fix apk_blob_pull_csum to always initialize apk_checksum

Fixes #10686 to not use uninitialized value in the error paths.

(cherry picked from commit 7b76182f39c4b42f4bb498b7cc75384a36afd855)

1 files changed, 6 insertions, 9 deletions

diff --git a/src/blob.c b/src/blob.c
index 2b6769a..718278c 100644
--- a/src/blob.c
+++ b/src/blob.c
@@ -472,18 +472,14 @@ void apk_blob_pull_csum(apk_blob_t *b, struct apk_checksum *csum)
 {
 	int encoding;
 
-	if (unlikely(APK_BLOB_IS_NULL(*b)))
-		return;
-
-	if (unlikely(b->len < 2)) {
-		*b = APK_BLOB_NULL;
-		return;
-	}
+	if (unlikely(APK_BLOB_IS_NULL(*b))) goto fail;
+	if (unlikely(b->len < 2)) goto fail;
 
 	if (dx(b->ptr[0]) != 0xff) {
 		/* Assume MD5 for backwards compatibility */
 		csum->type = APK_CHECKSUM_MD5;
 		apk_blob_pull_hexdump(b, APK_BLOB_CSUM(*csum));
+		if (unlikely(APK_BLOB_IS_NULL(*b))) goto fail;
 		return;
 	}
 
@@ -493,8 +489,7 @@ void apk_blob_pull_csum(apk_blob_t *b, struct apk_checksum *csum)
 		csum->type = APK_CHECKSUM_SHA1;
 		break;
 	default:
-		*b = APK_BLOB_NULL;
-		return;
+		goto fail;
 	}
 	b->ptr += 2;
 	b->len -= 2;
@@ -507,7 +502,9 @@ void apk_blob_pull_csum(apk_blob_t *b, struct apk_checksum *csum)
 		apk_blob_pull_base64(b, APK_BLOB_CSUM(*csum));
 		break;
 	default:
+	fail:
 		*b = APK_BLOB_NULL;
+		csum->type = APK_CHECKSUM_NONE;
 		break;
 	}
 }