-- Subject: Crash with file-5.28/libmagic and rpmbuild

| Hi,
| 
| interesting crash with libmagic from file-5.28 used by rpmbuild or better
| its librpmbuild.so.3.  See attached backtrace.  It looks like strlcpy()
| runs on a NULL pointer as source.  As well as it is not clrear why an
| ascii file like apefooter_8h__incl.md5 with a MD5 sum without line terminat=
| or
| does cause the libmagic to do an uncompress:
| 
|  file /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/pa=
| ckages/libtag-devel/html/apefooter_8h__incl.md5
|  /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/package=
| s/libtag-devel/html/apefooter_8h__incl.md5: ASCII text, with no line termin=
| ators
| 

It has been fixed on HEAD:

Best,

christos

Index: src/compress.c
===================================================================
RCS file: /p/file/cvsroot/file/src/compress.c,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- src/compress.c  13 May 2016 23:02:28 -0000      1.97
+++ src/compress.c  28 Jun 2016 16:38:26 -0000      1.98
@@ -517,7 +517,7 @@
 
 	return OKDATA;
 err:
-	strlcpy((char *)*newch, z.msg, bytes_max);
+	strlcpy((char *)*newch, z.msg ? z.msg : zError(rc), bytes_max);
 	*n = strlen((char *)*newch);
 	return ERRDATA;
 }