From 8d081f77b9d240c889a62b66c454cde68ca73d0a Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 12 Feb 2025 15:25:11 +0200
Subject: [PATCH] Fix potential segfault in file trigger code

The latter packageHashGetEntry() could cause 'te' set to NULL and
consequently crash when indexed later. This was indirectly fixed in
e0633683d5380d0bd3e264dea2a8f07ba5fd5262, this is a separate backport.

Suggested-by: Michael Schroeder <mls@suse.de>

Fixes: #3500
---
 lib/rpmtriggers.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
index 6552cf8cf7..c1deef4b65 100644
--- a/lib/rpmtriggers.c
+++ b/lib/rpmtriggers.c
@@ -230,7 +230,8 @@ typedef struct matchFilesIter_s {
 static rpmfiles rpmtsNextFiles(matchFilesIter mfi)
 {
     Header h;
-    rpmte *te;
+    rpmte *tes;
+    rpmte te = NULL;
     rpmfiles files = NULL;
     rpmstrPool pool = mfi->ts->members->pool;
     int ix;
@@ -240,21 +241,23 @@ static rpmfiles rpmtsNextFiles(matchFilesIter mfi)
     if (ix < rpmdbGetIteratorCount(mfi->pi)) {
 	offset = rpmdbGetIteratorOffsetFor(mfi->pi, ix);
 	if (packageHashGetEntry(mfi->ts->members->removedPackages, offset,
-				&te, NULL, NULL)) {
+				&tes, NULL, NULL)) {
 	    /* Files are available in memory */
-	    files  = rpmteFiles(te[0]);
+	    te = tes[0];
+	    files  = rpmteFiles(te);
 	}
 
 	if (packageHashGetEntry(mfi->ts->members->installedPackages, offset,
-				&te, NULL, NULL)) {
+				&tes, NULL, NULL)) {
 	    /* Files are available in memory */
-	    files  = rpmteFiles(te[0]);
+	    te = tes[0];
+	    files  = rpmteFiles(te);
 	}
     }
 
     if (files) {
 	rpmdbSetIteratorIndex(mfi->pi, ix + 1);
-	mfi->pkgname = rpmteN(te[0]);
+	mfi->pkgname = rpmteN(te);
     } else {
 	/* Files are not available in memory. Read them from rpmdb */
 	h = rpmdbNextIterator(mfi->pi);