Fix use-after-free error in hashtab.c

This file has been completely removed upstream in the meantime (as part
of the debuginfo tooling split off in commit 04b0805) so this patch will
only be carried downstream.

The issue here was that htab->entries would be freed at the end of
htab_expand() if the htab->return_allocation_failure toggle was 0, and
later accessed in the calling function(s).

In reality, though, the toggle is initialized to 1 and never turned off
in the current implementation, but let's future-proof ourselves in case
we inadvertently turn it off in a future patch.

Found by Coverity.

Related: #1938861

rpm-4.16.1.3-hashtab-use-after-free-fix.patch

@@ -0,0 +1,13 @@
+diff -up rpm-4.16.1.3/tools/hashtab.c.orig rpm-4.16.1.3/tools/hashtab.c
+--- rpm-4.16.1.3/tools/hashtab.c.orig	2021-07-01 14:51:24.576237269 +0200
++++ rpm-4.16.1.3/tools/hashtab.c	2021-07-01 15:02:42.005754968 +0200
+@@ -292,7 +292,8 @@ htab_expand (htab)
+     }
+   while (p < olimit);
+ 
+-  free (oentries);
++  if (oentries != htab->entries)
++    free(oentries);
+   return 1;
+ }
+ 

rpm.spec

@@ -84,6 +84,9 @@ Patch914: 0004-NFC-debugedit-Move-code-to-separate-functions.patch
 Patch915: 0005-debugedit-Implement-DWARF-5-unit-header-and-new-form.patch
 Patch916: 0006-debugedit-Handle-DWARF-5-debug_line-and-debug_line_s.patch
 
+# Downstream-only patches
+Patch1000: rpm-4.16.1.3-hashtab-use-after-free-fix.patch
+
 # Partially GPL/LGPL dual-licensed and some bits with BSD
 # SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
 License: GPLv2+