Don't read/write after the string when the synthesis is slightly malformed

(backported from trunk)

2 files changed, 3 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 66a7c73..6de271b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
 - do not try to parse current pointer when the line is invalid or
   empty (detected by valgrind)
+- don't read/write after the string when the synthesis is slightly
+  malformed
 
 Version 3.40.1 - 28 June 2012
 
diff --git a/URPM.xs b/URPM.xs
index c3e95ff..a32bf49 100644
--- a/URPM.xs
+++ b/URPM.xs
@@ -1897,7 +1897,7 @@ Pkg_filename(pkg)
   if (pkg->info) {
     char *eon;
 
-    if ((eon = strchr(pkg->info, '@')) != NULL) {
+    if ((eon = strchr(pkg->info, '@')) != NULL && strlen(eon) >= 3) {
 	char savbuf[4];
 	memcpy(savbuf, eon, 4); /* there should be at least epoch and size described so (@0@0 minimum) */
 	memcpy(eon, ".rpm", 4);