From f07df94518c8e62dfd6d3e6e8b3bcda44aae0915 Mon Sep 17 00:00:00 2001
From: David Cantrell <dcantrell@redhat.com>
Date: Mon, 8 Apr 2024 14:25:29 -0400
Subject: [PATCH] Some static analysis fixes for uninitialized structs

  Resolves: RHEL-25498

Signed-off-by: David Cantrell <dcantrell@redhat.com>
---
 libsolv-0.7.24-static_analysis_fixes.patch | 34 ++++++++++++++++++++++
 libsolv.spec                               |  7 ++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 libsolv-0.7.24-static_analysis_fixes.patch

diff --git a/libsolv-0.7.24-static_analysis_fixes.patch b/libsolv-0.7.24-static_analysis_fixes.patch
new file mode 100644
index 0000000..d216c18
--- /dev/null
+++ b/libsolv-0.7.24-static_analysis_fixes.patch
@@ -0,0 +1,34 @@
+diff -up libsolv-0.7.24/ext/repo_rpmmd.c.orig libsolv-0.7.24/ext/repo_rpmmd.c
+--- libsolv-0.7.24/ext/repo_rpmmd.c.orig	2023-04-13 10:10:14.000000000 -0400
++++ libsolv-0.7.24/ext/repo_rpmmd.c	2024-04-08 14:00:05.923253315 -0400
+@@ -609,6 +609,8 @@ fill_cshash_from_new_solvables(struct pa
+   KeyValue kv;
+   Repokey *key;
+ 
++  memset(&kv, 0, sizeof(kv));
++
+   for (i = pd->first; i < pool->nsolvables; i++)
+     {
+       if (pool->solvables[i].repo != pd->repo)
+diff -up libsolv-0.7.24/ext/repo_susetags.c.orig libsolv-0.7.24/ext/repo_susetags.c
+--- libsolv-0.7.24/ext/repo_susetags.c.orig	2023-04-13 10:10:14.000000000 -0400
++++ libsolv-0.7.24/ext/repo_susetags.c	2024-04-08 14:00:50.560276418 -0400
+@@ -339,6 +339,7 @@ lookup_shared_id(Repodata *data, Id p, I
+   if (uninternalized)
+     {
+       KeyValue kv;
++      memset(&kv, 0, sizeof(kv));
+       Repokey *key = repodata_lookup_kv_uninternalized(data, p, keyname, &kv);
+       if (!key)
+         return 0;
+diff -up libsolv-0.7.24/ext/testcase.c.orig libsolv-0.7.24/ext/testcase.c
+--- libsolv-0.7.24/ext/testcase.c.orig	2023-04-13 10:10:14.000000000 -0400
++++ libsolv-0.7.24/ext/testcase.c	2024-04-08 14:12:49.660462318 -0400
+@@ -1497,6 +1497,7 @@ testcase_solverresult(Solver *solv, int
+   if ((resultflags & TESTCASE_RESULT_USERINSTALLED) != 0)
+     {
+       Queue q;
++      queue_init(&q);
+       solver_get_userinstalled(solv, &q, 0);
+       for (i = 0; i < q.count; i++)
+ 	{
diff --git a/libsolv.spec b/libsolv.spec
index e227c93..e369244 100644
--- a/libsolv.spec
+++ b/libsolv.spec
@@ -23,7 +23,7 @@
 
 Name:           lib%{libname}
 Version:        0.7.24
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        Package dependency solver
 
 License:        BSD
@@ -36,6 +36,7 @@ Patch3:         0003-Revert-Add-complex_deps-requirement-to-choice1b-test.patch
 Patch4:         0004-Revert-Add-more-choicerules-tests.patch
 Patch5:         0005-Treat-condition-both-as-positive-and-negative-litera.patch
 Patch6:         0006-Allow_break_arch_lock_step_on_erase.patch
+Patch7:         libsolv-0.7.24-static_analysis_fixes.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -262,6 +263,10 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %endif
 
 %changelog
+* Mon Apr 08 2024 David Cantrell <dcantrell@redhat.com> - 0.7.24-3
+- Some static analysis fixes for unitialized structs
+  Resolves: RHEL-25498
+
 * Wed Jun 21 2023 Jaroslav Rohel <jrohel@redhat.com> - 0.7.24-2
 - Backport Allow to break arch lock-step on erase operations (RhBug:2172288,2172292)