Fixed stack overflow on RPM with 121 008 objects

rpm-5.4.10-trigtrans_avoid_alloca_as_stack_overflows.patch

@@ -0,0 +1,76 @@
+diff -pNaur rpm-rosa.orig/lib/psm.c rpm-rosa/lib/psm.c
+--- rpm-rosa.orig/lib/psm.c	2017-12-06 16:44:00.000000000 +1000
++++ rpm-rosa/lib/psm.c	2017-12-06 19:17:32.499534079 +1000
+@@ -1904,7 +1904,8 @@ static rpmRC runScriptTriggersLoop(rpmps
+     rpmfi fi = NULL;
+     rpmds sourceDs = memset(alloca(sizeof(*sourceDs)), 0, sizeof(*sourceDs));
+     char * depName = NULL;
+-    char * evr;
++    char * evr = NULL;
++    char * evr_allocated = NULL;
+     char * ptr = NULL;
+     ARGI_t instances = NULL;
+     rpmmi mi;
+@@ -1920,15 +1921,26 @@ static rpmRC runScriptTriggersLoop(rpmps
+     else
+ 	n = ts->orderCount;
+ 
+-    evr = memset(alloca(n * 64 * sizeof(*evr)), 0, n * 64 * sizeof(*evr));
+-    ptr = evr;
+     sourceDs->tagN = tagno;
+     sourceDs->Type = tagName(tagno);
+     sourceDs->Count = n;
+     sourceDs->i = -1;
+-    sourceDs->N = memset(alloca(n * sizeof(*sourceDs->N)), 0, n * sizeof(*sourceDs->N));
+-    sourceDs->EVR = memset(alloca(n * sizeof(*sourceDs->EVR)), 0, n * sizeof(*sourceDs->EVR));
+-    sourceDs->Flags = (evrFlags *) memset(alloca(n * sizeof(*sourceDs->Flags)), 0, n * sizeof(*sourceDs->Flags));
++
++    /* Avoid stack allocation as it overflows */
++    rc = RPMRC_FAIL;
++    ptr = evr = evr_allocated = calloc(n * 64, sizeof(*evr));
++    if (!evr_allocated)
++	goto exit_free;
++    sourceDs->N = calloc(n, sizeof(*sourceDs->N));
++    if (!sourceDs->N)
++	goto exit_free;
++    sourceDs->EVR = calloc(n, sizeof(*sourceDs->EVR));
++    if (!sourceDs->EVR)
++	goto exit_free;
++    sourceDs->Flags = calloc(n, sizeof(*sourceDs->Flags));
++    if (!sourceDs->Flags)
++	goto exit_free;
++    rc = RPMRC_OK;
+ 
+     pi = rpmtsiInit(ts);
+     while ((p = rpmtsiNext(pi, psm->goal == PSM_PKGINSTALL ? TR_ADDED : TR_REMOVED)) != NULL) {
+@@ -1957,7 +1969,7 @@ static rpmRC runScriptTriggersLoop(rpmps
+     pi = rpmtsiFree(pi);
+ 
+     if (sourceDs->i == -1)
+-	return rc;
++	goto exit_free;
+ 
+     /* Fire elements against rpmdb trigger strings. */
+     for(sourceDs->i = 0; sourceDs->i < (int)sourceDs->Count; sourceDs->i++) {
+@@ -1968,7 +1980,7 @@ static rpmRC runScriptTriggersLoop(rpmps
+ 
+ 
+ 	if (!depName || !*depName)
+-	    return rc;
++	    goto exit_free;
+ 
+ 	if (_psm_debug)
+ 	    rpmlog(RPMLOG_DEBUG, "--> %s:%d depName: %s tagno: %d ix: %d\n", __FUNCTION__, __LINE__, depName, tagno, sourceDs->i);
+@@ -2014,6 +2026,12 @@ static rpmRC runScriptTriggersLoop(rpmps
+ 
+     instances = argiFree(instances);
+ 
++exit_free:
++    free(sourceDs->Flags);
++    free(sourceDs->EVR);
++    free(sourceDs->N);
++    free(evr_allocated);
++
+     return rc;
+ }
+ 

rpm.spec

@@ -61,7 +61,7 @@ Summary:	The RPM package management system
 Name:		rpm
 Epoch:		1
 Version:	%{libver}.%{minorver}
-Release:	%{?prereldate:0.%{prereldate}.}76
+Release:	%{?prereldate:0.%{prereldate}.}77
 License:	LGPLv2.1+
 Group:		System/Configuration/Packaging
 Url:		http://rpm5.org/
@@ -476,6 +476,9 @@ Patch219:	rpm-5.4.14-rubygems2-support.patch
 Patch220:	rpm-5.4.14-fix-dependency-generation-when-ruby_version-is-empty.patch
 Patch221:	rpm-5.4.14-rubygems2.2-support.patch
 
+# alloca fails with 121 008 objects
+Patch222:	rpm-5.4.10-trigtrans_avoid_alloca_as_stack_overflows.patch
+
 # ROSA stuff
 Patch501:	rpm-5.3.12.vendor.ROSA.patch
 # Restore RPM_PACKAGE_NAME export as it's still used by aot-compile-rpm
@@ -1170,6 +1173,8 @@ This package contains the RPM API documentation generated in HTML format.
 %patch220 -p1 -b .no_ruby_version~
 %patch221 -p1 -b .rubygems2.2~
 
+%patch222 -p1 -b .trigtrans-fix-alloca~
+
 %patch501 -p1 -b .rosa_vendor~
 %patch502 -p1 -b .package_name~
 %patch503 -p1 -b .specspo~