From 8de2ab6b4d9dc4683d71e9ed7fa3fc8e98682227 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sun, 19 Aug 2012 14:43:15 -0500
Subject: [PATCH] dependency: avoid exploitable (!) use of uninitialized length
 values introduced in commit 0ab3b32255

---
 dependency.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/dependency.c b/dependency.c
index 806e505..a8ac2f5 100644
--- a/dependency.c
+++ b/dependency.c
@@ -105,7 +105,7 @@ pkg_dependency_parse_str(pkg_dependency_t *deplist_head, const char *depends)
 	pkg_dependency_t *deplist = NULL;
 	pkg_comparator_t compare = PKG_ANY;
 	char buf[PKG_BUFSIZE];
-	size_t package_sz, version_sz;
+	size_t package_sz = 0, version_sz = 0;
 	char *start = buf;
 	char *ptr = buf;
 	char *vstart = NULL;
@@ -172,6 +172,8 @@ pkg_dependency_parse_str(pkg_dependency_t *deplist_head, const char *depends)
 					deplist_head = deplist;
 
 				compare = PKG_ANY;
+				package_sz = 0;
+				version_sz = 0;
 			}
 
 			break;
@@ -250,6 +252,8 @@ pkg_dependency_parse_str(pkg_dependency_t *deplist_head, const char *depends)
 					deplist_head = deplist;
 
 				compare = PKG_ANY;
+				package_sz = 0;
+				version_sz = 0;
 			}
 
 			if (state == OUTSIDE_MODULE)