MillaFleurs created an issue (rpm-software-management/rpm#4203)
**Describe the bug**
Commit ```47b005e67ab9e00539d03bf53de837f0613e7130``` went through to start
using rpmUndefineMacro() API instead of rpmPopMacro() to implement error
checking.
**To Reproduce**
Check the following files and line numbers:
* rpmio/rpmlua.cc (line 1326):
```cpp
if (lua_isnil(L, 3)) {
if (**rpmPopMacro(*mc, name)**)
luaL_error(L, "error undefining macro %s", name);
} else {
```
* python/rpmmacro-py.c (line 32):
```c
rpmPopMacro(NULL, name);
```
**Expected behavior**
Review original commit using
``` $ git show --stat 47b005e67ab9e00539d03bf53de837f0613e7130 ```
Results:
```
commit 47b005e67ab9e00539d03bf53de837f0613e7130
Author: Panu Matilainen <[email protected]>
Date: Thu Mar 5 13:38:38 2026 +0200
Fix rpm --undefine and Lua rpm.undefine() bypassing sanity checks
Use the new rpmUndefineMacro() API for the "user exposed" parts to
get the error checking we need. Add tests for the case of undefining
built-in macros.
Fixes: #2314
lib/poptALL.cc | 3 ++-
rpmio/rpmlua.cc | 3 ++-
tests/rpmmacro.at | 17 +++++++++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
```
Both of these sites seem to be public facing and should be subject to sanity
checks. Other instances of ```rpmPopMacro()``` appear to be internal only and
do not need fixing. For instance, lib/transaction.cc (line 1517) is inside
disabled if code. If interested I can provide these.
**Additional context**
**Note:** These bugs found using the [N184 Bug and Software Vulnerability
Scanner](https://github.com/MillaFleurs/N184). Actual bug report and fixes
checked by me, a human.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/4203
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/[email protected]>_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
