If a sync DB is malformed and contains entries in the root of the archive, load_pkg_for_entry will leave the 'filename' variable empty, leading to a crash in the ensuing strcmp() calls which determine the DB fragment being examined. While this isn't a read error, this should be reported to the user so that it can be addressed by the creator of the DB. As seen: https://bbs.archlinux.org/viewtopic.php?pid=1297766 Signed-off-by: Dave Reisner <dreisner@archlinux.org> --- v3: ignore any changes to the existing catchall. lib/libalpm/be_sync.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/libalpm/be_sync.c b/lib/libalpm/be_sync.c index feda6f5..5cc3de3 100644 --- a/lib/libalpm/be_sync.c +++ b/lib/libalpm/be_sync.c @@ -561,6 +561,14 @@ static int sync_db_read(alpm_db_t *db, struct archive *archive, return -1; } + if(filename == NULL) { + /* A file exists outside of a subdirectory. This isn't a read error, so return + * success and try to continue on. */ + _alpm_log(db->handle, ALPM_LOG_WARNING, _("unknown database file: %s\n"), + filename); + return 0; + } + if(strcmp(filename, "desc") == 0 || strcmp(filename, "depends") == 0 || (strcmp(filename, "deltas") == 0 && db->handle->deltaratio > 0.0) ) { int ret; -- 1.8.3.2