(fn) + BUFSIZ * 2;
+	    t = xrealloc(t, tsize);
+	    te = t + tb;
+	}
+
 	if (qva->qva_flags & QUERY_FOR_DUMPFILES) {
 	    sprintf(te, "%s %d %d %s 0%o ", fn, (int)fsize, fmtime, fmd5, fmode);
 	    te += strlen(te);