pkg/39276: pkg_admin rebuild-tree crash (pkgtools/pkg_install)

[qhwt+nbsd%les.ath.cx@localhost]

>Number:         39276
>Category:       pkg
>Synopsis:       pkg_admin rebuild-tree crash (pkgtools/pkg_install)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 03 08:55:00 +0000 2008
>Originator:     YONETANI Tomokazu
>Release:        
>Organization:
>Environment:
DragonFly firebolt.here 2.0.0-RELEASE DragonFly 2.0.0-RELEASE #0: Sun Aug  3 
16:30:55 JST 2008     
dragonfly%firebolt.here@localhost:/var/obj/R2_0/home/source/dragonfly/R2_0/src/sys/FIREBOLT.SMP
  i386
>Description:
pkg_admin, part of pkgtools/pkg_install package, crashed when I issued 
`rebuild-tree' command.  add_depends_of() passes a variable `plist' to 
read_plist() without first initializing it, which gets dereferenced later on in 
add_plist().
>How-To-Repeat:
It's an uninitialized pointer dereference, so it may not always reproduce 
depending on your environment.

  pkg_admin rebuild-tree some-non-important-package

>Fix:
Initialize plist before call to read_plist.

--- a/pkgtools/pkg_install/files/admin/main.c
+++ b/pkgtools/pkg_install/files/admin/main.c
@@ -310,6 +310,7 @@ add_depends_of(const char *pkgname, void *cookie)
        package_t plist;
        char *path;
 
+       plist.head = plist.tail = NULL;
        path = pkgdb_pkg_file(pkgname, CONTENTS_FNAME);
        if ((fp = fopen(path, "r")) == NULL)
                errx(EXIT_FAILURE, "Cannot read %s of package %s",