- Prevents buffer overflow in case of ridiculous field width specifiers
like --qf "%
100000000000000000000000000{name}". There's another similar
static-sized buffer in rpmtdFormat() but there we're not dealing
with user-speficied format strings so its okay even if ugly.
- The format string handling wants a bigger overhaul but this makes
for a nice little backportable patch for starters.
char * val = NULL;
size_t need = 0;
char * t, * te;
- char buf[20];
+ char buf[strlen(tag->format) + 3]; /* extra for '%', fmt char and '\0' */
rpmtd td;
memset(buf, 0, sizeof(buf));