RPM Community Forums

Mailing List Message of <rpm-cvs>

[CVS] RPM: rpm/lib/ rpmlib.h rpmts.h rpm/rpmdb/ .splintrc Makefile.am ...

From: Jeff Johnson <jbj@rpm5.org>
Date: Sun 30 Sep 2007 - 19:29:07 CEST
Message-Id: <20070930172907.C7D6F34845F@rpm5.org>
  RPM Package Manager, CVS Repository
  http://rpm5.org/cvs/
  ____________________________________________________________________________

  Server: rpm5.org                         Name:   Jeff Johnson
  Root:   /v/rpm/cvs                       Email:  jbj@rpm5.org
  Module: rpm                              Date:   30-Sep-2007 19:29:07
  Branch: HEAD                             Handle: 2007093018290401

  Modified files:
    rpm                     system.h
    rpm/lib                 rpmlib.h rpmts.h
    rpm/rpmdb               .splintrc Makefile.am db3.c dbconfig.c fprint.c
                            hdrNVR.c hdrfmt.c hdrinline.h header.c header.h
                            header_internal.c legacy.c merge.c pkgio.c pkgio.h
                            rpmdb.c rpmdb.h sqlite.c tagname.c

  Log:
    - splint fiddles.

  Summary:
    Revision    Changes     Path
    2.437       +2  -21     rpm/lib/rpmlib.h
    2.77        +3  -3      rpm/lib/rpmts.h
    1.6         +7  -1      rpm/rpmdb/.splintrc
    1.80        +1  -3      rpm/rpmdb/Makefile.am
    1.73        +6  -23     rpm/rpmdb/db3.c
    1.45        +0  -6      rpm/rpmdb/dbconfig.c
    1.15        +0  -14     rpm/rpmdb/fprint.c
    1.11        +11 -6      rpm/rpmdb/hdrNVR.c
    1.7         +17 -70     rpm/rpmdb/hdrfmt.c
    1.14        +1  -1      rpm/rpmdb/hdrinline.h
    1.66        +23 -204    rpm/rpmdb/header.c
    1.25        +1  -1      rpm/rpmdb/header.h
    1.8         +0  -6      rpm/rpmdb/header_internal.c
    1.34        +4  -10     rpm/rpmdb/legacy.c
    1.9         +2  -4      rpm/rpmdb/merge.c
    1.9         +34 -44     rpm/rpmdb/pkgio.c
    1.4         +24 -3      rpm/rpmdb/pkgio.h
    1.162       +40 -138    rpm/rpmdb/rpmdb.c
    1.67        +11 -4      rpm/rpmdb/rpmdb.h
    1.15        +10 -14     rpm/rpmdb/sqlite.c
    1.6         +0  -2      rpm/rpmdb/tagname.c
    2.88        +2  -0      rpm/system.h
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: rpm/lib/rpmlib.h
  ============================================================================
  $ cvs diff -u -r2.436 -r2.437 rpmlib.h
  --- rpm/lib/rpmlib.h	29 Sep 2007 16:23:39 -0000	2.436
  +++ rpm/lib/rpmlib.h	30 Sep 2007 17:29:05 -0000	2.437
  @@ -126,10 +126,10 @@
   /*@-redecl@*/
   /*@unchecked@*/
   extern const int rpmTagTableSize;
  -/*@=redecl@*/
   
   /*@unchecked@*/
   extern headerTagIndices rpmTags;
  +/*@=redecl@*/
   
   /**
    * Table of query format extensions.
  @@ -743,25 +743,6 @@
   typedef /*@abstract@*/ /*@refcounted@*/ struct rpmpsm_s * rpmpsm;
   
   /** 
  - * Check header consistency, performing headerGetEntry() the hard way.
  - *  
  - * Sanity checks on the header are performed while looking for a
  - * header-only digest or signature to verify the blob. If found,
  - * the digest or signature is verified.
  - *
  - * @param ts		transaction set
  - * @param uh		unloaded header blob
  - * @param uc		no. of bytes in blob (or 0 to disable)
  - * @retval *msg		verification error message (or NULL)
  - * @return		RPMRC_OK on success
  - */
  -rpmRC headerCheck(rpmts ts, const void * uh, size_t uc,
  -		/*@out@*/ /*@null@*/ const char ** msg)
  -	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  -	/*@modifies ts, *msg, rpmGlobalMacroContext,
  -		fileSystem, internalState @*/;
  -
  -/** 
    * Return checked and loaded header.
    * @param ts		transaction set
    * @param _fd		file handle
  @@ -801,7 +782,7 @@
   			/*@null@*/ /*@out@*/ const char ** specFilePtr,
   			/*@null@*/ /*@out@*/ const char ** cookie)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  -	/*@modifies ts, fd, *specFilePtr, *cookie, rpmGlobalMacroContext,
  +	/*@modifies ts, _fd, *specFilePtr, *cookie, rpmGlobalMacroContext,
   		fileSystem, internalState @*/;
   
   /** \ingroup rpmts
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/lib/rpmts.h
  ============================================================================
  $ cvs diff -u -r2.76 -r2.77 rpmts.h
  --- rpm/lib/rpmts.h	29 Sep 2007 16:23:39 -0000	2.76
  +++ rpm/lib/rpmts.h	30 Sep 2007 17:29:05 -0000	2.77
  @@ -213,14 +213,14 @@
   /*@observer@*/ /*@dependent@*/ /*@null@*/
       const char * fn;		/*!< Current package fn. */
   
  -/*@only@*/ /*@null@*/
  +/*@only@*/ /*@relnull@*/
       const unsigned char * pkpkt;/*!< Current pubkey packet. */
       size_t pkpktlen;		/*!< Current pubkey packet length. */
       unsigned char pksignid[8];	/*!< Current pubkey fingerprint. */
   
       struct rpmop_s ops[RPMTS_OP_MAX];
   
  -/*@null@*/
  +/*@relnull@*/
       pgpDig dig;			/*!< Current signature/pubkey parameters. */
   
   /*@null@*/
  @@ -705,7 +705,7 @@
    * @param ts		transaction set
    * @return		signature/pubkey constants.
    */
  -/*@exposed@*/ /*@null@*/
  +/*@exposed@*/
   pgpDig rpmtsDig(rpmts ts)
   	/*@*/;
   
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/.splintrc
  ============================================================================
  $ cvs diff -u -r1.5 -r1.6 .splintrc
  --- rpm/rpmdb/.splintrc	30 May 2007 02:49:40 -0000	1.5
  +++ rpm/rpmdb/.splintrc	30 Sep 2007 17:29:05 -0000	1.6
  @@ -12,7 +12,6 @@
   +strict			# lclint level
   
   # --- in progress
  -#+bounds
   +slovak-fcns
   -bufferoverflowhigh
   
  @@ -27,7 +26,14 @@
   -varuse
   
   # --- not-yet at strict level
  +-internalglobs	# 16
  +-paramuse	# 6
  +-mustmod	# 8
  +-type		# 4
  +-unrecog	# 2
  +
   -bitwisesigned		# 160
  +-branchstate		# 65
   -elseifcomplete		# 9
   -exportconst		# 687
   -exportfcn		# 464
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/Makefile.am
  ============================================================================
  $ cvs diff -u -r1.79 -r1.80 Makefile.am
  --- rpm/rpmdb/Makefile.am	8 Sep 2007 16:17:34 -0000	1.79
  +++ rpm/rpmdb/Makefile.am	30 Sep 2007 17:29:05 -0000	1.80
  @@ -78,8 +78,7 @@
   endif
   
   tagtbl.c: Makefile.am $(top_srcdir)/lib/rpmlib.h 
  -	@echo '/*@-bounds@*/' > $@
  -	@echo '#include "system.h"' >> $@
  +	@echo '#include "system.h"' > $@
   	@echo '#include <rpmlib.h>' >> $@
   	@echo '#include "debug.h"' >> $@
   	@echo '' >> $@
  @@ -94,7 +93,6 @@
   	@echo '' >> $@
   	@echo '/*@unchecked@*/' >> $@
   	@echo 'const int rpmTagTableSize = sizeof(rpmTagTbl) / sizeof(rpmTagTbl[0]) - 1;' >> $@
  -	@echo '/*@=bounds@*/' >> $@
   
   if WITH_DB_INTERNAL
   my_DB_HEADER = $(top_builddir)/$(WITH_DB_SUBDIR)/db.h
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/db3.c
  ============================================================================
  $ cvs diff -u -r1.72 -r1.73 db3.c
  --- rpm/rpmdb/db3.c	24 Sep 2007 02:38:57 -0000	1.72
  +++ rpm/rpmdb/db3.c	30 Sep 2007 17:29:05 -0000	1.73
  @@ -177,6 +177,7 @@
    * @param value		tag value
    * @return		tag string
    */
  +/*@observer@*/
   static const char * mapTagName(int value)
   	/*@*/
   {
  @@ -333,7 +334,9 @@
    /* 4.1: dbenv->set_data_dir(???) */
    /* 4.1: dbenv->set_encrypt(???) */
   
  +/*@-castfcnptr@*/
       dbenv->set_errcall(dbenv, (void *)rpmdb->db_errcall);
  +/*@=castfcnptr@*/
       dbenv->set_errfile(dbenv, rpmdb->db_errfile);
       dbenv->set_errpfx(dbenv, rpmdb->db_errpfx);
       /*@=noeffectuncon@*/
  @@ -402,10 +405,8 @@
   	    const char * tmpdir;
   
   	    root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root);
  -/*@-boundsread@*/
   	    if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone)
   		root = NULL;
  -/*@=boundsread@*/
   /*@-mods@*/
   	    tmpdir = rpmGenPath(root, dbi->dbi_tmpdir, NULL);
   /*@=mods@*/
  @@ -559,9 +560,7 @@
       }
   #endif
   
  -/*@-boundswrite@*/
       *dbenvp = dbenv;
  -/*@=boundswrite@*/
   
       return 0;
   
  @@ -601,9 +600,7 @@
   {
       int rc;
   
  -/*@-boundswrite@*/
       if (dbcp) *dbcp = NULL;
  -/*@=boundswrite@*/
   #if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 6)
       rc = dbcursor->dup(dbcursor, dbcp, flags);
       rc = cvtdberr(dbi, "dbcursor->dup", rc, _debug);
  @@ -661,7 +658,7 @@
       rc = cvtdberr(dbi, "db->cursor", rc, _debug);
   
       if (dbcp)
  -	/*@-boundswrite -onlytrans@*/ *dbcp = dbcursor; /*@=boundswrite =onlytrans@*/
  +	*dbcp = dbcursor;
       else
   	(void) db3cclose(dbi, dbcursor, 0);
   
  @@ -823,9 +820,7 @@
       rc = cvtdberr(dbi, "dbcursor->c_count", rc, _debug);
   #endif
       if (rc) return rc;
  -/*@-boundswrite@*/
       if (countp) *countp = count;
  -/*@=boundswrite@*/
   
       return rc;
   }
  @@ -950,10 +945,8 @@
        * Get the prefix/root component and directory path.
        */
       root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root);
  -/*@-boundsread@*/
       if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone)
   	root = NULL;
  -/*@=boundsread@*/
       home = (dbi->dbi_home ? dbi->dbi_home : rpmdb->db_home);
   
       /*
  @@ -1010,7 +1003,9 @@
   	if (rc || dbenv == NULL) goto exit;
   
   	/*@-noeffectuncon@*/ /* FIX: annotate db3 methods */
  +/*@-castfcnptr@*/
   	dbenv->set_errcall(dbenv, (void *)rpmdb->db_errcall);
  +/*@=castfcnptr@*/
   	dbenv->set_errfile(dbenv, rpmdb->db_errfile);
   	dbenv->set_errpfx(dbenv, rpmdb->db_errpfx);
    /*	dbenv->set_paniccall(???) */
  @@ -1108,10 +1103,8 @@
       u_int32_t oflags;
       int _printit;
   
  -/*@-boundswrite@*/
       if (dbip)
   	*dbip = NULL;
  -/*@=boundswrite@*/
   
       /*
        * Parse db configuration parameters.
  @@ -1128,10 +1121,8 @@
        * Get the prefix/root component and directory path.
        */
       root = (dbi->dbi_root ? dbi->dbi_root : rpmdb->db_root);
  -/*@-boundsread@*/
       if ((root[0] == '/' && root[1] == '\0') || rpmdb->db_chrootDone)
   	root = NULL;
  -/*@=boundsread@*/
       home = (dbi->dbi_home ? dbi->dbi_home : rpmdb->db_home);
   
       /*
  @@ -1281,7 +1272,6 @@
       if (oflags & DB_RDONLY)
   	dbi->dbi_verify_on_close = 0;
   
  -/*@-branchstate@*/
       if (dbi->dbi_use_dbenv) {
   	/*@-mods@*/
   	if (rpmdb->db_dbenv == NULL) {
  @@ -1353,7 +1343,6 @@
   	}
   	/*@=mods@*/
       }
  -/*@=branchstate@*/
   
       rpmMessage(RPMMESS_DEBUG, D_("opening  db index       %s/%s %s mode=0x%x\n"),
   		dbhome, (dbfile ? dbfile : mapTagName(dbi->dbi_rpmtag)),
  @@ -1511,11 +1500,9 @@
   		if (dbfile)	nb += 1 + strlen(dbfile);
   		dbfullpath = t = alloca(nb + 1);
   
  -/*@-boundswrite@*/
   		t = stpcpy(t, dbhome);
   		if (dbfile)
   		    t = stpcpy( stpcpy( t, "/"), dbfile);
  -/*@=boundswrite@*/
   #ifdef	HACK	/* XXX necessary to support dbsubfile */
   		dbpath = (!dbi->dbi_use_dbenv && !dbi->dbi_temporary)
   			? dbfullpath : dbfile;
  @@ -1578,9 +1565,7 @@
   		    rc = 1;
   		} else {
   		    struct flock l;
  -/*@-boundswrite@*/
   		    memset(&l, 0, sizeof(l));
  -/*@=boundswrite@*/
   		    l.l_whence = 0;
   		    l.l_start = 0;
   		    l.l_len = 0;
  @@ -1614,9 +1599,7 @@
   
       if (rc == 0 && dbi->dbi_db != NULL && dbip != NULL) {
   	dbi->dbi_vec = &db3vec;
  -/*@-boundswrite@*/
   	*dbip = dbi;
  -/*@=boundswrite@*/
       } else {
   	dbi->dbi_verify_on_close = 0;
   	(void) db3close(dbi, 0);
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/dbconfig.c
  ============================================================================
  $ cvs diff -u -r1.44 -r1.45 dbconfig.c
  --- rpm/rpmdb/dbconfig.c	2 Aug 2007 17:15:42 -0000	1.44
  +++ rpm/rpmdb/dbconfig.c	30 Sep 2007 17:29:05 -0000	1.45
  @@ -648,7 +648,6 @@
   static const char *db3_config_default =
       "hash tmpdir=/var/tmp create cdb mpool mp_mmapsize=16Mb mp_size=1Mb perms=0644";
   
  -/*@-bounds@*/
   dbiIndex db3New(rpmdb rpmdb, rpmTag rpmtag)
   {
       dbiIndex dbi = xcalloc(1, sizeof(*dbi));
  @@ -666,7 +665,6 @@
       }
   
       /* Parse the options for the database element(s). */
  -    /*@-branchstate@*/
       if (dbOpts && *dbOpts && *dbOpts != '%') {
   	char *o, *oe;
   	char *p, *pe;
  @@ -782,7 +780,6 @@
   	}
   /*=========*/
       }
  -    /*@=branchstate@*/
   
       dbOpts = _free(dbOpts);
   
  @@ -832,9 +829,7 @@
       return dbi;
       /*@=globstate@*/
   }
  -/*@=bounds@*/
   
  -/*@-boundswrite@*/
   const char * prDbiOpenFlags(int dbflags, int print_dbenv_flags)
   {
       static char buf[256];
  @@ -869,6 +864,5 @@
       }
       return buf;
   }
  -/*@=boundswrite@*/
   
   #endif
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/fprint.c
  ============================================================================
  $ cvs diff -u -r1.14 -r1.15 fprint.c
  --- rpm/rpmdb/fprint.c	25 May 2007 17:36:33 -0000	1.14
  +++ rpm/rpmdb/fprint.c	30 Sep 2007 17:29:05 -0000	1.15
  @@ -41,9 +41,7 @@
   
       if (htGetEntry(cache->ht, dirName, &data, NULL, NULL))
   	return NULL;
  -/*@-boundsread@*/
       return data[0];
  -/*@=boundsread@*/
   }
   
   /**
  @@ -54,7 +52,6 @@
    * @param scareMem
    * @return pointer to the finger print associated with a file path.
    */
  -/*@-bounds@*/ /* LCL: segfault */
   static fingerPrint doLookup(fingerPrintCache cache,
   		const char * dirName, const char * baseName, int scareMem)
   	/*@modifies cache @*/
  @@ -75,11 +72,9 @@
       cdnl = strlen(cleanDirName);
   
       if (*cleanDirName == '/') {
  -	/*@-branchstate@*/
   	if (!scareMem)
   	    cleanDirName =
   		rpmCleanPath(strcpy(alloca(cdnl+1), dirName));
  -	/*@=branchstate@*/
       } else {
   	scareMem = 0;	/* XXX causes memory leak */
   
  @@ -92,7 +87,6 @@
   	/* if the current directory doesn't exist, we might fail. 
   	   oh well. likewise if it's too long.  */
   	dir[0] = '\0';
  -	/*@-branchstate@*/
   	if (realpath(".", dir) != NULL) {
   	    end = dir + strlen(dir);
   	    if (end[-1] != '/')	*end++ = '/';
  @@ -105,7 +99,6 @@
   	    cleanDirName = dir;
   	    cdnl = end - dir;
   	}
  -	/*@=branchstate@*/
       }
       fp.entry = NULL;
       fp.subDir = NULL;
  @@ -183,7 +176,6 @@
       /*@-nullret@*/ return fp; /*@=nullret@*/	/* LCL: can't happen. */
       /*@=compdef@*/
   }
  -/*@=bounds@*/
   
   fingerPrint fpLookup(fingerPrintCache cache, const char * dirName, 
   			const char * baseName, int scareMem)
  @@ -197,9 +189,7 @@
       const char * chptr = fp->baseName;
       unsigned char ch = 0;
   
  -/*@-boundsread@*/
       while (*chptr != '\0') ch ^= *chptr++;
  -/*@=boundsread@*/
   
       h |= ((unsigned)ch) << 24;
       h |= (((((unsigned)fp->entry->dev) >> 8) ^ fp->entry->dev) & 0xFF) << 16;
  @@ -208,7 +198,6 @@
       return h;
   }
   
  -/*@-boundsread@*/
   int fpEqual(const void * key1, const void * key2)
   {
       const fingerPrint *k1 = key1;
  @@ -226,9 +215,7 @@
       return 1;
   
   }
  -/*@=boundsread@*/
   
  -/*@-bounds@*/
   void fpLookupList(fingerPrintCache cache, const char ** dirNames, 
   		  const char ** baseNames, const uint_32 * dirIndexes, 
   		  int fileCount, fingerPrint * fpList)
  @@ -248,7 +235,6 @@
   	}
       }
   }
  -/*@=bounds@*/
   
   #ifdef	UNUSED
   /**
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/hdrNVR.c
  ============================================================================
  $ cvs diff -u -r1.10 -r1.11 hdrNVR.c
  --- rpm/rpmdb/hdrNVR.c	29 Sep 2007 16:23:40 -0000	1.10
  +++ rpm/rpmdb/hdrNVR.c	30 Sep 2007 17:29:05 -0000	1.11
  @@ -30,7 +30,10 @@
       { NULL, 0 }
   };
   
  +/*@-globs -mods -incondefs@*/
   int headerMacrosLoad(Header h)
  +	/*@globals rpmGlobalMacroContext @*/
  +	/*@modifies rpmGlobalMacroContext @*/
   {
       struct tagMacro * tagm;
       union {
  @@ -62,9 +65,7 @@
   	    continue;
   	switch (type) {
   	case RPM_INT32_TYPE:
  -/*@-boundsread@*/
   	    sprintf(numbuf, "%d", *body.i32p);
  -/*@=boundsread@*/
   	    addMacro(NULL, tagm->macroname, NULL, numbuf, -1);
   	    /*@switchbreak@*/ break;
   	case RPM_STRING_TYPE:
  @@ -85,7 +86,12 @@
       }
       return 0;
   }
  +/*@=globs =mods =incondefs@*/
  +
  +/*@-globs -mods -incondefs@*/
   int headerMacrosUnload(Header h)
  +	/*@globals rpmGlobalMacroContext @*/
  +	/*@modifies rpmGlobalMacroContext @*/
   {
       struct tagMacro * tagm;
       union {
  @@ -137,6 +143,7 @@
   
       return 0;
   }
  +/*@=globs =mods =incondefs@*/
   
   int headerNEVRA(Header h, const char **np,
   		/*@unused@*/ const char **ep, const char **vp, const char **rp,
  @@ -145,7 +152,6 @@
       int type;
       int count;
   
  -/*@-boundswrite@*/
       if (np) {
   	if (!(headerGetEntry(h, RPMTAG_NAME, &type, np, &count)
   	    && type == RPM_STRING_TYPE && count == 1))
  @@ -162,17 +168,18 @@
   		*rp = NULL;
       }
       if (ap) {
  +/*@-observertrans -readonlytrans@*/
   	if (!headerIsEntry(h, RPMTAG_ARCH))
   	    *ap = "pubkey";
   	else
   	if (!headerIsEntry(h, RPMTAG_SOURCERPM))
   	    *ap = "src";
  +/*@=observertrans =readonlytrans@*/
   	else
   	if (!(headerGetEntry(h, RPMTAG_ARCH, &type, ap, &count)
   	    && type == RPM_STRING_TYPE && count == 1))
   		*ap = NULL;
       }
  -/*@=boundswrite@*/
       return 0;
   }
   
  @@ -189,10 +196,8 @@
       if (hge(h, RPMTAG_FILECOLORS, NULL, &fcolors, &ncolors)
        && fcolors != NULL && ncolors > 0)
       {
  -/*@-boundsread@*/
   	for (i = 0; i < ncolors; i++)
   	    hcolor |= fcolors[i];
  -/*@=boundsread@*/
       }
       hcolor &= 0x0f;
   
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/hdrfmt.c
  ============================================================================
  $ cvs diff -u -r1.6 -r1.7 hdrfmt.c
  --- rpm/rpmdb/hdrfmt.c	9 Sep 2007 19:06:51 -0000	1.6
  +++ rpm/rpmdb/hdrfmt.c	30 Sep 2007 17:29:05 -0000	1.7
  @@ -20,9 +20,9 @@
   /*@access pgpDig @*/
   /*@access pgpDigParams @*/
   
  -/*@-boundswrite@*/
   /* XXX FIXME: static for now, refactor from manifest.c later. */
   static char * rpmPermsString(int mode)
  +	/*@*/
   {
       char *perms = xstrdup("----------");
      
  @@ -68,7 +68,6 @@
   
       return perms;
   }
  -/*@=boundswrite@*/
   /**
    * Identify type of trigger.
    * @param type		tag type
  @@ -122,9 +121,7 @@
   	val = xstrdup(_("(invalid type)"));
       } else {
   	val = xmalloc(15 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   	buf = rpmPermsString(*((int_32 *) data));
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, buf);
  @@ -157,7 +154,6 @@
   	val = xstrdup(_("(invalid type)"));
       } else {
   	buf[0] = '\0';
  -/*@-boundswrite@*/
   	if (anint & RPMFILE_DOC)
   	    strcat(buf, "d");
   	if (anint & RPMFILE_CONFIG)
  @@ -174,12 +170,9 @@
   	    strcat(buf, "l");
   	if (anint & RPMFILE_README)
   	    strcat(buf, "r");
  -/*@=boundswrite@*/
   
   	val = xmalloc(5 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, buf);
   	/*@=formatconst@*/
  @@ -223,8 +216,10 @@
   	enc = data;
   	s = NULL;
   	ns = 0;
  +/*@-moduncon@*/
   	if (b64decode(enc, (void **)&s, &ns))
   	    return xstrdup(_("(not base64)"));
  +/*@=moduncon@*/
   	atype = PGPARMOR_PUBKEY;	/* XXX check pkt for pubkey */
   	break;
       case RPM_NULL_TYPE:
  @@ -272,7 +267,6 @@
   	size_t ns = element;
   	size_t nt = ((ns + 2) / 3) * 4;
   
  -/*@-boundswrite@*/
   	/*@-globs@*/
   	/* Add additional bytes necessary for eol string(s). */
   	if (b64encode_chars_per_line > 0 && b64encode_eolstr != NULL) {
  @@ -289,16 +283,19 @@
       /* XXX b64encode accesses uninitialized memory. */
       { 	unsigned char * _data = xcalloc(1, ns+1);
   	memcpy(_data, data, ns);
  +/*@-moduncon@*/
   	if ((enc = b64encode(_data, ns)) != NULL) {
   	    t = stpcpy(t, enc);
   	    enc = _free(enc);
   	}
  +/*@=moduncon@*/
   	_data = _free(_data);
       }
  -/*@=boundswrite@*/
       }
   
  +/*@-globstate@*/
       return val;
  +/*@=globstate@*/
   }
   
   /**
  @@ -312,9 +309,7 @@
       size_t len = 0;
       int c;
   
  -/*@-boundsread@*/
       while ((c = *s++) != '\0')
  -/*@=boundsread@*/
       {
   	switch (c) {
   	case '<':
  @@ -338,7 +333,6 @@
       char * te = t;
       int c;
   
  -/*@-bounds@*/
       while ((c = *s++) != '\0') {
   	switch (c) {
   	case '<':	te = stpcpy(te, "&lt;");	/*@switchbreak@*/ break;
  @@ -348,7 +342,6 @@
   	}
       }
       *te = '\0';
  -/*@=bounds@*/
       return t;
   }
   
  @@ -361,7 +354,6 @@
    * @param element	(unused)
    * @return		formatted string
    */
  -/*@-bounds@*/
   static /*@only@*/ char * xmlFormat(int_32 type, const void * data,
   		char * formatPrefix, int padding,
   		/*@unused@*/ int element)
  @@ -376,7 +368,6 @@
       int freeit = 0;
       int xx;
   
  -/*@-branchstate@*/
       switch (type) {
       case RPM_I18NSTRING_TYPE:
       case RPM_STRING_TYPE:
  @@ -390,19 +381,17 @@
       case RPM_OPENPGP_TYPE:
       case RPM_ASN1_TYPE:
       case RPM_BIN_TYPE:
  +/*@-globs -mods@*/
       {	int cpl = b64encode_chars_per_line;
  -/*@-mods@*/
   	b64encode_chars_per_line = 0;
  -/*@=mods@*/
   /*@-formatconst@*/
   	s = base64Format(type, data, formatPrefix, padding, element);
   /*@=formatconst@*/
  -/*@-mods@*/
   	b64encode_chars_per_line = cpl;
  -/*@=mods@*/
   	xtag = "base64";
   	freeit = 1;
       }	break;
  +/*@=globs =mods@*/
       case RPM_CHAR_TYPE:
       case RPM_INT8_TYPE:
   	anint = *((uint_8 *) data);
  @@ -422,9 +411,7 @@
   	return xstrdup(_("(invalid xml type)"));
   	/*@notreached@*/ break;
       }
  -/*@=branchstate@*/
   
  -/*@-branchstate@*/
       if (s == NULL) {
   	int tlen = 64;
   	t = memset(alloca(tlen+1), 0, tlen+1);
  @@ -435,7 +422,6 @@
   	s = t;
   	xtag = "integer";
       }
  -/*@=branchstate@*/
   
       nb = xmlstrlen(s);
       if (nb == 0) {
  @@ -451,16 +437,12 @@
   	te = stpcpy( stpcpy( stpcpy(te, "</"), xtag), ">");
       }
   
  -/*@-branchstate@*/
       if (freeit)
   	s = _free(s);
  -/*@=branchstate@*/
   
       nb += padding;
       val = xmalloc(nb+1);
  -/*@-boundswrite@*/
       strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   /*@-formatconst@*/
       xx = snprintf(val, nb, formatPrefix, t);
   /*@=formatconst@*/
  @@ -468,7 +450,6 @@
   
       return val;
   }
  -/*@=bounds@*/
   
   /**
    * Return length of string represented with yaml indentation.
  @@ -483,9 +464,7 @@
       int indent = (lvl > 0);
       int c;
   
  -/*@-boundsread@*/
       while ((c = *s++) != '\0')
  -/*@=boundsread@*/
       {
   	if (indent) {
   	    len += 2 * lvl;
  @@ -512,7 +491,6 @@
       int indent = (lvl > 0);
       int c;
   
  -/*@-bounds@*/
       while ((c = *s++) != '\0') {
   	if (indent) {
   	    int i;
  @@ -527,7 +505,6 @@
   	*te++ = c;
       }
       *te = '\0';
  -/*@=bounds@*/
       return t;
   }
   
  @@ -540,7 +517,6 @@
    * @param element	element index (or -1 for non-array).
    * @return		formatted string
    */
  -/*@-bounds@*/
   static /*@only@*/ char * yamlFormat(int_32 type, const void * data,
   		char * formatPrefix, int padding,
   		int element)
  @@ -558,7 +534,6 @@
       int xx;
       int c;
   
  -/*@-branchstate@*/
       switch (type) {
       case RPM_I18NSTRING_TYPE:
       case RPM_STRING_TYPE:
  @@ -603,20 +578,18 @@
       case RPM_OPENPGP_TYPE:
       case RPM_ASN1_TYPE:
       case RPM_BIN_TYPE:
  +/*@-globs -mods@*/
       {	int cpl = b64encode_chars_per_line;
  -/*@-mods@*/
   	b64encode_chars_per_line = 0;
  -/*@=mods@*/
   /*@-formatconst@*/
   	s = base64Format(type, data, formatPrefix, padding, element);
   	element = -element;	/* XXX skip "    " indent. */
   /*@=formatconst@*/
  -/*@-mods@*/
   	b64encode_chars_per_line = cpl;
  -/*@=mods@*/
   	xtag = "!!binary ";
   	freeit = 1;
       }	break;
  +/*@=globs =mods@*/
       case RPM_CHAR_TYPE:
       case RPM_INT8_TYPE:
   	anint = *((uint_8 *) data);
  @@ -636,9 +609,7 @@
   	return xstrdup(_("(invalid yaml type)"));
   	/*@notreached@*/ break;
       }
  -/*@=branchstate@*/
   
  -/*@-branchstate@*/
       if (s == NULL) {
   	int tlen = 64;
   	t = memset(alloca(tlen+1), 0, tlen+1);
  @@ -648,7 +619,6 @@
   	s = t;
   	xtag = (element >= 0 ? "- " : NULL);
       }
  -/*@=branchstate@*/
   
       nb = yamlstrlen(s, lvl);
       if (nb == 0) {
  @@ -680,16 +650,12 @@
       }
   
       /* XXX s was malloc'd */
  -/*@-branchstate@*/
       if (freeit)
   	s = _free(s);
  -/*@=branchstate@*/
   
       nb += padding;
       val = xmalloc(nb+1);
  -/*@-boundswrite@*/
       strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   /*@-formatconst@*/
       xx = snprintf(val, nb, formatPrefix, t);
   /*@=formatconst@*/
  @@ -697,7 +663,6 @@
   
       return val;
   }
  -/*@=bounds@*/
   
   /**
    * Display signature fingerprint and time.
  @@ -721,9 +686,7 @@
       } else {
   	unsigned char * pkt = (byte *) data;
   	unsigned int pktlen = 0;
  -/*@-boundsread@*/
   	unsigned int v = *pkt;
  -/*@=boundsread@*/
   	pgpTag tag = 0;
   	unsigned int plen;
   	unsigned int hlen = 0;
  @@ -756,7 +719,6 @@
   	    nb += 100;
   	    val = t = xrealloc(val, nb + 1);
   
  -/*@-boundswrite@*/
   	    switch (sigp->pubkey_algo) {
   	    case PGPPUBKEYALGO_DSA:
   		t = stpcpy(t, "DSA");
  @@ -803,7 +765,6 @@
   	    if (t + strlen (tempstr) > val + nb)
   		goto again;
   	    t = stpcpy(t, tempstr);
  -/*@=boundswrite@*/
   
   	    dig = pgpFreeDig(dig);
   	}
  @@ -837,7 +798,6 @@
   	t = buf = alloca(32);
   	*t = '\0';
   
  -/*@-boundswrite@*/
   #ifdef	NOTYET	/* XXX appending markers breaks :depflags format. */
   	if (anint & RPMSENSE_SCRIPT_PRE)
   	    t = stpcpy(t, "(pre)");
  @@ -859,12 +819,9 @@
   	if (anint & RPMSENSE_SENSEMASK)
   	    *t++ = ' ';
   	*t = '\0';
  -/*@=boundswrite@*/
   
   	val = xmalloc(5 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, buf);
   	/*@=formatconst@*/
  @@ -900,9 +857,7 @@
   	return 0;
       } else if (hge(h, RPMTAG_INSTPREFIXES, &ipt, &array, count)) {
   	if (type) *type = RPM_STRING_TYPE;
  -/*@-boundsread@*/
   	if (data) *data = xstrdup(array[0]);
  -/*@=boundsread@*/
   	if (freeData) *freeData = 1;
   	array = hfd(array, ipt);
   	return 0;
  @@ -954,7 +909,6 @@
       *data = conds = xmalloc(sizeof(*conds) * numScripts);
       *count = numScripts;
       *type = RPM_STRING_ARRAY_TYPE;
  -/*@-bounds@*/
       for (i = 0; i < numScripts; i++) {
   	chptr = xstrdup("");
   
  @@ -980,7 +934,6 @@
   
   	conds[i] = chptr;
       }
  -/*@=bounds@*/
   
       names = hfd(names, tnt);
       versions = hfd(versions, tvt);
  @@ -1026,7 +979,6 @@
       *data = conds = xmalloc(sizeof(*conds) * numScripts);
       *count = numScripts;
       *type = RPM_STRING_ARRAY_TYPE;
  -/*@-bounds@*/
       for (i = 0; i < numScripts; i++) {
   	for (j = 0; j < numNames; j++) {
   	    if (indices[j] != i)
  @@ -1045,7 +997,6 @@
   	    /*@innerbreak@*/ break;
   	}
       }
  -/*@=bounds@*/
   
       return 0;
   }
  @@ -1118,14 +1069,12 @@
   #endif
   
   	msgid = NULL;
  -	/*@-branchstate@*/
   	for (domain = dstring; domain != NULL; domain = de) {
   	    de = strchr(domain, ':');
   	    if (de) *de++ = '\0';
   	    msgid = /*@-unrecog@*/ dgettext(domain, msgkey) /*@=unrecog@*/;
   	    if (msgid != msgkey) break;
   	}
  -	/*@=branchstate@*/
   
   	/* restore previous environment for msgid -> msgstr resolution */
   	if (langval)
  @@ -1304,6 +1253,7 @@
    * @retval *freeData	data-was-malloc'ed indicator
    * @return		0 on success
    */
  +/*@-globuse@*/
   static int dbinstanceTag(Header h, /*@out@*/ rpmTagType * type,
   		/*@out@*/ const void ** data, /*@out@*/ int_32 * count,
   		/*@out@*/ int * freeData)
  @@ -1325,6 +1275,7 @@
   
       return 0;
   }
  +/*@=globuse@*/
   
   /**
    * Return (malloc'd) header name-version-release.arch string.
  @@ -1333,7 +1284,7 @@
    */
   /*@only@*/
   static char * hGetNVRA(Header h)
  -	/*@modifies *np @*/
  +	/*@modifies h @*/
   {
       const char * N = NULL;
       const char * V = NULL;
  @@ -1350,12 +1301,10 @@
       nb++;
       NVRA = t = xmalloc(nb);
       *t = '\0';
  -/*@-boundswrite@*/
       if (N)	t = stpcpy(t, N);
       if (V)	t = stpcpy( stpcpy(t, "-"), V);
       if (R)	t = stpcpy( stpcpy(t, "-"), R);
       if (A)	t = stpcpy( stpcpy(t, "."), A);
  -/*@=boundswrite@*/
       return NVRA;
   }
   
  @@ -1368,12 +1317,13 @@
    * @retval *freeData	data-was-malloc'ed indicator
    * @return		0 on success
    */
  +/*@-globuse@*/
   static int nvraTag(Header h, /*@out@*/ rpmTagType * type,
   		/*@out@*/ const void ** data, /*@out@*/ int_32 * count,
   		/*@out@*/ int * freeData)
   	/*@globals rpmGlobalMacroContext, h_errno,
   		fileSystem, internalState @*/
  -	/*@modifies *type, *data, *count, *freeData, rpmGlobalMacroContext,
  +	/*@modifies h, *type, *data, *count, *freeData, rpmGlobalMacroContext,
   		fileSystem, internalState @*/
   	/*@requires maxSet(type) >= 0 /\ maxSet(data) >= 0
   		/\ maxSet(count) >= 0 /\ maxSet(freeData) >= 0 @*/
  @@ -1385,6 +1335,7 @@
   
       return 0;
   }
  +/*@=globuse@*/
   
   /**
    * Retrieve file names from header.
  @@ -1447,7 +1398,6 @@
   
       fileNames = xmalloc(size);
       t = ((char *) fileNames) + (sizeof(*fileNames) * count);
  -    /*@-branchstate@*/
       for (i = 0; i < count; i++) {
   	const char * dn = NULL;
   	fileNames[i] = t;
  @@ -1455,16 +1405,13 @@
   	t = stpcpy( stpcpy(t, dn), baseNames[i]);
   	*t++ = '\0';
       }
  -    /*@=branchstate@*/
       baseNames = hfd(baseNames, bnt);
       dirNames = hfd(dirNames, dnt);
   
  -    /*@-branchstate@*/
       if (fnp)
   	*fnp = fileNames;
       else
   	fileNames = _free(fileNames);
  -    /*@=branchstate@*/
       if (fcp) *fcp = count;
   }
   
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/hdrinline.h
  ============================================================================
  $ cvs diff -u -r1.13 -r1.14 hdrinline.h
  --- rpm/rpmdb/hdrinline.h	8 Sep 2007 23:44:00 -0000	1.13
  +++ rpm/rpmdb/hdrinline.h	30 Sep 2007 17:29:05 -0000	1.14
  @@ -533,7 +533,7 @@
    */
   /*@unused@*/ static inline
   int headerGetMagic(/*@null@*/ Header h, unsigned char **magicp, size_t *nmagicp)
  -	/*@*/
  +	/*@modifies *magicp, *nmagicp @*/
   {
       return hdrVec->hdrgetmagic(h, magicp, nmagicp);
   }
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/header.c
  ============================================================================
  $ cvs diff -u -r1.65 -r1.66 header.c
  --- rpm/rpmdb/header.c	8 Sep 2007 23:44:00 -0000	1.65
  +++ rpm/rpmdb/header.c	30 Sep 2007 17:29:05 -0000	1.66
  @@ -20,6 +20,7 @@
   /*@unchecked@*/
   int _hdr_debug = 0;
   
  +/*@unchecked@*/
   int _newmagic = 0;
   
   /*@access entryInfo @*/
  @@ -88,14 +89,17 @@
    */
   /*@unchecked@*/
   int _hdr_stats = 0;
  +
  +/*@-compmempass@*/
   /*@unchecked@*/
   static struct rpmop_s hdr_loadops;
  -/*@unchecked@*/
  +/*@unchecked@*/ /*@relnull@*/
   rpmop _hdr_loadops = &hdr_loadops;
   /*@unchecked@*/
   static struct rpmop_s hdr_getops;
  -/*@unchecked@*/
  +/*@unchecked@*/ /*@relnull@*/
   rpmop _hdr_getops = &hdr_getops;
  +/*@=compmempass@*/
   
   /** \ingroup header
    * Return header stats accumulator structure.
  @@ -104,7 +108,7 @@
    * @return		per-header accumulator pointer
    */
   static /*@null@*/
  -void * headerGetStats(/*@null@*/ Header h, int opx)
  +void * headerGetStats(Header h, int opx)
           /*@*/
   {
       rpmop op = NULL;
  @@ -192,12 +196,14 @@
       }
       h->origin = _free(h->origin);
   
  +/*@-nullstate@*/
       if (_hdr_stats) {
   	if (_hdr_loadops)	/* RPMTS_OP_HDRLOAD */
   	    (void) rpmswAdd(_hdr_loadops, headerGetStats(h, 18));
   	if (_hdr_getops)	/* RPMTS_OP_HDRGET */
   	    (void) rpmswAdd(_hdr_getops, headerGetStats(h, 19));
       }
  +/*@=nullstate@*/
   
       /*@-refcounttrans@*/ h = _free(h); /*@=refcounttrans@*/
       return h;
  @@ -255,9 +261,7 @@
   	/*@modifies h @*/
   {
       if (!(h->flags & HEADERFLAG_SORTED)) {
  -/*@-boundsread@*/
   	qsort(h->index, h->indexUsed, sizeof(*h->index), indexCmp);
  -/*@=boundsread@*/
   	h->flags |= HEADERFLAG_SORTED;
       }
   }
  @@ -289,9 +293,7 @@
   void headerUnsort(Header h)
   	/*@modifies h @*/
   {
  -/*@-boundsread@*/
       qsort(h->index, h->indexUsed, sizeof(*h->index), offsetCmp);
  -/*@=boundsread@*/
   }
   
   /** \ingroup header
  @@ -340,7 +342,6 @@
   
   	/* Alignment */
   	type = entry->info.type;
  -/*@-boundsread@*/
   	if (typeSizes[type] > 1) {
   	    diff = typeSizes[type] - (size % typeSizes[type]);
   	    if (diff != typeSizes[type]) {
  @@ -348,7 +349,6 @@
   		pad += diff;
   	    }
   	}
  -/*@=boundsread@*/
   
   	/*@-sizeoftype@*/
   	size += sizeof(struct entryInfo_s) + entry->length;
  @@ -379,13 +379,11 @@
       case RPM_STRING_TYPE:
   	if (count != 1)
   	    return -1;
  -/*@-boundsread@*/
   	while (*s++) {
   	    if (se && s > se)
   		return -1;
   	    length++;
   	}
  -/*@=boundsread@*/
   	length++;	/* count nul terminator too. */
   	break;
   
  @@ -397,31 +395,25 @@
   	if (onDisk) {
   	    while (count--) {
   		length++;       /* count nul terminator too */
  -/*@-boundsread@*/
                  while (*s++) {
   		    if (se && s > se)
   			return -1;
   		    length++;
   		}
  -/*@=boundsread@*/
   	    }
   	} else {
   	    const char ** av = (const char **)p;
  -/*@-boundsread@*/
   	    while (count--) {
   		/* add one for null termination */
   		length += strlen(*av++) + 1;
   	    }
  -/*@=boundsread@*/
   	}
   	break;
   
       default:
  -/*@-boundsread@*/
   	if (typeSizes[type] == -1)
   	    return -1;
   	length = typeSizes[(type & 0xf)] * count;
  -/*@=boundsread@*/
   	if (length < 0 || (se && (s + length) > se))
   	    return -1;
   	break;
  @@ -469,9 +461,7 @@
       int tl = dl;
       struct indexEntry_s ieprev;
   
  -/*@-boundswrite@*/
       memset(&ieprev, 0, sizeof(ieprev));
  -/*@=boundswrite@*/
       for (; il > 0; il--, pe++) {
   	struct indexEntry_s ie;
   	int_32 type;
  @@ -487,10 +477,8 @@
   	    return -1;
   	if (hdrchkData(ie.info.offset))
   	    return -1;
  -/*@-boundsread@*/
   	if (hdrchkAlign(ie.info.type, ie.info.offset))
   	    return -1;
  -/*@=boundsread@*/
   
   	ie.data = t = dataStart + ie.info.offset;
   	if (dataEnd && t >= dataEnd)
  @@ -504,15 +492,12 @@
   
   	if (entry) {
   	    ie.info.offset = regionid;
  -/*@-boundswrite@*/
   	    *entry = ie;	/* structure assignment */
  -/*@=boundswrite@*/
   	    entry++;
   	}
   
   	/* Alignment */
   	type = ie.info.type;
  -/*@-boundsread@*/
   	if (typeSizes[type] > 1) {
   	    unsigned diff;
   	    diff = typeSizes[type] - (dl % typeSizes[type]);
  @@ -522,7 +507,6 @@
   		    ieprev.length += diff;
   	    }
   	}
  -/*@=boundsread@*/
   	tdel = (tprev ? (t - tprev) : 0);
   	if (ieprev.info.type == RPM_I18NSTRING_TYPE)
   	    tdel = ieprev.length;
  @@ -540,7 +524,6 @@
   
   	/* Perform endian conversions */
   	switch (ntohl(pe->type)) {
  -/*@-bounds@*/
   	case RPM_INT64_TYPE:
   	{   int_64 * it = (int_64 *)t;
   	    int_32 b[2];
  @@ -572,7 +555,6 @@
   	    }
   	    t = (unsigned char *) it;
   	}   /*@switchbreak@*/ break;
  -/*@=bounds@*/
   	default:
   	    t += ie.length;
   	    /*@switchbreak@*/ break;
  @@ -704,11 +686,9 @@
   
       len = sizeof(il) + sizeof(dl) + (il * sizeof(*pe)) + dl;
   
  -/*@-boundswrite@*/
       ei = xmalloc(len);
       ei[0] = htonl(il);
       ei[1] = htonl(dl);
  -/*@=boundswrite@*/
   
       pe = (entryInfo) &ei[2];
       dataStart = te = (char *) (pe + il);
  @@ -741,10 +721,8 @@
   		int_32 stei[4];
   
   		legacy = 1;
  -/*@-boundswrite@*/
   		memcpy(pe+1, src, rdl);
   		memcpy(te, src + rdl, rdlen);
  -/*@=boundswrite@*/
   		te += rdlen;
   
   		pe->offset = htonl(te - dataStart);
  @@ -752,9 +730,7 @@
   		stei[1] = pe->type;
   		stei[2] = htonl(-rdl-entry->info.count);
   		stei[3] = pe->count;
  -/*@-boundswrite@*/
   		memcpy(te, stei, entry->info.count);
  -/*@=boundswrite@*/
   		te += entry->info.count;
   		ril++;
   		rdlen += entry->info.count;
  @@ -765,10 +741,8 @@
   
   	    } else {
   
  -/*@-boundswrite@*/
   		memcpy(pe+1, src + sizeof(*pe), ((ril-1) * sizeof(*pe)));
   		memcpy(te, src + (ril * sizeof(*pe)), rdlen+entry->info.count+drlen);
  -/*@=boundswrite@*/
   		te += rdlen;
   		{   /*@-castexpose@*/
   		    entryInfo se = (entryInfo)src;
  @@ -804,9 +778,7 @@
   	    unsigned diff;
   	    diff = typeSizes[type] - ((te - dataStart) % typeSizes[type]);
   	    if (diff != typeSizes[type]) {
  -/*@-boundswrite@*/
   		memset(te, 0, diff);
  -/*@=boundswrite@*/
   		te += diff;
   		pad += diff;
   	    }
  @@ -815,7 +787,6 @@
   	pe->offset = htonl(te - dataStart);
   
   	/* copy data w/ endian conversions */
  -/*@-boundswrite@*/
   	switch (entry->info.type) {
   	case RPM_INT64_TYPE:
   	{   int_32 b[2];
  @@ -862,7 +833,6 @@
   	    te += entry->length;
   	    /*@switchbreak@*/ break;
   	}
  -/*@=boundswrite@*/
   	pe++;
       }
      
  @@ -909,10 +879,8 @@
   
       key.info.tag = tag;
   
  -/*@-boundswrite@*/
       entry2 = entry = 
   	bsearch(&key, h->index, h->indexUsed, sizeof(*h->index), indexCmp);
  -/*@=boundswrite@*/
       if (entry == NULL)
   	return NULL;
   
  @@ -979,10 +947,8 @@
       if (ne > 0) {
   	h->indexUsed -= ne;
   	ne = last - first;
  -/*@-boundswrite@*/
   	if (ne > 0)
   	    memmove(entry, first, (ne * sizeof(*entry)));
  -/*@=boundswrite@*/
       }
   
       return 0;
  @@ -1139,12 +1105,10 @@
   	    }
   
   	    /* If any duplicate entries were replaced, move new entries down. */
  -/*@-boundswrite@*/
   	    if (h->indexUsed < (save - ne)) {
   		memmove(h->index + h->indexUsed, firstEntry,
   			(ne * sizeof(*entry)));
   	    }
  -/*@=boundswrite@*/
   	    h->indexUsed += ne;
   	  }
   	}
  @@ -1183,7 +1147,7 @@
    */
   static
   int headerGetMagic(/*@null@*/ Header h, unsigned char **magicp, size_t *nmagicp)
  -	/*@*/
  +	/*@modifies *magicp, *nmagicp @*/
   {
       unsigned char * hmagic = (_newmagic ? meta_magic : header_magic);
       if (magicp)
  @@ -1209,7 +1173,7 @@
       if (h) {
   	memset(h->magic, 0, sizeof(h->magic));
   	if (nmagic > 0)
  -	    memcpy(h->magic, magic, nmagic);
  +	    memmove(h->magic, magic, nmagic);
       }
       return 0;
   }
  @@ -1283,9 +1247,7 @@
   {
       Header nh;
       /*@-onlytrans@*/
  -/*@-boundswrite@*/
       void * uh = headerUnload(h, NULL);
  -/*@=boundswrite@*/
       const char * origin;
       int_32 instance = h->instance;
       int xx;
  @@ -1304,10 +1266,8 @@
   	uh = _free(uh);
       nh->flags |= HEADERFLAG_ALLOCATED;
       if (ENTRY_IS_REGION(nh->index)) {
  -/*@-boundswrite@*/
   	if (tag == HEADER_SIGNATURES || tag == HEADER_IMMUTABLE)
   	    nh->index[0].info.tag = tag;
  -/*@=boundswrite@*/
       }
       if (origin != NULL) {
   	xx = headerSetOrigin(nh, origin);
  @@ -1327,10 +1287,8 @@
   	/*@*/
   {
       int_32 * ei = (int_32 *) uh;
  -/*@-boundsread@*/
       int_32 il = ntohl(ei[0]);		/* index length */
       int_32 dl = ntohl(ei[1]);		/* data length */
  -/*@=boundsread@*/
       /*@-sizeoftype@*/
       size_t pvlen = sizeof(il) + sizeof(dl) +
   			(il * sizeof(struct entryInfo_s)) + dl;
  @@ -1339,19 +1297,13 @@
       Header h = NULL;
   
       /* Sanity checks on header intro. */
  -    /*@-branchstate@*/
       if (!(hdrchkTags(il) || hdrchkData(dl)) && pvlen < headerMaxbytes) {
  -/*@-boundsread@*/
   	nuh = memcpy(xmalloc(pvlen), uh, pvlen);
  -/*@=boundsread@*/
   	if ((h = headerLoad(nuh)) != NULL)
   	    h->flags |= HEADERFLAG_ALLOCATED;
       }
  -    /*@=branchstate@*/
  -    /*@-branchstate@*/
       if (h == NULL)
   	nuh = _free(nuh);
  -    /*@=branchstate@*/
       return h;
   }
   
  @@ -1362,7 +1314,7 @@
    */
   static /*@null@*/
   Header headerRead(void * _fd)
  -	/*@modifies fd @*/
  +	/*@modifies _fd @*/
   {
       FD_t fd = _fd;
       int_32 block[4];
  @@ -1386,7 +1338,6 @@
   
       i = 0;
   
  -/*@-boundsread@*/
       {	/* XXX HEADER_MAGIC_YES */
   	magic = block[i++];
   	if (!(	!memcmp(&magic, header_magic, sizeof(magic))
  @@ -1399,7 +1350,6 @@
       
       il = ntohl(block[i]);	i++;
       dl = ntohl(block[i]);	i++;
  -/*@=boundsread@*/
   
       /*@-sizeoftype@*/
       len = sizeof(il) + sizeof(dl) + (il * sizeof(struct entryInfo_s)) + dl;
  @@ -1409,19 +1359,15 @@
       if (hdrchkTags(il) || hdrchkData(dl) || len > headerMaxbytes)
   	goto exit;
   
  -/*@-boundswrite@*/
       ei = xmalloc(len);
       ei[0] = htonl(il);
       ei[1] = htonl(dl);
       len -= sizeof(il) + sizeof(dl);
  -/*@=boundswrite@*/
   
  -/*@-boundsread@*/
       /*@-type@*/ /* FIX: cast? */
       if (timedRead(fd, (char *)&ei[2], len) != len)
   	goto exit;
       /*@=type@*/
  -/*@=boundsread@*/
       
       h = headerLoad(ei);
   
  @@ -1451,7 +1397,7 @@
   static
   int headerWrite(void * _fd, /*@null@*/ Header h)
   	/*@globals fileSystem @*/
  -	/*@modifies fd, h, fileSystem @*/
  +	/*@modifies _fd, h, fileSystem @*/
   {
       FD_t fd = _fd;
       ssize_t nb;
  @@ -1460,9 +1406,7 @@
   
       if (h == NULL)
   	return 1;
  -/*@-boundswrite@*/
       uh = headerUnload(h, &length);
  -/*@=boundswrite@*/
       if (uh == NULL)
   	return 1;
       {	/* XXX HEADER_MAGIC_YES */
  @@ -1472,11 +1416,9 @@
   	memcpy(mymagic, header_magic, sizeof(header_magic));
   	if (_newmagic && length > 8+3)
   	    mymagic[3] = ((unsigned char *)uh)[8+3];
  -/*@-boundsread@*/
   	/*@-sizeoftype@*/
   	nb = Fwrite(mymagic, sizeof(char), sizeof(mymagic), fd);
   	/*@=sizeoftype@*/
  -/*@=boundsread@*/
   	if (nb != sizeof(header_magic))
   	    goto exit;
       }
  @@ -1540,9 +1482,7 @@
   	    /*@-castexpose@*/
   	    entryInfo pe = (entryInfo) (ei + 2);
   	    /*@=castexpose@*/
  -/*@-boundsread@*/
   	    unsigned char * dataStart = (unsigned char *) (pe + ntohl(ei[0]));
  -/*@=boundsread@*/
   	    int_32 rdl = -entry->info.offset;	/* negative offset */
   	    int_32 ril = rdl/sizeof(*pe);
   
  @@ -1557,7 +1497,6 @@
   		rdl += REGION_TAG_COUNT;
   	    }
   
  -/*@-bounds@*/
   	    *p = xmalloc(count);
   	    ei = (int_32 *) *p;
   	    ei[0] = htonl(ril);
  @@ -1569,7 +1508,6 @@
   
   	    dataStart = (unsigned char *) memcpy(pe + ril, dataStart, rdl);
   	    /*@=sizeoftype@*/
  -/*@=bounds@*/
   
   	    rc = regionSwab(NULL, ril, 0, pe, dataStart, NULL, 0);
   	    /* XXX 1 on success. */
  @@ -1596,7 +1534,6 @@
   	char * t;
   	int i;
   
  -/*@-bounds@*/
   	/*@-mods@*/
   	if (minMem) {
   	    *p = xmalloc(tableSize);
  @@ -1610,11 +1547,8 @@
   	    memcpy(t, entry->data, entry->length);
   	}
   	/*@=mods@*/
  -/*@=bounds@*/
   	for (i = 0; i < count; i++) {
  -/*@-boundswrite@*/
   	    *ptrEntry++ = t;
  -/*@=boundswrite@*/
   	    t = strchr(t, 0);
   	    t++;
   	}
  @@ -1740,7 +1674,6 @@
   	return entry->data;
       /*@=mods@*/
   
  -/*@-boundsread@*/
       for (l = lang; *l != '\0'; l = le) {
   	const char *td;
   	char *ed;
  @@ -1763,7 +1696,6 @@
   
   	}
       }
  -/*@=boundsread@*/
   
       return entry->data;
   }
  @@ -1830,7 +1762,6 @@
   	/*@modifies data @*/
   {
       if (data) {
  -	/*@-branchstate@*/
   	if (type == -1 ||
   	    type == RPM_STRING_ARRAY_TYPE ||
   	    type == RPM_I18NSTRING_TYPE ||
  @@ -1838,13 +1769,14 @@
   	    type == RPM_ASN1_TYPE ||
   	    type == RPM_OPENPGP_TYPE)
   		data = _free(data);
  -	/*@=branchstate@*/
       }
       return NULL;
   }
   
  +/*@-redecl@*/
   /*@unchecked@*/
   extern headerTagIndices rpmTags;
  +/*@=redecl@*/
   
   /**
    * Return tag name from value.
  @@ -1877,6 +1809,7 @@
   			/*@null@*/ /*@out@*/ hTYP_t type,
   			/*@null@*/ /*@out@*/ void * p,
   			/*@null@*/ /*@out@*/ hCNT_t c)
  +	/*@globals headerCompoundFormats @*/
   	/*@modifies *type, *p, *c @*/
   	/*@requires maxSet(type) >= 0 /\ maxSet(p) >= 0 /\ maxSet(c) >= 0 @*/
   {
  @@ -2009,7 +1942,6 @@
       {	const char ** av = (const char **) srcPtr;
   	char * t = dstPtr;
   
  -/*@-bounds@*/
   	while (cnt-- > 0 && dataLength > 0) {
   	    const char * s;
   	    if ((s = *av++) == NULL)
  @@ -2018,13 +1950,10 @@
   		*t++ = *s++;
   	    } while (s[-1] && --dataLength > 0);
   	}
  -/*@=bounds@*/
       }	break;
   
       default:
  -/*@-boundswrite@*/
   	memmove(dstPtr, srcPtr, dataLength);
  -/*@=boundswrite@*/
   	break;
       }
   }
  @@ -2047,12 +1976,10 @@
       int length;
   
       length = dataLength(type, p, c, 0, NULL);
  -/*@-branchstate@*/
       if (length > 0) {
   	data = xmalloc(length);
   	copyData(type, data, p, c, length);
       }
  -/*@=branchstate@*/
   
       if (lenp)
   	*lenp = length;
  @@ -2091,9 +2018,7 @@
   	return 0;
   
       length = 0;
  -/*@-boundswrite@*/
       data = grabData(type, p, c, &length);
  -/*@=boundswrite@*/
       if (data == NULL || length <= 0)
   	return 0;
   
  @@ -2112,10 +2037,8 @@
       entry->data = data;
       entry->length = length;
   
  -/*@-boundsread@*/
       if (h->indexUsed > 0 && tag < h->index[h->indexUsed-1].info.tag)
   	h->flags &= ~HEADERFLAG_SORTED;
  -/*@=boundsread@*/
       h->indexUsed++;
   
       return 1;
  @@ -2159,9 +2082,7 @@
   
       if (ENTRY_IN_REGION(entry)) {
   	char * t = xmalloc(entry->length + length);
  -/*@-bounds@*/
   	memcpy(t, entry->data, entry->length);
  -/*@=bounds@*/
   	entry->data = t;
   	entry->info.offset = 0;
       } else
  @@ -2254,9 +2175,7 @@
   
       if (!table)
   	return 0;
  -    /*@-branchstate@*/
       if (!lang) lang = "C";
  -    /*@=branchstate@*/
   
       {	const char * l = table->data;
   	for (langNum = 0; langNum < table->info.count; langNum++) {
  @@ -2393,12 +2312,10 @@
       entry->data = data;
       entry->length = length;
   
  -    /*@-branchstate@*/
       if (ENTRY_IN_REGION(entry)) {
   	entry->info.offset = 0;
       } else
   	oldData = _free(oldData);
  -    /*@=branchstate@*/
   
       return 1;
   }
  @@ -2436,21 +2353,17 @@
       for (i = 0; i < num; i++) {
   	switch (format[i].type) {
   	case PTOK_ARRAY:
  -/*@-boundswrite@*/
   	    format[i].u.array.format =
   		freeFormat(format[i].u.array.format,
   			format[i].u.array.numTokens);
  -/*@=boundswrite@*/
   	    /*@switchbreak@*/ break;
   	case PTOK_COND:
  -/*@-boundswrite@*/
   	    format[i].u.cond.ifFormat =
   		freeFormat(format[i].u.cond.ifFormat, 
   			format[i].u.cond.numIfTokens);
   	    format[i].u.cond.elseFormat =
   		freeFormat(format[i].u.cond.elseFormat, 
   			format[i].u.cond.numElseTokens);
  -/*@=boundswrite@*/
   	    /*@switchbreak@*/ break;
   	case PTOK_NONE:
   	case PTOK_TAG:
  @@ -2567,7 +2480,6 @@
       int_32 tag, type, count;
       hPTR_t ptr;
      
  -    /*@-branchstate@*/
       for (hi = headerInitIterator(h);
   	headerNextIterator(hi, &tag, &type, &ptr, &count);
   	ptr = headerFreeData((void *)ptr, type))
  @@ -2575,7 +2487,6 @@
   	if (ptr) (void) headerAddEntry(nh, tag, type, ptr, count);
       }
       hi = headerFreeIterator(hi);
  -    /*@=branchstate@*/
   
       return headerReload(nh, HEADER_IMAGE);
   }
  @@ -2654,11 +2565,9 @@
   	    int_32 type;
   	    int_32 count;
   
  -/*@-boundswrite@*/
   	    if (!headerNextIterator(hsa->hi, &tagno, &type, NULL, &count))
   		fmt = NULL;
   	    tag->tag = tagno;
  -/*@=boundswrite@*/
   	}
       }
   
  @@ -2714,7 +2623,7 @@
   /*@observer@*/ /*@null@*/
   static const char * myTagName(headerTagTableEntry tbl, int val,
   		/*@null@*/ int *typep)
  -	/*@*/
  +	/*@modifies *typep @*/
   {
       static char name[128];
       const char * s;
  @@ -2780,15 +2689,11 @@
   	goto bingo;
       }
   
  -/*@-branchstate@*/
       if (strncmp("RPMTAG_", name, sizeof("RPMTAG_")-1)) {
  -/*@-boundswrite@*/
   	char * t = alloca(strlen(name) + sizeof("RPMTAG_"));
   	(void) stpcpy( stpcpy(t, "RPMTAG_"), name);
   	name = t;
  -/*@=boundswrite@*/
       }
  -/*@=branchstate@*/
   
       /* Search extensions for specific tag override. */
       for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST;
  @@ -2892,29 +2797,23 @@
   		    /*@=temptrans =assignexpose@*/
   		}
   		start++;
  -/*@-boundswrite@*/
   		*dst++ = *start++;
  -/*@=boundswrite@*/
   		/*@switchbreak@*/ break;
   	    } 
   
   	    token = format + numTokens++;
  -/*@-boundswrite@*/
   	    *dst++ = '\0';
  -/*@=boundswrite@*/
   	    start++;
   
   	    if (*start == '|') {
   		char * newEnd;
   
   		start++;
  -/*@-boundswrite@*/
   		if (parseExpression(hsa, token, start, &newEnd))
   		{
   		    format = freeFormat(format, numTokens);
   		    return 1;
   		}
  -/*@=boundswrite@*/
   		start = newEnd;
   		/*@switchbreak@*/ break;
   	    }
  @@ -2934,9 +2833,7 @@
   		return 1;
   	    }
   
  -/*@-boundswrite@*/
   	    *chptr++ = '\0';
  -/*@=boundswrite@*/
   
   	    while (start < chptr) {
   		if (xisdigit(*start)) {
  @@ -2963,17 +2860,13 @@
   		format = freeFormat(format, numTokens);
   		return 1;
   	    }
  -/*@-boundswrite@*/
   	    *next++ = '\0';
  -/*@=boundswrite@*/
   
   	    chptr = start;
   	    while (*chptr && *chptr != ':') chptr++;
   
   	    if (*chptr != '\0') {
  -/*@-boundswrite@*/
   		*chptr++ = '\0';
  -/*@=boundswrite@*/
   		if (!*chptr) {
   		    hsa->errmsg = _("empty tag format");
   		    format = freeFormat(format, numTokens);
  @@ -3005,13 +2898,10 @@
   	    /*@switchbreak@*/ break;
   
   	case '[':
  -/*@-boundswrite@*/
   	    *dst++ = '\0';
   	    *start++ = '\0';
  -/*@=boundswrite@*/
   	    token = format + numTokens++;
   
  -/*@-boundswrite@*/
   	    if (parseFormat(hsa, start,
   			    &token->u.array.format,
   			    &token->u.array.numTokens,
  @@ -3020,7 +2910,6 @@
   		format = freeFormat(format, numTokens);
   		return 1;
   	    }
  -/*@=boundswrite@*/
   
   	    if (!start) {
   		hsa->errmsg = _("] expected at end of array");
  @@ -3040,9 +2929,7 @@
   		format = freeFormat(format, numTokens);
   		return 1;
   	    }
  -/*@-boundswrite@*/
   	    *start++ = '\0';
  -/*@=boundswrite@*/
   	    if (endPtr) *endPtr = start;
   	    done = 1;
   	    /*@switchbreak@*/ break;
  @@ -3053,9 +2940,7 @@
   		format = freeFormat(format, numTokens);
   		return 1;
   	    }
  -/*@-boundswrite@*/
   	    *start++ = '\0';
  -/*@=boundswrite@*/
   	    if (endPtr) *endPtr = start;
   	    done = 1;
   	    /*@switchbreak@*/ break;
  @@ -3069,14 +2954,12 @@
   		/*@=temptrans =assignexpose@*/
   	    }
   
  -/*@-boundswrite@*/
   	    if (*start == '\\') {
   		start++;
   		*dst++ = escapedChar(*start++);
   	    } else {
   		*dst++ = *start++;
   	    }
  -/*@=boundswrite@*/
   	    /*@switchbreak@*/ break;
   	}
   	if (done)
  @@ -3084,10 +2967,8 @@
       }
       /*@=infloops@*/
   
  -/*@-boundswrite@*/
       if (dst != NULL)
           *dst = '\0';
  -/*@=boundswrite@*/
   
       for (i = 0; i < numTokens; i++) {
   	token = format + i;
  @@ -3101,7 +2982,6 @@
       return 0;
   }
   
  -/*@-boundswrite@*/
   static int parseExpression(headerSprintfArgs hsa, sprintfToken token,
   		char * str, /*@out@*/ char ** endPtr)
   {
  @@ -3199,7 +3079,6 @@
   
       return 0;
   }
  -/*@=boundswrite@*/
   
   /**
    * Call a header extension only once, saving results.
  @@ -3258,22 +3137,18 @@
   
       memset(buf, 0, sizeof(buf));
       if (tag->ext) {
  -/*@-boundswrite -branchstate @*/
   	if (getExtension(hsa, tag->ext, &type, &data, &count, hsa->ec + tag->extNum))
   	{
   	    count = 1;
   	    type = RPM_STRING_TYPE;	
   	    data = "(none)";
   	}
  -/*@=boundswrite =branchstate @*/
       } else {
  -/*@-boundswrite -branchstate @*/
   	if (!headerGetEntry(hsa->h, tag->tag, &type, &data, &count)) {
   	    count = 1;
   	    type = RPM_STRING_TYPE;	
   	    data = "(none)";
   	}
  -/*@=boundswrite =branchstate @*/
   
   	/* XXX this test is unnecessary, array sizes are checked */
   	switch (type) {
  @@ -3297,10 +3172,10 @@
       }
   
       if (tag->arrayCount) {
  -	/*@-branchstate -observertrans -modobserver@*/
  +/*@-modobserver -observertrans@*/
   	if (datafree)
   	    data = headerFreeData(data, type);
  -	/*@=branchstate =observertrans =modobserver@*/
  +/*@=modobserver =observertrans@*/
   
   	countBuf = count;
   	data = &countBuf;
  @@ -3308,11 +3183,8 @@
   	type = RPM_INT32_TYPE;
       }
   
  -/*@-boundswrite@*/
       (void) stpcpy( stpcpy(buf, "%"), tag->format);
  -/*@=boundswrite@*/
   
  -    /*@-branchstate@*/
       if (data)
       switch (type) {
       case RPM_STRING_ARRAY_TYPE:
  @@ -3416,7 +3288,6 @@
   	    static char hex[] = "0123456789abcdef";
   	    const char * s = data;
   
  -/*@-boundswrite@*/
   	    need = 2*count + tag->pad;
   	    val = t = xmalloc(need+1);
   	    while (count-- > 0) {
  @@ -3426,7 +3297,6 @@
   		*t++ = hex[ (i     ) & 0xf ];
   	    }
   	    *t = '\0';
  -/*@=boundswrite@*/
   #endif
   	}
   	break;
  @@ -3436,23 +3306,18 @@
   	val = xstrdup("(unknown type)");
   	break;
       }
  -    /*@=branchstate@*/
   
  -    /*@-branchstate -observertrans -modobserver@*/
  +/*@-modobserver -observertrans@*/
       if (datafree)
   	data = headerFreeData(data, type);
  -    /*@=branchstate =observertrans =modobserver@*/
  +/*@=modobserver =observertrans@*/
   
  -    /*@-branchstate@*/
       if (val && need > 0) {
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, val);
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
   	val = _free(val);
       }
  -    /*@=branchstate@*/
   
       return (hsa->val + hsa->vallen);
   }
  @@ -3489,9 +3354,7 @@
   	need = token->u.string.len;
   	if (need == 0) break;
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, token->u.string.string);
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
   	break;
   
  @@ -3533,16 +3396,12 @@
   		spft->u.tag.justOne) continue;
   
   	    if (spft->u.tag.ext) {
  -/*@-boundswrite@*/
   		if (getExtension(hsa, spft->u.tag.ext, &type, NULL, &count, 
   				 hsa->ec + spft->u.tag.extNum))
   		     continue;
  -/*@=boundswrite@*/
   	    } else {
  -/*@-boundswrite@*/
   		if (!headerGetEntry(hsa->h, spft->u.tag.tag, &type, NULL, &count))
   		    continue;
  -/*@=boundswrite@*/
   	    } 
   
   	    if (type == RPM_BIN_TYPE || type == RPM_ASN1_TYPE || type == RPM_OPENPGP_TYPE)
  @@ -3569,9 +3428,7 @@
   #ifdef	DYING	/* XXX lots of pugly "(none)" lines with --conflicts. */
   	    need = sizeof("(none)\n") - 1;
   	    t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	    te = stpcpy(t, "(none)\n");
  -/*@=boundswrite@*/
   	    hsa->vallen += (te - t);
   #endif
   	} else {
  @@ -3598,9 +3455,7 @@
   		}
   		need = sizeof("  <rpmTag name=\"\">\n") + strlen(tagN);
   		te = t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   		te = stpcpy( stpcpy( stpcpy(te, "  <rpmTag name=\""), tagN), "\">\n");
  -/*@=boundswrite@*/
   		hsa->vallen += (te - t);
   	    }
   	    if (isyaml) {
  @@ -3617,7 +3472,6 @@
   		}
   		need = sizeof("  :     - ") + strlen(tagN);
   		te = t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   		*te++ = ' ';
   		*te++ = ' ';
   		te = stpcpy(te, tagN);
  @@ -3632,7 +3486,6 @@
   			te = stpcpy(te, "- ");
   		}
   		*te = '\0';
  -/*@=boundswrite@*/
   		hsa->vallen += (te - t);
   	    }
   
  @@ -3650,18 +3503,14 @@
   	    if (isxml) {
   		need = sizeof("  </rpmTag>\n") - 1;
   		te = t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   		te = stpcpy(te, "  </rpmTag>\n");
  -/*@=boundswrite@*/
   		hsa->vallen += (te - t);
   	    }
   	    if (isyaml) {
   #if 0
   		need = sizeof("\n") - 1;
   		te = t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   		te = stpcpy(te, "\n");
  -/*@=boundswrite@*/
   		hsa->vallen += (te - t);
   #endif
   	    }
  @@ -3688,7 +3537,9 @@
   
       for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST;
   	ext = (ext->type == HEADER_EXT_MORE ? ext->u.more : ext+1), extNum++)
  +    {
   	;
  +    }
   
       ec = xcalloc(extNum, sizeof(*ec));
       return ec;
  @@ -3710,9 +3561,7 @@
       for (ext = exts, extNum = 0; ext != NULL && ext->type != HEADER_EXT_LAST;
   	ext = (ext->type == HEADER_EXT_MORE ? ext->u.more : ext+1), extNum++)
       {
  -/*@-boundswrite@*/
   	if (ec[extNum].freeit) ec[extNum].data = _free(ec[extNum].data);
  -/*@=boundswrite@*/
       }
   
       ec = _free(ec);
  @@ -3754,10 +3603,8 @@
   /*@=castexpose@*/
       hsa->errmsg = NULL;
   
  -/*@-boundswrite@*/
       if (parseFormat(hsa, hsa->fmt, &hsa->format, &hsa->numTokens, NULL, PARSER_BEGIN))
   	goto exit;
  -/*@=boundswrite@*/
   
       hsa->ec = rpmecNew(hsa->exts);
       hsa->val = xstrdup("");
  @@ -3774,17 +3621,13 @@
       if (isxml) {
   	need = sizeof("<rpmHeader>\n") - 1;
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, "<rpmHeader>\n");
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
       }
       if (isyaml) {
   	need = sizeof("- !!omap\n") - 1;
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, "- !!omap\n");
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
       }
   
  @@ -3801,17 +3644,13 @@
       if (isxml) {
   	need = sizeof("</rpmHeader>\n") - 1;
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, "</rpmHeader>\n");
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
       }
       if (isyaml) {
   	need = sizeof("\n") - 1;
   	t = hsaReserve(hsa, need);
  -/*@-boundswrite@*/
   	te = stpcpy(t, "\n");
  -/*@=boundswrite@*/
   	hsa->vallen += (te - t);
       }
   
  @@ -3848,17 +3687,13 @@
   
       if (type == RPM_INT32_TYPE) {
   	val = xmalloc(20 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "o");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, *((int_32 *) data));
   	/*@=formatconst@*/
       } else if (type == RPM_INT64_TYPE) {
   	val = xmalloc(40 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "llo");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, *((int_64 *) data));
   	/*@=formatconst@*/
  @@ -3885,17 +3720,13 @@
   
       if (type == RPM_INT32_TYPE) {
   	val = xmalloc(20 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "x");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, *((int_32 *) data));
   	/*@=formatconst@*/
       } else if (type == RPM_INT64_TYPE) {
   	val = xmalloc(40 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "llx");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(val, formatPrefix, *((int_64 *) data));
   	/*@=formatconst@*/
  @@ -3929,9 +3760,7 @@
   	char buf[50];
   
   	val = xmalloc(50 + padding);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   
   	/* this is important if sizeof(int_32) ! sizeof(time_t) */
   	{   time_t dateint = *((int_32 *) data);
  @@ -3999,30 +3828,23 @@
   
       if (type == RPM_INT32_TYPE) {
   	result = xmalloc(padding + 20);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "d");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(result, formatPrefix, *((int_32 *) data));
   	/*@=formatconst@*/
       } else if (type == RPM_INT64_TYPE) {
   	result = xmalloc(padding + 40);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "lld");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(result, formatPrefix, *((int_64 *) data));
   	/*@=formatconst@*/
       } else {
   	buf = alloca(strlen(data) + padding + 2);
  -/*@-boundswrite@*/
   	strcat(formatPrefix, "s");
  -/*@=boundswrite@*/
   	/*@-formatconst@*/
   	sprintf(buf, formatPrefix, data);
   	/*@=formatconst@*/
   
  -/*@-boundswrite@*/
   	result = dst = xmalloc(strlen(buf) * 4 + 3);
   	*dst++ = '\'';
   	for (src = buf; *src != '\0'; src++) {
  @@ -4037,7 +3859,6 @@
   	}
   	*dst++ = '\'';
   	*dst = '\0';
  -/*@=boundswrite@*/
   
       }
   
  @@ -4076,10 +3897,8 @@
   	int_32 count;
   	if (headerIsEntry(headerTo, *p))
   	    continue;
  -/*@-boundswrite@*/
   	if (!headerGetEntryMinMemory(headerFrom, *p, &type, &s, &count))
   	    continue;
  -/*@=boundswrite@*/
   	(void) headerAddEntry(headerTo, *p, type, s, count);
   	s = headerFreeData(s, type);
       }
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/header.h
  ============================================================================
  $ cvs diff -u -r1.24 -r1.25 header.h
  --- rpm/rpmdb/header.h	29 Sep 2007 16:23:40 -0000	1.24
  +++ rpm/rpmdb/header.h	30 Sep 2007 17:29:05 -0000	1.25
  @@ -902,7 +902,7 @@
   		/*@null@*/ /*@out@*/ const char ** vp,
   		/*@null@*/ /*@out@*/ const char ** rp,
   		/*@null@*/ /*@out@*/ const char ** ap)
  -	/*@modifies *np, *vp, *rp, *ap @*/;
  +	/*@modifies h, *np, *vp, *rp, *ap @*/;
   
   /**
    * Return header color.
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/header_internal.c
  ============================================================================
  $ cvs diff -u -r1.7 -r1.8 header_internal.c
  --- rpm/rpmdb/header_internal.c	8 Sep 2007 18:55:46 -0000	1.7
  +++ rpm/rpmdb/header_internal.c	30 Sep 2007 17:29:05 -0000	1.8
  @@ -17,7 +17,6 @@
       entryInfo info = iv;
       int i;
   
  -/*@-boundsread@*/
       for (i = 0; i < il; i++) {
   	info->tag = ntohl(pe[i].tag);
   	info->type = ntohl(pe[i].type);
  @@ -36,11 +35,9 @@
   	    return i;
   
       }
  -/*@=boundsread@*/
       return -1;
   }
   
  -/*@-boundswrite@*/
   char ** headerGetLangs(Header h)
   {
       char **s, *e, **table;
  @@ -59,9 +56,7 @@
   
       /*@-nullret@*/ return table; /*@=nullret@*/	/* LCL: double indirection? */
   }
  -/*@=boundswrite@*/
   
  -/*@-boundsread@*/
   /*@-type@*/ /* FIX: shrug */
   void headerDump(Header h, FILE *f, int flags,
   	const struct headerTagTableEntry_s * tags)
  @@ -202,4 +197,3 @@
   }
   /*@=type@*/
   /*@=sizeoftype@*/
  -/*@=boundsread@*/
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/legacy.c
  ============================================================================
  $ cvs diff -u -r1.33 -r1.34 legacy.c
  --- rpm/rpmdb/legacy.c	3 Aug 2007 19:22:12 -0000	1.33
  +++ rpm/rpmdb/legacy.c	30 Sep 2007 17:29:05 -0000	1.34
  @@ -41,6 +41,7 @@
    * @retval fsizep	file size
    * @return		-1 on error, otherwise, an open file descriptor
    */ 
  +/*@-compdef -moduncon -noeffectuncon @*/
   static int open_dso(const char * path, /*@null@*/ pid_t * pidp, /*@null@*/ size_t *fsizep)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
   	/*@modifies *pidp, *fsizep, rpmGlobalMacroContext,
  @@ -56,7 +57,6 @@
   	initted++;
       }
   
  -/*@-boundswrite@*/
       if (pidp) *pidp = 0;
   
       if (fsizep) {
  @@ -65,16 +65,13 @@
   	    return -1;
   	*fsizep = st->st_size;
       }
  -/*@=boundswrite@*/
   
       fdno = open(path, O_RDONLY);
       if (fdno < 0)
   	return fdno;
   
  -/*@-boundsread@*/
       if (!(cmd && *cmd))
   	return fdno;
  -/*@=boundsread@*/
   
   #if defined(HAVE_GELF_H) && defined(HAVE_LIBELF)
    {  Elf *elf = NULL;
  @@ -96,7 +93,6 @@
   /*@=evalorder@*/
   
       bingo = 0;
  -    /*@-branchstate -uniondef @*/
       while (!bingo && (scn = elf_nextscn(elf, scn)) != NULL) {
   	(void) gelf_getshdr(scn, &shdr);
   	if (shdr.sh_type != SHT_DYNAMIC)
  @@ -106,7 +102,9 @@
   	    int ndx;
   
               for (ndx = 0; ndx < maxndx; ++ndx) {
  +/*@-uniondef@*/
   		(void) gelf_getdyn (data, ndx, &dyn);
  +/*@=uniondef@*/
   		if (!(dyn.d_tag == DT_GNU_PRELINKED || dyn.d_tag == DT_GNU_LIBLIST))
   		    /*@innercontinue@*/ continue;
   		bingo = 1;
  @@ -114,9 +112,7 @@
   	    }
   	}
       }
  -    /*@=branchstate =uniondef @*/
   
  -/*@-boundswrite@*/
       if (pidp != NULL && bingo) {
   	int pipes[2];
   	pid_t pid;
  @@ -143,7 +139,6 @@
   	fdno = pipes[0];
   	xx = close(pipes[1]);
       }
  -/*@=boundswrite@*/
   
   exit:
       if (elf) (void) elf_end(elf);
  @@ -152,6 +147,7 @@
   
       return fdno;
   }
  +/*@=compdef =moduncon =noeffectuncon @*/
   
   int dodigest(int digestalgo, const char * fn, unsigned char * digest, int asAscii, size_t *fsizep)
   {
  @@ -249,12 +245,10 @@
       }
   
   exit:
  -/*@-boundswrite@*/
       if (fsizep)
   	*fsizep = fsize;
       if (!rc)
   	memcpy(digest, dsum, dlen);
  -/*@=boundswrite@*/
       dsum = _free(dsum);
   
       return rc;
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/merge.c
  ============================================================================
  $ cvs diff -u -r1.8 -r1.9 merge.c
  --- rpm/rpmdb/merge.c	19 Jul 2007 07:24:27 -0000	1.8
  +++ rpm/rpmdb/merge.c	30 Sep 2007 17:29:05 -0000	1.9
  @@ -1,4 +1,4 @@
  -/*@-bounds -mustmod -sizeoftype @*/
  +/*@-mustmod -sizeoftype @*/
   /*-
    * Copyright (c) 1992, 1993
    *	The Regents of the University of California.  All rights reserved.
  @@ -245,7 +245,6 @@
   	setup(list1, list2, nmemb, size, cmp);
   	last = list2 + nmemb * size;
   	i = big = 0;
  -/*@-branchstate@*/
   	while (*EVAL(list2) != last) {
   	    l2 = list1;
   	    p1 = EVAL(list1);
  @@ -347,7 +346,6 @@
   /*@=dependenttrans@*/
   	    last = list2 + nmemb*size;
   	}
  -/*@=branchstate@*/
   	if (base == list2) {
   		memmove(list2, list1, nmemb*size);
   		list2 = list1;
  @@ -357,4 +355,4 @@
   /*@=usereleased@*/
   	return (0);
   }
  -/*@=bounds =mustmod =sizeoftype @*/
  +/*@=mustmod =sizeoftype @*/
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/pkgio.c
  ============================================================================
  $ cvs diff -u -r1.8 -r1.9 pkgio.c
  --- rpm/rpmdb/pkgio.c	29 Sep 2007 18:18:57 -0000	1.8
  +++ rpm/rpmdb/pkgio.c	30 Sep 2007 17:29:05 -0000	1.9
  @@ -28,8 +28,13 @@
   #include <pkgio.h>
   #include "debug.h"
   
  +/*@access rpmts @*/
  +/*@access pgpDig @*/
  +/*@access pgpDigParams @*/
  +/*@access Header @*/            /* XXX compared with NULL */
   /*@access entryInfo @*/		/* XXX rdSignature */
   /*@access indexEntry @*/	/* XXX rdSignature */
  +/*@access FD_t @*/              /* XXX stealing digests */
   
   /*@unchecked@*/
   static int _print_pkts = 0;
  @@ -49,7 +54,9 @@
   
   pgpDigParams rpmtsPubkey(const rpmts ts)
   {
  +/*@-onlytrans@*/
       return pgpGetPubkey(rpmtsDig(ts));
  +/*@=onlytrans@*/
   }
   
   rpmRC rpmtsFindPubkey(rpmts ts, void * _dig)
  @@ -93,11 +100,12 @@
   	char * krn = alloca(strlen(krprefix) + sizeof("12345678"));
   	long key;
   
  -	snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4));
  +	(void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4));
   	krfp[sizeof(krfp)-1] = '\0';
   	*krn = '\0';
   	(void) stpcpy( stpcpy(krn, krprefix), krfp);
   
  +/*@-moduncon@*/
   	key = keyctl_search(keyring, "user", krn, 0);
   	xx = keyctl_read(key, NULL, 0);
   	if (xx > 0) {
  @@ -112,6 +120,7 @@
   		ts->pkpktlen = 0;
   	    }
           }
  +/*@=moduncon@*/
       }
   #endif
   
  @@ -132,17 +141,16 @@
   		continue;
   	    hx = rpmdbGetIteratorOffset(mi);
   	    ix = rpmdbGetIteratorFileNum(mi);
  -/*@-boundsread@*/
  +/*@-moduncon -nullstate @*/
   	    if (ix >= pc
   	     || b64decode(pubkeys[ix], (void **) &ts->pkpkt, &ts->pkpktlen))
   		ix = -1;
  -/*@=boundsread@*/
  +/*@=moduncon =nullstate @*/
   	    pubkeys = headerFreeData(pubkeys, pt);
   	    break;
   	}
   	mi = rpmdbFreeIterator(mi);
   
  -/*@-branchstate@*/
   	if (ix >= 0) {
   	    char hnum[32];
   	    sprintf(hnum, "h#%d", hx);
  @@ -151,7 +159,6 @@
   	    ts->pkpkt = _free(ts->pkpkt);
   	    ts->pkpktlen = 0;
   	}
  -/*@=branchstate@*/
       }
   
       /* Try keyserver lookup. */
  @@ -164,7 +171,6 @@
   	    xx = (pgpReadPkts(fn,&ts->pkpkt,&ts->pkpktlen) != PGPARMOR_PUBKEY);
   	}
   	fn = _free(fn);
  -/*@-branchstate@*/
   	if (xx) {
   	    ts->pkpkt = _free(ts->pkpkt);
   	    ts->pkpktlen = 0;
  @@ -172,7 +178,6 @@
   	    /* Save new pubkey in local ts keyring for delayed import. */
   	    pubkeysource = xstrdup("keyserver");
   	}
  -/*@=branchstate@*/
       }
   
   #ifdef	NOTNOW
  @@ -218,18 +223,18 @@
   	    char krfp[32];
   	    char * krn = alloca(strlen(krprefix) + sizeof("12345678"));
   
  -	    snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4));
  +	    (void) snprintf(krfp, sizeof(krfp), "%08X", pgpGrab(sigp->signid+4, 4));
   	    krfp[sizeof(krfp)-1] = '\0';
   	    *krn = '\0';
   	    (void) stpcpy( stpcpy(krn, krprefix), krfp);
  +/*@-moduncon -noeffectuncon @*/
   	    (void) add_key("user", krn, ts->pkpkt, ts->pkpktlen, keyring);
  +/*@=moduncon =noeffectuncon @*/
   	}
   #endif
   
   	/* Pubkey packet looks good, save the signer id. */
  -/*@-boundsread@*/
   	memcpy(ts->pksignid, pubp->signid, sizeof(ts->pksignid));
  -/*@=boundsread@*/
   
   	if (pubkeysource)
   	    rpmMessage(RPMMESS_DEBUG, "========== %s pubkey id %08x %08x (%s)\n",
  @@ -268,8 +273,10 @@
       if (ts != NULL) {
   	const void * osig = pgpGetSig(rpmtsDig(ts));
   	int_32 osigtype = pgpGetSigtype(rpmtsDig(ts));
  +/*@-modobserver -observertrans -dependenttrans @*/	/* FIX: pgpSetSig() lazy free. */
   	if (osig && osigtype)
   	    osig = headerFreeData(osig, osigtype);
  +/*@=modobserver =observertrans =dependenttrans @*/
   	ret = pgpSetSig(rpmtsDig(ts), sigtag, sigtype, sig, siglen);
       }
       return ret;
  @@ -361,8 +368,9 @@
    * @retval *msg		failure msg
    * @return		rpmRC return code
    */
  -static rpmRC rdLead(FD_t fd, void * ptr, const char ** msg)
  -	/*@modifies fd, *lead, *msg @*/
  +static rpmRC rdLead(FD_t fd, /*@out@*/ /*@null@*/ void * ptr,
  +		const char ** msg)
  +	/*@modifies fd, *ptr, *msg @*/
   {
       struct rpmlead ** leadp = ptr;
       struct rpmlead * l = xcalloc(1, sizeof(*l));
  @@ -436,8 +444,10 @@
   
   /*===============================================*/
   
  +/*@-redecl@*/
   /*@unchecked@*/
   extern int _newmagic;
  +/*@=redecl@*/
   
   /*@observer@*/ /*@unchecked@*/
   static unsigned char sigh_magic[8] = {
  @@ -519,7 +529,8 @@
    * @retval *msg		failure msg
    * @return		rpmRC return code
    */
  -static rpmRC rdSignature(FD_t fd, void * ptr, const char ** msg)
  +static rpmRC rdSignature(FD_t fd, /*@out@*/ /*@null@*/ void * ptr,
  +		const char ** msg)
   	/*@globals fileSystem @*/
   	/*@modifies fd, *ptr, *msg, fileSystem @*/
   {
  @@ -730,13 +741,11 @@
       pgpDig dig = rpmtsDig(ts);
       char buf[8*BUFSIZ];
       int_32 * ei = (int_32 *) uh;
  -/*@-boundsread@*/
       int_32 il = ntohl(ei[0]);
       int_32 dl = ntohl(ei[1]);
   /*@-castexpose@*/
       entryInfo pe = (entryInfo) &ei[2];
   /*@=castexpose@*/
  -/*@=boundsread@*/
       int_32 ildl[2];
       int_32 pvlen = sizeof(ildl) + (il * sizeof(*pe)) + dl;
       unsigned char * dataStart = (unsigned char *) (pe + il);
  @@ -757,9 +766,7 @@
       static int hclvl;
   
       hclvl++;
  -/*@-boundswrite@*/
       buf[0] = '\0';
  -/*@=boundswrite@*/
   
       /* Is the blob the right size? */
       if (uc > 0 && pvlen != uc) {
  @@ -802,9 +809,7 @@
       /* Is there an immutable header region tag trailer? */
       regionEnd = dataStart + entry->info.offset;
   /*@-sizeoftype@*/
  -/*@-bounds@*/
       (void) memcpy(info, regionEnd, REGION_TAG_COUNT);
  -/*@=bounds@*/
       regionEnd += REGION_TAG_COUNT;
   
       xx = headerVerifyInfo(1, dl, info, &entry->info, 1);
  @@ -820,9 +825,7 @@
   	goto exit;
       }
   /*@=sizeoftype@*/
  -/*@-boundswrite@*/
       memset(info, 0, sizeof(*info));
  -/*@=boundswrite@*/
   
       /* Is the no. of tags in the region less than the total no. of tags? */
       ril = entry->info.offset/sizeof(*pe);
  @@ -848,7 +851,6 @@
   	    if (vsflags & RPMVSF_NOSHA1HEADER)
   		/*@switchbreak@*/ break;
   	    blen = 0;
  -/*@-boundsread@*/
   	    for (b = dataStart + entry->info.offset; *b != '\0'; b++) {
   		if (strchr("0123456789abcdefABCDEF", *b) == NULL)
   		    /*@innerbreak@*/ break;
  @@ -859,11 +861,8 @@
   		(void) snprintf(buf, sizeof(buf), _("hdr SHA1: BAD, not hex\n"));
   		goto exit;
   	    }
  -/*@=boundsread@*/
   	    if (info->tag == 0) {
  -/*@-boundswrite@*/
   		*info = entry->info;	/* structure assignment */
  -/*@=boundswrite@*/
   		siglen = blen + 1;
   	    }
   	    /*@switchbreak@*/ break;
  @@ -874,9 +873,7 @@
   		(void) snprintf(buf, sizeof(buf), _("hdr RSA: BAD, not binary\n"));
   		goto exit;
   	    }
  -/*@-boundswrite@*/
   	    *info = entry->info;	/* structure assignment */
  -/*@=boundswrite@*/
   	    siglen = info->count;
   	    /*@switchbreak@*/ break;
   	case RPMTAG_DSAHEADER:
  @@ -886,9 +883,7 @@
   		(void) snprintf(buf, sizeof(buf), _("hdr DSA: BAD, not binary\n"));
   		goto exit;
   	    }
  -/*@-boundswrite@*/
   	    *info = entry->info;	/* structure assignment */
  -/*@=boundswrite@*/
   	    siglen = info->count;
   	    /*@switchbreak@*/ break;
   	default:
  @@ -900,10 +895,8 @@
   exit:
       /* Return determined RPMRC_OK/RPMRC_FAIL conditions. */
       if (rc != RPMRC_NOTFOUND) {
  -/*@-boundswrite@*/
   	buf[sizeof(buf)-1] = '\0';
   	if (msg) *msg = xstrdup(buf);
  -/*@=boundswrite@*/
   	hclvl--;
   	return rc;
       }
  @@ -921,26 +914,24 @@
   	    (void) snprintf(buf, sizeof(buf), "Header sanity check: OK\n");
   	    rc = RPMRC_OK;
   	}
  -/*@-boundswrite@*/
   	buf[sizeof(buf)-1] = '\0';
   	if (msg) *msg = xstrdup(buf);
  -/*@=boundswrite@*/
   	hclvl--;
   	return rc;
       }
   
       /* Verify header-only digest/signature. */
  -assert(dig);
  +assert(dig != NULL);
       dig->nbytes = 0;
   
  -/*@-boundsread@*/
       sig = memcpy(xmalloc(siglen), dataStart + info->offset, siglen);
  -/*@=boundsread@*/
       {
   	const void * osig = pgpGetSig(dig);
   	int_32 osigtype = pgpGetSigtype(dig);
  +/*@-modobserver -observertrans -dependenttrans @*/	/* FIX: pgpSetSig() lazy free. */
   	if (osig && osigtype)
   	    osig = headerFreeData(osig, osigtype);
  +/*@=modobserver =observertrans =dependenttrans @*/
   	(void) pgpSetSig(dig, info->tag, info->type, sig, info->count);
       }
   
  @@ -1002,11 +993,9 @@
   	}
   	/*@fallthrough@*/
       case RPMTAG_SHA1HEADER:
  -/*@-boundswrite@*/
   	ildl[0] = htonl(ril);
   	ildl[1] = (regionEnd - dataStart);
   	ildl[1] = htonl(ildl[1]);
  -/*@=boundswrite@*/
   
   	op = pgpStatsAccumulator(dig, 10);	/* RPMTS_OP_DIGEST */
   	(void) rpmswEnter(op, 0);
  @@ -1041,15 +1030,11 @@
   	break;
       }
   
  -/*@-boundswrite@*/
       buf[0] = '\0';
  -/*@=boundswrite@*/
       rc = rpmVerifySignature(dig, buf);
   
  -/*@-boundswrite@*/
       buf[sizeof(buf)-1] = '\0';
       if (msg) *msg = xstrdup(buf);
  -/*@=boundswrite@*/
   
       /* XXX headerCheck can recurse, free info only at top level. */
       if (hclvl == 1)
  @@ -1065,13 +1050,16 @@
    * @param ptr		metadata header (at least 32 bytes)
    * @return		size of header
    */
  -static size_t szHeader(const void * ptr)
  +static size_t szHeader(/*@null@*/ const void * ptr)
  +	/*@*/
   {
       uint32_t p[4];
  +assert(ptr != NULL);
       memcpy(p, ptr, sizeof(p));
       return (8 + 8 + 16 * ntohl(p[2]) + ntohl(p[3]));
   }
   
  +/*@-globuse@*/
   /**
    * Check metadata header.
    * @param fd		file handle
  @@ -1095,7 +1083,8 @@
    * @retval *msg		failure msg
    * @return		rpmRC return code
    */
  -static rpmRC rdHeader(FD_t fd, void * ptr, const char ** msg)
  +static rpmRC rdHeader(FD_t fd, /*@out@*/ /*@null@*/ void * ptr,
  +		const char ** msg)
   	/*@globals fileSystem @*/
   	/*@modifies fd, *ptr, *msg, fileSystem @*/
   {
  @@ -1135,6 +1124,7 @@
   
       return rc;
   }
  +/*@=globuse@*/
   
   /*===============================================*/
   
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/pkgio.h
  ============================================================================
  $ cvs diff -u -r1.3 -r1.4 pkgio.h
  --- rpm/rpmdb/pkgio.h	29 Sep 2007 18:18:57 -0000	1.3
  +++ rpm/rpmdb/pkgio.h	30 Sep 2007 17:29:05 -0000	1.4
  @@ -13,6 +13,25 @@
   /*@unchecked@*/
   extern int _nolead;
   
  +/** 
  + * Check header consistency, performing headerGetEntry() the hard way.
  + *  
  + * Sanity checks on the header are performed while looking for a
  + * header-only digest or signature to verify the blob. If found,
  + * the digest or signature is verified.
  + *
  + * @param ts		transaction set
  + * @param uh		unloaded header blob
  + * @param uc		no. of bytes in blob (or 0 to disable)
  + * @retval *msg		verification error message (or NULL)
  + * @return		RPMRC_OK on success
  + */
  +rpmRC headerCheck(rpmts ts, const void * uh, size_t uc,
  +		/*@out@*/ /*@null@*/ const char ** msg)
  +	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  +	/*@modifies ts, *msg, rpmGlobalMacroContext,
  +		fileSystem, internalState @*/;
  +
   /**
    * Return size of item in bytes.
    * @param fn		item name
  @@ -32,7 +51,7 @@
    */
   rpmRC rpmpkgWrite(const char * fn, FD_t fd, void * ptr, const char ** msg)
   	/*@globals fileSystem @*/
  -	/*@modifies fd, fileSystem @*/;
  +	/*@modifies fd, ptr, fileSystem @*/;
   
   /**
    * Read item from file descriptor.
  @@ -44,7 +63,8 @@
    */
   rpmRC rpmpkgRead(const char * fn, FD_t fd, /*@null@*/ /*@out@*/ void * ptr,
   		const char ** msg)
  -	/*@modifies fd, *ptr, *msg @*/;
  +	/*@globals fileSystem @*/
  +	/*@modifies fd, *ptr, *msg, fileSystem @*/;
   
   /**
    * Verify item integrity.
  @@ -55,7 +75,8 @@
    * @return		RPMRC_OK on success
    */
   rpmRC rpmpkgCheck(const char * fn, FD_t fd, const void * ptr, const char ** msg)
  -	/*@modifies fd, *msg @*/;
  +	/*@globals fileSystem @*/
  +	/*@modifies fd, ptr, *msg, fileSystem @*/;
   
   #ifdef __cplusplus
   }
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/rpmdb.c
  ============================================================================
  $ cvs diff -u -r1.161 -r1.162 rpmdb.c
  --- rpm/rpmdb/rpmdb.c	29 Sep 2007 19:29:02 -0000	1.161
  +++ rpm/rpmdb/rpmdb.c	30 Sep 2007 17:29:05 -0000	1.162
  @@ -60,7 +60,7 @@
   /*@-exporttype@*/
   typedef	unsigned int __pbm_bits;
   /*@=exporttype@*/
  -#define	__PBM_NBITS		(8 * sizeof (__pbm_bits))
  +#define	__PBM_NBITS		/*@-sizeoftype@*/(8 * sizeof(__pbm_bits))/*@=sizeoftype@*/
   #define	__PBM_IX(d)		((d) / __PBM_NBITS)
   #define __PBM_MASK(d)		((__pbm_bits) 1 << (((unsigned)(d)) % __PBM_NBITS))
   /*@-exporttype@*/
  @@ -75,7 +75,7 @@
   #define PBM_CLR(d, s)   (__PBM_BITS (s)[__PBM_IX (d)] &= ~__PBM_MASK (d))
   #define PBM_ISSET(d, s) ((__PBM_BITS (s)[__PBM_IX (d)] & __PBM_MASK (d)) != 0)
   
  -#define	PBM_ALLOC(d)	xcalloc(__PBM_IX (d) + 1, sizeof(__pbm_bits))
  +#define	PBM_ALLOC(d)	xcalloc(__PBM_IX (d) + 1, __PBM_NBITS/8)
   
   /**
    * Reallocate a bit map.
  @@ -89,18 +89,16 @@
   {
       int i, nb;
   
  -/*@-bounds -sizeoftype@*/
       if (nd > (*odp)) {
   	nd *= 2;
   	nb = __PBM_IX(nd) + 1;
   /*@-unqualifiedtrans@*/
  -	*sp = xrealloc(*sp, nb * sizeof(__pbm_bits));
  +	*sp = xrealloc(*sp, nb * (__PBM_NBITS/8));
   /*@=unqualifiedtrans@*/
   	for (i = __PBM_IX(*odp) + 1; i < nb; i++)
   	    __PBM_BITS(*sp)[i] = 0;
   	*odp = nd;
       }
  -/*@=bounds =sizeoftype@*/
   /*@-compdef -retalias -usereleased@*/
       return *sp;
   /*@=compdef =retalias =usereleased@*/
  @@ -129,7 +127,9 @@
    * @param size		size of data in bytes
    * @return		malloc'd hex string
    */
  +/*@only@*/
   static char * bin2hex(const void *data, size_t size)
  +	/*@*/
   {
       static char hex[] = "0123456789abcdef";
       const char * s = data;
  @@ -176,11 +176,9 @@
   
       if (db->db_tagn != NULL)
       for (dbix = 0; dbix < db->db_ndbi; dbix++) {
  -/*@-boundsread@*/
   	if (rpmtag != db->db_tagn[dbix])
   	    continue;
   	return dbix;
  -/*@=boundsread@*/
       }
       return -1;
   }
  @@ -235,12 +233,10 @@
   	bingo = 0;
   	if (dbiTags != NULL)
   	for (dbix = 0; dbix < dbiTagsMax; dbix++) {
  -/*@-boundsread@*/
   	    if (rpmtag == dbiTags[dbix]) {
   		bingo = 1;
   		/*@innerbreak@*/ break;
   	    }
  -/*@=boundsread@*/
   	}
   	if (bingo)
   	    continue;
  @@ -251,12 +247,10 @@
   
       if (dbiTagsMaxP != NULL)
   	*dbiTagsMaxP = dbiTagsMax;
  -/*@-branchstate@*/
       if (dbiTagsP != NULL)
   	*dbiTagsP = dbiTags;
       else
   	dbiTags = _free(dbiTags);
  -/*@=branchstate@*/
       dbiTagStr = _free(dbiTagStr);
   }
   /*@=exportheader@*/
  @@ -443,11 +437,9 @@
   };
   
   #define	_DBSWAP(_a) \
  -/*@-bounds@*/ \
     { unsigned char _b, *_c = (_a).uc; \
       _b = _c[3]; _c[3] = _c[0]; _c[0] = _b; \
       _b = _c[2]; _c[2] = _c[1]; _c[1] = _b; \
  -/*@=bounds@*/ \
     }
   
   /**
  @@ -478,7 +470,7 @@
       set->count = data->size / dbi->dbi_jlen;
       set->recs = xmalloc(set->count * sizeof(*(set->recs)));
   
  -/*@-bounds -sizeoftype @*/
  +/*@-sizeoftype @*/
       switch (dbi->dbi_jlen) {
       default:
       case 2*sizeof(int_32):
  @@ -514,7 +506,7 @@
   	break;
       }
       *setp = set;
  -/*@=bounds =sizeoftype @*/
  +/*@=sizeoftype @*/
   /*@-compdef@*/
       return 0;
   /*@=compdef@*/
  @@ -545,7 +537,7 @@
       }
       tdbir = data->data = xmalloc(data->size);
   
  -/*@-bounds -sizeoftype@*/
  +/*@-sizeoftype@*/
       switch (dbi->dbi_jlen) {
       default:
       case 2*sizeof(int_32):
  @@ -580,7 +572,7 @@
   	}
   	break;
       }
  -/*@=bounds =sizeoftype@*/
  +/*@=sizeoftype@*/
   
   /*@-compdef@*/
       return 0;
  @@ -753,13 +745,11 @@
   	rpmdb db;
   	rpmdbMatchIterator mi;
   
  -/*@-branchstate@*/
   	while ((mi = rpmmiRock) != NULL) {
   /*@i@*/	    rpmmiRock = mi->mi_next;
   	    mi->mi_next = NULL;
   /*@i@*/	    mi = rpmdbFreeIterator(mi);
   	}
  -/*@=branchstate@*/
   
   /*@-newreftrans@*/
   	while ((db = rpmdbRock) != NULL) {
  @@ -816,8 +806,8 @@
    */
   /*@mayexit@*/
   static int unblockSignals(/*@unused@*/ rpmdb db, sigset_t * oldMask)
  -	/*@globals rpmdbRock, fileSystem, internalState @*/
  -	/*@modifies rpmdbRock, fileSystem, internalState @*/
  +	/*@globals fileSystem, internalState @*/
  +	/*@modifies fileSystem, internalState @*/
   {
       (void) rpmdbCheckSignals();
       return sigprocmask(SIG_SETMASK, oldMask, NULL);
  @@ -861,13 +851,11 @@
       const char * fn = NULL;
       int xx;
   
  -/*@-branchstate@*/
       {	const char * fnfmt = rpmGetPath("%{?_hrmib_path}", NULL);
   	if (fnfmt && *fnfmt)
   	    fn = queryHeader(h, fnfmt);
   	fnfmt = _free(fnfmt);
       }
  -/*@=branchstate@*/
   
       if (fn == NULL)
   	goto exit;
  @@ -972,7 +960,6 @@
       for (dbix = 0; dbix < db->db_ndbi; dbix++) {
   	if (db->db_tagn[dbix] != rpmtag)
   	    continue;
  -/*@-boundswrite@*/
   	if (db->_dbi[dbix] != NULL) {
   	    int xx;
   	    /*@-unqualifiedtrans@*/		/* FIX: double indirection. */
  @@ -981,7 +968,6 @@
   	    db->_dbi[dbix] = NULL;
   	    /*@=unqualifiedtrans@*/
   	}
  -/*@=boundswrite@*/
   	break;
       }
       return rc;
  @@ -1080,7 +1066,6 @@
       const char * fn = NULL;
       urltype ut = urlPath(s, &fn);
   
  -/*@-branchstate@*/
       switch (ut) {
       case URL_IS_PATH:
       case URL_IS_UNKNOWN:
  @@ -1097,7 +1082,6 @@
   	fn = rpmGetPath(fn, NULL);
   	break;
       }
  -/*@=branchstate@*/
   
       /* Convert relative to absolute paths. */
       if (ut != URL_IS_PATH)	/* XXX permit file:///... URI's */
  @@ -1122,7 +1106,7 @@
   }
   
   /*@-exportheader@*/
  -/*@-mods@*/	/* FIX: dbTemplate structure assignment */
  +/*@-globs -mods -incondefs@*/	/* FIX: dbTemplate structure assignment */
   /*@only@*/ /*@null@*/
   rpmdb rpmdbNew(/*@kept@*/ /*@null@*/ const char * root,
   		/*@kept@*/ /*@null@*/ const char * home,
  @@ -1144,11 +1128,9 @@
   	oneshot = 1;
       }
   
  -/*@-boundswrite@*/
       /*@-assignexpose@*/
       *db = dbTemplate;	/* structure assignment */
       /*@=assignexpose@*/
  -/*@=boundswrite@*/
   
       db->_dbi = NULL;
   
  @@ -1180,7 +1162,7 @@
       return rpmdbLink(db, "rpmdbCreate");
       /*@=globstate@*/
   }
  -/*@=mods@*/
  +/*@=globs =mods =incondefs@*/
   /*@=exportheader@*/
   
   /*@-exportheader@*/
  @@ -1192,7 +1174,6 @@
   		fileSystem, internalState @*/
   	/*@modifies rpmdbRock, *dbp, rpmGlobalMacroContext,
   		fileSystem, internalState @*/
  -	/*@requires maxSet(dbp) >= 0 @*/
   {
       rpmdb db;
       int rc, xx;
  @@ -1307,9 +1288,7 @@
   int rpmdbOpen (const char * prefix, rpmdb *dbp, int mode, int perms)
   {
       int _dbapi = rpmExpandNumeric("%{_dbapi}");
  -/*@-boundswrite@*/
       return rpmdbOpenDatabase(prefix, NULL, _dbapi, dbp, mode, perms, 0);
  -/*@=boundswrite@*/
   }
   
   int rpmdbInit (const char * prefix, int perms)
  @@ -1318,10 +1297,8 @@
       int _dbapi = rpmExpandNumeric("%{_dbapi}");
       int rc;
   
  -/*@-boundswrite@*/
       rc = rpmdbOpenDatabase(prefix, NULL, _dbapi, &db, (O_CREAT | O_RDWR),
   		perms, RPMDB_FLAG_JUSTCHECK);
  -/*@=boundswrite@*/
       if (db != NULL) {
   	int xx;
   	xx = rpmdbOpenAll(db);
  @@ -1379,6 +1356,7 @@
    * @return		tagnum with (directory) path hash
    */
   static inline unsigned taghash(const char *s)
  +	/*@*/
   {
       unsigned int r = 0;
       int c;
  @@ -1424,23 +1402,19 @@
       *matches = NULL;
       if (filespec == NULL) return -2;
   
  -    /*@-branchstate@*/
       if ((baseName = strrchr(filespec, '/')) != NULL) {
       	char * t;
   	size_t len;
   
       	len = baseName - filespec + 1;
  -/*@-boundswrite@*/
   	t = strncpy(alloca(len + 1), filespec, len);
   	t[len] = '\0';
  -/*@=boundswrite@*/
   	dirName = t;
   	baseName++;
       } else {
   	dirName = "";
   	baseName = filespec;
       }
  -    /*@=branchstate@*/
       if (baseName == NULL)
   	return -2;
   
  @@ -1448,7 +1422,6 @@
       fp1 = fpLookup(fpc, dirName, baseName, 1);
   
       dbi = dbiOpen(db, RPMTAG_BASENAMES, 0);
  -/*@-branchstate@*/
       if (dbi != NULL) {
   	dbcursor = NULL;
   	xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, 0);
  @@ -1480,7 +1453,6 @@
   	dbcursor = NULL;
       } else
   	rc = -2;
  -/*@=branchstate@*/
   
       if (rc) {
   	allMatches = dbiFreeIndexSet(allMatches);
  @@ -1662,7 +1634,6 @@
       }
   
       /* Make sure the version and release match. */
  -    /*@-branchstate@*/
       for (i = 0; i < dbiIndexSetCount(*matches); i++) {
   	unsigned int recoff = dbiIndexRecordOffset(*matches, i);
   	rpmdbMatchIterator mi;
  @@ -1689,15 +1660,12 @@
   	}
   
   	h = rpmdbNextIterator(mi);
  -/*@-boundswrite@*/
   	if (h)
   	    (*matches)->recs[gotMatches++] = (*matches)->recs[i];
   	else
   	    (*matches)->recs[i].hdrNum = 0;
  -/*@=boundswrite@*/
   	mi = rpmdbFreeIterator(mi);
       }
  -    /*@=branchstate@*/
   
       if (gotMatches) {
   	(*matches)->count = gotMatches;
  @@ -1772,9 +1740,7 @@
       /*@-nullstate@*/	/* FIX: *matches may be NULL. */
       if (s == localarg) return RPMRC_NOTFOUND;
   
  -/*@-boundswrite@*/
       *s = '\0';
  -/*@=boundswrite@*/
       rc = dbiFindMatches(dbi, dbcursor, key, data, localarg, s + 1, NULL, matches);
       /*@=nullstate@*/
       if (rc != RPMRC_NOTFOUND) return rc;
  @@ -1805,9 +1771,7 @@
   
       if (s == localarg) return RPMRC_NOTFOUND;
   
  -/*@-boundswrite@*/
       *s = '\0';
  -/*@=boundswrite@*/
       /*@-nullstate@*/	/* FIX: *matches may be NULL. */
       return dbiFindMatches(dbi, dbcursor, key, data, localarg, s + 1, release, matches);
       /*@=nullstate@*/
  @@ -1840,8 +1804,9 @@
    * @return 		0 on success
    */
   static int miFreeHeader(rpmdbMatchIterator mi, dbiIndex dbi)
  -	/*@globals fileSystem, internalState @*/
  -	/*@modifies mi, dbi, fileSystem, internalState @*/
  +	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  +	/*@modifies mi, dbi,
  +		rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
   {
       int rc = 0;
   
  @@ -1860,6 +1825,7 @@
   /*@i@*/	key->data = (void *) &mi->mi_prevoffset;
   	key->size = sizeof(mi->mi_prevoffset);
   	{   size_t len;
  +	    len = 0;
   	    data->data = headerUnload(mi->mi_h, &len);
   	    data->size = len;	/* XXX data->size is uint32_t */
   #ifdef	DYING	/* XXX this is needed iff headerSizeof() is used instead. */
  @@ -1872,6 +1838,7 @@
   	    const char * msg = NULL;
   	    int lvl;
   
  +assert(data->data != NULL);
   	    rpmrc = headerCheck(mi->mi_ts, data->data, data->size, &msg);
   	    lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG);
   	    rpmMessage(lvl, "%s h#%8u %s",
  @@ -1992,7 +1959,6 @@
       size_t nb;
       int c;
   
  -/*@-boundswrite@*/
       switch (*modep) {
       default:
       case RPMMIRE_DEFAULT:
  @@ -2067,7 +2033,6 @@
   	pat = xstrdup(pattern);
   	break;
       }
  -/*@-boundswrite@*/
   
       return pat;
   }
  @@ -2082,7 +2047,6 @@
       int notmatch = 0;
       int rc = 0;
   
  -/*@-boundsread@*/
       if (defmode == (rpmMireMode)-1) {
   	const char *t = rpmExpand("%{?_query_selector_match}", NULL);
   
  @@ -2107,12 +2071,9 @@
   	notmatch = 1;
   	pattern++;
       }
  -/*@=boundsread@*/
   
       nmire = mireNew(mode, tag);
  -/*@-boundswrite@*/
       allpat = mireDup(nmire->tag, &nmire->mode, pattern);
  -/*@=boundswrite@*/
   
       if (nmire->mode == RPMMIRE_DEFAULT)
   	nmire->mode = defmode;
  @@ -2134,10 +2095,8 @@
       mire->tag = nmire->tag;
       mire->notmatch = notmatch;
   
  -/*@-boundsread@*/
       if (mi->mi_nre > 1)
   	qsort(mi->mi_re, mi->mi_nre, sizeof(*mi->mi_re), mireCmp);
  -/*@=boundsread@*/
   
   exit:
       allpat = _free(allpat);
  @@ -2180,7 +2139,6 @@
        * Apply tag tests, implicitly "||" for multiple patterns/values of a
        * single tag, implicitly "&&" between multiple tag patterns.
        */
  -/*@-boundsread@*/
       if ((mire = mi->mi_re) == NULL)
   	return 0;
   
  @@ -2254,7 +2212,6 @@
   	    }
   	    /*@innerbreak@*/ break;
   	}
  -/*@=boundsread@*/
   
   	if (mire->tag == RPMTAG_NVRA)
   	    u.str = _free(u.str);
  @@ -2333,12 +2290,10 @@
       if (mi->mi_dbc == NULL)
   	xx = dbiCopen(dbi, dbi->dbi_txnid, &mi->mi_dbc, mi->mi_cflags);
   
  -/*@-boundswrite@*/
       key = &mi->mi_key;
       memset(key, 0, sizeof(*key));
       data = &mi->mi_data;
       memset(data, 0, sizeof(*data));
  -/*@=boundswrite@*/
   
   top:
       uh = NULL;
  @@ -2347,7 +2302,6 @@
       do {
   union _dbswap mi_offset;
   
  -  	/*@-branchstate -compmempass @*/
   	if (mi->mi_set) {
   	    if (!(mi->mi_setx < mi->mi_set->count))
   		return NULL;
  @@ -2382,20 +2336,19 @@
   	     * largest header instance in the database, and should be
   	     * skipped.
   	     */
  -/*@-boundswrite@*/
   	    if (keyp && mi->mi_setx && rc == 0) {
   		memcpy(&mi_offset, keyp, sizeof(mi_offset.ui));
   if (dbiByteSwapped(dbi) == 1)
       _DBSWAP(mi_offset);
   		mi->mi_offset = mi_offset.ui;
   	    }
  -/*@=boundswrite@*/
   
   	    /* Terminate on error or end of keys */
  +/*@-compmempass@*/
   	    if (rc || (mi->mi_setx && mi->mi_offset == 0))
   		return NULL;
  +/*@=compmempass@*/
   	}
  -  	/*@=branchstate =compmempass @*/
   	mi->mi_setx++;
       } while (mi->mi_offset == 0);
   
  @@ -2406,13 +2359,13 @@
   /*@=compdef =refcounttrans =retalias =retexpose =usereleased @*/
   
       /* Retrieve next header blob for index iterator. */
  -    /*@-branchstate -compmempass -immediatetrans @*/
       if (uh == NULL) {
   	key->data = keyp;
   	key->size = keylen;
   #if !defined(_USE_COPY_LOAD)
   	data->flags |= DB_DBT_MALLOC;
   #endif
  +/*@-compmempass@*/
   	rc = dbiGet(dbi, mi->mi_dbc, key, data, DB_SET);
   	data->flags = 0;
   	keyp = key->data;
  @@ -2421,8 +2374,8 @@
   	uhlen = data->size;
   	if (rc)
   	    return NULL;
  +/*@=compmempass@*/
       }
  -    /*@=branchstate =compmempass =immediatetrans @*/
   
       /* Rewrite current header (if necessary) and unlink. */
       xx = miFreeHeader(mi, dbi);
  @@ -2432,7 +2385,6 @@
   	return NULL;
   
       /* Check header digest/signature once (if requested). */
  -/*@-boundsread -branchstate -sizeoftype @*/
       if (mi->mi_ts) {
   	rpmRC rpmrc = RPMRC_NOTFOUND;
   
  @@ -2451,6 +2403,7 @@
   	    const char * msg = NULL;
   	    int lvl;
   
  +assert(data->data != NULL);
   	    rpmrc = headerCheck(mi->mi_ts, uh, uhlen, &msg);
   	    lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG);
   	    rpmMessage(lvl, "%s h#%8u %s",
  @@ -2472,7 +2425,6 @@
   		goto top;
   	}
       }
  -/*@=boundsread =branchstate =sizeoftype @*/
   
       /* Did the header blob load correctly? */
   #if !defined(_USE_COPY_LOAD)
  @@ -2526,10 +2478,8 @@
        * than pure quicksort, but glibc uses msort_with_tmp() on stack.
        */
   #if defined(__GLIBC__)
  -/*@-boundsread@*/
   	qsort(mi->mi_set->recs, mi->mi_set->count,
   		sizeof(*mi->mi_set->recs), hdrNumCmp);
  -/*@=boundsread@*/
   #else
   	rpm_mergesort(mi->mi_set->recs, mi->mi_set->count,
   		sizeof(*mi->mi_set->recs), hdrNumCmp);
  @@ -2538,7 +2488,6 @@
       }
   }
   
  -/*@-bounds@*/ /* LCL: segfault */
   static int rpmdbGrowIterator(/*@null@*/ rpmdbMatchIterator mi, int fpNum,
   		unsigned int exclude, unsigned int tag)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  @@ -2620,7 +2569,6 @@
       dbcursor = NULL;
   #endif
   
  -/*@-branchstate@*/
       if (mi->mi_set == NULL) {
   	mi->mi_set = set;
       } else {
  @@ -2634,11 +2582,9 @@
   	mi->mi_set->count += set->count;
   	set = dbiFreeIndexSet(set);
       }
  -/*@=branchstate@*/
   
       return rc;
   }
  -/*@=bounds@*/
   
   int rpmdbPruneIterator(rpmdbMatchIterator mi, int * hdrNums,
   	int nHdrNums, int sorted)
  @@ -2702,7 +2648,6 @@
        * Handle label and file name special cases.
        * Otherwise, retrieve join keys for secondary lookup.
        */
  -/*@-branchstate@*/
       if (rpmtag != RPMDBI_PACKAGES && keyp) {
   	DBC * dbcursor = NULL;
   	int rc;
  @@ -2749,7 +2694,6 @@
   	    return NULL;
   	}
       }
  -/*@=branchstate@*/
   
       /* Copy the retrieval key, byte swapping header instance if necessary. */
       if (keyp) {
  @@ -2769,9 +2713,7 @@
   	    if (keylen == 0)
   		keylen = strlen(keyp);
   	    k = xmalloc(keylen + 1);
  -/*@-boundsread@*/
   	    memcpy(k, keyp, keylen);
  -/*@=boundsread@*/
   	    k[keylen] = '\0';	/* XXX assumes strings */
   	    mi_keyp = k;
   	  } break;
  @@ -2870,11 +2812,8 @@
   	    int i, j;
   
   	    dbi = NULL;
  -/*@-boundsread@*/
   	    rpmtag = db->db_tagn[dbix];
  -/*@=boundsread@*/
   
  -	    /*@-branchstate@*/
   	    switch (rpmtag) {
   	    /* Filter out temporary databases */
   	    case RPMDBI_AVAILABLE:
  @@ -2922,7 +2861,6 @@
   		/*@switchbreak@*/ break;
   
   	    }
  -	    /*@=branchstate@*/
   	
   	  dbi = dbiOpen(db, rpmtag, 0);
   	  if (dbi != NULL) {
  @@ -2937,7 +2875,6 @@
   
   	    printed = 0;
   	    xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, DB_WRITECURSOR);
  -/*@-branchstate@*/
   	    for (i = 0; i < rpmcnt; i++) {
   		dbiIndexSet set;
   		int stringvalued;
  @@ -2982,7 +2919,6 @@
   		    /*@fallthrough@*/
   		case RPM_STRING_ARRAY_TYPE:
   		    /* Convert from hex to binary. */
  -/*@-boundsread@*/
   		    if (dbi->dbi_rpmtag == RPMTAG_FILEDIGESTS) {
   			const char * s = rpmvals[i];
   			size_t dlen = strlen(s);
  @@ -3007,7 +2943,6 @@
   			key->size = nbin;
   			/*@switchbreak@*/ break;
   		    }
  -/*@=boundsread@*/
   		    /*@fallthrough@*/
   		default:
   /*@i@*/		    key->data = (void *) rpmvals[i];
  @@ -3090,7 +3025,6 @@
   /*@=compmempass@*/
   		set = dbiFreeIndexSet(set);
   	    }
  -/*@=branchstate@*/
   
   	    xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR);
   	    dbcursor = NULL;
  @@ -3099,8 +3033,10 @@
   		xx = dbiSync(dbi, 0);
   	  }
   
  +/*@-unqualifiedtrans@*/
   	    if (rpmtag == RPMTAG_NVRA)	/* XXX compound header extension. */
   		av[0] = _free(av[0]);
  +/*@=unqualifiedtrans@*/
   	    else
   	    if (rpmtype != RPM_BIN_TYPE)	/* XXX WTFO? HACK ALERT */
   		rpmvals = hfd(rpmvals, rpmtype);
  @@ -3190,7 +3126,6 @@
   	size_t datalen = 0;
   
         dbi = dbiOpen(db, RPMDBI_PACKAGES, 0);
  -      /*@-branchstate@*/
         if (dbi != NULL) {
   
   	nb = 0;
  @@ -3216,7 +3151,6 @@
   	datalen = data->size;
   /*@=compmempass@*/
   
  -/*@-bounds@*/
   	hdrNum = 0;
   	if (ret == 0 && datap) {
   	    memcpy(&mi_offset, datap, sizeof(mi_offset.ui));
  @@ -3234,7 +3168,6 @@
   	    datap = &mi_offset;
   	    datalen = sizeof(mi_offset.ui);
   	}
  -/*@=bounds@*/
   
   	key->data = keyp;
   	key->size = keylen;
  @@ -3251,7 +3184,6 @@
   	xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR);
   	dbcursor = NULL;
         }
  -      /*@=branchstate@*/
   
       }
   
  @@ -3285,9 +3217,7 @@
   	    rpmrc = RPMRC_NOTFOUND;
   	    dbi = NULL;
   	    requireFlags = NULL;
  -/*@-boundsread@*/
   	    rpmtag = db->db_tagn[dbix];
  -/*@=boundsread@*/
   
   	    switch (rpmtag) {
   	    /* Filter out temporary databases */
  @@ -3315,6 +3245,7 @@
   {   size_t len;
       nb = 0;
       (void) headerGetMagic(h, NULL, &nb);
  +    len = 0;
       data->data = headerUnload(h, &len);
       data->size = len;	/* XXX data->size is uint32_t */
   #ifdef	DYING	/* XXX this is needed iff headerSizeof() is used instead. */
  @@ -3327,6 +3258,7 @@
   		    const char * msg = NULL;
   		    int lvl;
   
  +assert(data->data != NULL);
   		    rpmrc = headerCheck(ts, data->data, data->size, &msg);
   		    lvl = (rpmrc == RPMRC_FAIL ? RPMMESS_ERROR : RPMMESS_DEBUG);
   		    rpmMessage(lvl, "%s h#%8u %s",
  @@ -3366,7 +3298,6 @@
   		/*@switchbreak@*/ break;
   	    }
   
  -	    /*@-branchstate@*/
   	    if (rpmcnt <= 0) {
   		if (rpmtag != RPMTAG_GROUP)
   		    continue;
  @@ -3376,7 +3307,6 @@
   		rpmvals = (const char **) "Unknown";
   		rpmcnt = 1;
   	    }
  -	    /*@=branchstate@*/
   
   	  dbi = dbiOpen(db, rpmtag, 0);
   	  if (dbi != NULL) {
  @@ -3394,7 +3324,6 @@
   	    printed = 0;
   	    xx = dbiCopen(dbi, dbi->dbi_txnid, &dbcursor, DB_WRITECURSOR);
   
  -/*@-branchstate@*/
   	    for (i = 0; i < rpmcnt; i++) {
   		dbiIndexSet set;
   		int stringvalued;
  @@ -3425,12 +3354,10 @@
   		    /*@switchbreak@*/ break;
   		case RPMTAG_TRIGGERNAME:
   		    if (i) {	/* don't add duplicates */
  -/*@-boundsread@*/
   			for (j = 0; j < i; j++) {
   			    if (!strcmp(rpmvals[i], rpmvals[j]))
   				/*@innerbreak@*/ break;
   			}
  -/*@=boundsread@*/
   			if (j < i)
   			    /*@innercontinue@*/ continue;
   		    }
  @@ -3468,7 +3395,6 @@
   		    /*@fallthrough@*/
   		case RPM_STRING_ARRAY_TYPE:
   		    /* Convert from hex to binary. */
  -/*@-boundsread@*/
   		    if (dbi->dbi_rpmtag == RPMTAG_FILEDIGESTS) {
   			const char * s = rpmvals[i];
   			size_t dlen = strlen(s);
  @@ -3493,7 +3419,6 @@
   			key->size = nbin;
   			/*@switchbreak@*/ break;
   		    }
  -/*@=boundsread@*/
   		    /*@fallthrough@*/
   		default:
   /*@i@*/		    key->data = (void *) rpmvals[i];
  @@ -3559,7 +3484,6 @@
   		data->size = 0;
   		set = dbiFreeIndexSet(set);
   	    }
  -/*@=branchstate@*/
   
   	    xx = dbiCclose(dbi, dbcursor, DB_WRITECURSOR);
   	    dbcursor = NULL;
  @@ -3568,13 +3492,13 @@
   		xx = dbiSync(dbi, 0);
   	  }
   
  +/*@-modobserver -unqualifiedtrans@*/
   	    if (rpmtag == RPMTAG_NVRA)	/* XXX compound header extension. */
   		av[0] = _free(av[0]);
  +/*@=modobserver =unqualifiedtrans@*/
   	    else
  -	/*@-observertrans@*/
   	    if (rpmtype != RPM_BIN_TYPE)	/* XXX WTFO? HACK ALERT */
   		rpmvals = hfd(rpmvals, rpmtype);
  -	/*@=observertrans@*/
   	    rpmtype = 0;
   	    rpmcnt = 0;
   	    bin = _free(bin);
  @@ -3609,7 +3533,7 @@
       if (db == NULL) return 0;
   
       mi = rpmdbInitIterator(db, RPMTAG_BASENAMES, NULL, 0);
  -assert(mi);	/* XXX will never happen. */
  +assert(mi != NULL);	/* XXX will never happen. */
       if (mi == NULL)
   	return 2;
   
  @@ -3620,13 +3544,11 @@
       for (i = 0; i < numItems; i++) {
   	   unsigned int tag;
   
  -/*@-boundswrite@*/
   	matchList[i] = xcalloc(1, sizeof(*(matchList[i])));
  -/*@=boundswrite@*/
   
  -/*@-boundsread -dependenttrans@*/
  +/*@-dependenttrans@*/
   key->data = (void *) fpList[i].baseName;
  -/*@=boundsread =dependenttrans@*/
  +/*@=dependenttrans@*/
   key->size = strlen((char *)key->data);
   if (key->size == 0) key->size++;	/* XXX "/" fixup. */
   
  @@ -3663,12 +3585,10 @@
   	im = mi->mi_set->recs + start;
   
   	/* Find the end of the set of matched basename's in this package. */
  -/*@-boundsread@*/
   	for (end = start + 1; end < mi->mi_set->count; end++) {
   	    if (im->hdrNum != mi->mi_set->recs[end].hdrNum)
   		/*@innerbreak@*/ break;
   	}
  -/*@=boundsread@*/
   	num = end - start;
   
   	/* Compute fingerprints for this installed header's matches */
  @@ -3678,18 +3598,15 @@
   
   	baseNames = xcalloc(num, sizeof(*baseNames));
   	dirIndexes = xcalloc(num, sizeof(*dirIndexes));
  -/*@-bounds@*/
   	for (i = 0; i < num; i++) {
   	    baseNames[i] = fullBaseNames[im[i].tagNum];
   	    dirIndexes[i] = fullDirIndexes[im[i].tagNum];
   	}
  -/*@=bounds@*/
   
   	fps = xcalloc(num, sizeof(*fps));
   	fpLookupList(fpc, dirNames, baseNames, dirIndexes, num, fps);
   
   	/* Add db (recnum,filenum) to list for fingerprint matches. */
  -/*@-boundsread@*/
   	for (i = 0; i < num; i++, im++) {
   	    /*@-nullpass@*/ /* FIX: fpList[].subDir may be NULL */
   	    if (!FP_EQUAL(fps[i], fpList[im->fpNum]))
  @@ -3697,7 +3614,6 @@
   	    /*@=nullpass@*/
   	    xx = dbiAppendSet(matchList[im->fpNum], im, 1, sizeof(*im), 0);
   	}
  -/*@=boundsread@*/
   
   	fps = _free(fps);
   	dirNames = hfd(dirNames, dnt);
  @@ -3729,9 +3645,7 @@
       const char *fn;
       int urltype = urlPath(urlfn, &fn);
   
  -    /*@-branchstate@*/
       if (*fn == '\0') fn = "/";
  -    /*@=branchstate@*/
       switch (urltype) {
       case URL_IS_HTTPS:	/* XXX WRONG WRONG WRONG */
       case URL_IS_HTTP:	/* XXX WRONG WRONG WRONG */
  @@ -3760,8 +3674,8 @@
   static int rpmdbRemoveDatabase(const char * prefix,
   		const char * dbpath, int _dbapi,
   		const int * dbiTags, int dbiTagsMax)
  -	/*@globals h_errno, fileSystem, internalState @*/
  -	/*@modifies fileSystem, internalState @*/
  +	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  +	/*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/
   { 
       const char * fn;
       int xx;
  @@ -3785,7 +3699,7 @@
   	fn = rpmGetPath(prefix, dbpath, "/", "__db.000", NULL);
   	suffix = (char *)(fn + strlen(fn) - (sizeof("000") - 1));
   	for (i = 0; i < 16; i++) {
  -	    snprintf(suffix, sizeof("000"), "%03d", i);
  +	    (void) snprintf(suffix, sizeof("000"), "%03d", i);
   	    if (rpmioFileExists(fn))
   		xx = Unlink(fn);
   	}
  @@ -3809,8 +3723,8 @@
   		const char * olddbpath, int _olddbapi,
   		const char * newdbpath, /*@unused@*/ int _newdbapi,
   		const int * dbiTags, int dbiTagsMax)
  -	/*@globals h_errno, fileSystem, internalState @*/
  -	/*@modifies fileSystem, internalState @*/
  +	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  +	/*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/
   {
       struct stat nsb, * nst = &nsb;
       const char * ofn, * nfn;
  @@ -3882,12 +3796,12 @@
   	nsuffix = (char *)(nfn + strlen(nfn) - (sizeof("000") - 1));
   
   	for (i = 0; i < 16; i++) {
  -	    snprintf(osuffix, sizeof("000"), "%03d", i);
  +	    (void) snprintf(osuffix, sizeof("000"), "%03d", i);
   	    if (rpmioFileExists(ofn)) {
   		rpmMessage(RPMMESS_DEBUG, D_("removing region file \"%s\"\n"), ofn);
   		xx = Unlink(ofn);
   	    }
  -	    snprintf(nsuffix, sizeof("000"), "%03d", i);
  +	    (void) snprintf(nsuffix, sizeof("000"), "%03d", i);
   	    if (rpmioFileExists(nfn)) {
   		rpmMessage(RPMMESS_DEBUG, D_("removing region file \"%s\"\n"), nfn);
   		xx = Unlink(nfn);
  @@ -3924,9 +3838,7 @@
       int * dbiTags = NULL;
       int dbiTagsMax = 0;
   
  -    /*@-branchstate@*/
       if (prefix == NULL) prefix = "/";
  -    /*@=branchstate@*/
       prefix = rpmGetPath(prefix, NULL);	/* strip trailing '/' */
   
       _dbapi = rpmExpandNumeric("%{_dbapi}");
  @@ -3937,9 +3849,7 @@
       /*@-nullpass@*/
       tfn = rpmGetPath("%{?_dbpath}", NULL);
       /*@=nullpass@*/
  -/*@-boundsread@*/
       if (!(tfn && tfn[0] != '\0'))
  -/*@=boundsread@*/
       {
   	rpmMessage(RPMMESS_DEBUG, D_("no dbpath has been set"));
   	rc = 1;
  @@ -3953,17 +3863,13 @@
       /*@-nullpass@*/
       tfn = rpmGetPath("%{?_dbpath_rebuild}", NULL);
       /*@=nullpass@*/
  -/*@-boundsread@*/
       if (!(tfn && tfn[0] != '\0' && strcmp(tfn, dbpath)))
  -/*@=boundsread@*/
       {
   	char pidbuf[20];
   	char *t;
   	sprintf(pidbuf, "rebuilddb.%d", (int) getpid());
   	t = xmalloc(strlen(dbpath) + strlen(pidbuf) + 1);
  -/*@-boundswrite@*/
   	(void)stpcpy(stpcpy(t, dbpath), pidbuf);
  -/*@=boundswrite@*/
   	tfn = _free(tfn);
   	tfn = t;
   	nocleanup = 0;
  @@ -3996,24 +3902,20 @@
   
       rpmMessage(RPMMESS_DEBUG, D_("opening old database with dbapi %d\n"),
   		_dbapi);
  -/*@-boundswrite@*/
       if (rpmdbOpenDatabase(prefix, dbpath, _dbapi, &olddb, O_RDONLY, 0644, 
   		     RPMDB_FLAG_MINIMAL)) {
   	rc = 1;
   	goto exit;
       }
  -/*@=boundswrite@*/
       _dbapi = olddb->db_api;
       _rebuildinprogress = 1;
       rpmMessage(RPMMESS_DEBUG, D_("opening new database with dbapi %d\n"),
   		_dbapi_rebuild);
       (void) rpmDefineMacro(NULL, "_rpmdb_rebuild %{nil}", -1);
  -/*@-boundswrite@*/
       if (rpmdbOpenDatabase(prefix, newdbpath, _dbapi_rebuild, &newdb, O_RDWR | O_CREAT, 0644, 0)) {
   	rc = 1;
   	goto exit;
       }
  -/*@=boundswrite@*/
   
       _rebuildinprogress = 0;
   
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/rpmdb.h
  ============================================================================
  $ cvs diff -u -r1.66 -r1.67 rpmdb.h
  --- rpm/rpmdb/rpmdb.h	29 Sep 2007 19:29:02 -0000	1.66
  +++ rpm/rpmdb/rpmdb.h	30 Sep 2007 17:29:05 -0000	1.67
  @@ -914,6 +914,7 @@
   
   /** @todo document rpmdbNew
    */
  +/*@only@*/ /*@null@*/
   rpmdb rpmdbNew(/*@kept@*/ /*@null@*/ const char * root,
   		/*@kept@*/ /*@null@*/ const char * home,
   		int mode, int perms, int flags);
  @@ -923,7 +924,11 @@
   int rpmdbOpenDatabase(/*@null@*/ const char * prefix,
   		/*@null@*/ const char * dbpath,
   		int _dbapi, /*@null@*/ /*@out@*/ rpmdb *dbp,
  -		int mode, int perms, int flags);
  +		int mode, int perms, int flags)
  +	/*@globals rpmGlobalMacroContext, h_errno,
  +		fileSystem, internalState @*/
  +	/*@modifies *dbp, rpmGlobalMacroContext,
  +		fileSystem, internalState @*/;
   
   /** \ingroup rpmdb
    * Open rpm database.
  @@ -1178,7 +1183,8 @@
    */
   int rpmdbAdd(/*@null@*/ rpmdb db, int iid, Header h, /*@null@*/ rpmts ts)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  -	/*@modifies db, h, rpmGlobalMacroContext, fileSystem, internalState @*/;
  +	/*@modifies db, h, ts,
  +		rpmGlobalMacroContext, fileSystem, internalState @*/;
   
   /** \ingroup rpmdb
    * Remove package header from rpm database and indices.
  @@ -1191,7 +1197,8 @@
   int rpmdbRemove(/*@null@*/ rpmdb db, /*@unused@*/ int rid, unsigned int hdrNum,
   		/*@null@*/ rpmts ts)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  -	/*@modifies db, rpmGlobalMacroContext, fileSystem, internalState @*/;
  +	/*@modifies db, ts,
  +		rpmGlobalMacroContext, fileSystem, internalState @*/;
   
   /** \ingroup rpmdb
    * Rebuild database indices from package headers.
  @@ -1201,7 +1208,7 @@
    */
   int rpmdbRebuild(/*@null@*/ const char * prefix, /*@null@*/ rpmts ts)
   	/*@globals rpmGlobalMacroContext, h_errno, fileSystem, internalState @*/
  -	/*@modifies rpmGlobalMacroContext, fileSystem, internalState @*/;
  +	/*@modifies ts, rpmGlobalMacroContext, fileSystem, internalState @*/;
   
   /**
    * Mergesort, same arguments as qsort(2).
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/sqlite.c
  ============================================================================
  $ cvs diff -u -r1.14 -r1.15 sqlite.c
  --- rpm/rpmdb/sqlite.c	29 Sep 2007 17:06:25 -0000	1.14
  +++ rpm/rpmdb/sqlite.c	30 Sep 2007 17:29:05 -0000	1.15
  @@ -1,4 +1,3 @@
  -/*@-bounds@*/
   /*@-mustmod@*/
   /*@-paramuse@*/
   /*@-globuse@*/
  @@ -6,7 +5,6 @@
   /*@-noeffectuncon@*/
   /*@-compdef@*/
   /*@-compmempass@*/
  -/*@-branchstate@*/
   /*@-modfilesystem@*/
   /*@-evalorderuncon@*/
   
  @@ -99,7 +97,7 @@
   };
   
   union _dbswap {
  -    unsigned int ui;
  +    uint32_t ui;
       unsigned char uc[4];
   };
   
  @@ -145,7 +143,9 @@
   /*@-globs@*/
       xx = Chdir("/");
   /*@=globs@*/
  +/*@-modobserver@*/
       xx = Chroot(dbi->dbi_root);
  +/*@=modobserver@*/
   assert(xx == 0);
       sqlInRoot=1;
   }
  @@ -163,9 +163,9 @@
   if (_debug)
   fprintf(stderr, "sql:chroot(.)\n");
   
  -/*@-superuser@*/
  +/*@-modobserver@*/
       xx = Chroot(".");
  -/*@=superuser@*/
  +/*@=modobserver@*/
   assert(xx == 0);
       if (sqlCwd != NULL) {
   /*@-globs@*/
  @@ -680,7 +680,7 @@
    * Create the table.. create the db_info
    */
   static int sql_initDB(dbiIndex dbi)
  -	/*@*/
  +	/*@globals rpmGlobalMacroContext, h_errno @*/
   {
       SQL_DB * sqldb = (SQL_DB *) dbi->dbi_db;
       SCP_t scp = scpNew(dbi->dbi_db);
  @@ -690,15 +690,13 @@
       if (dbi->dbi_tmpdir) {
           const char *root;
           const char *tmpdir;
  +        int xx;
           root = (dbi->dbi_root ? dbi->dbi_root : dbi->dbi_rpmdb->db_root);
  -        /*@-boundsread@*/
           if ((root[0] == '/' && root[1] == '\0') || dbi->dbi_rpmdb->db_chrootDone)
               root = NULL;
  -        /*@=boundsread@*/
           /*@-mods@*/
           tmpdir = rpmGenPath(root, dbi->dbi_tmpdir, NULL);
           /*@=mods@*/
  -        int xx;
           sprintf(cmd, "PRAGMA temp_store_directory = '%s';", tmpdir);
           xx = sqlite3_exec(sqldb->db, cmd, NULL, NULL, (char **)&scp->pzErrmsg);
           tmpdir = _free(tmpdir);
  @@ -970,7 +968,7 @@
       (void) rpmioMkpath(dbhome, 0755, getuid(), getgid());
          
       if (dbi->dbi_eflags & DB_PRIVATE)
  -        dbfname = strdup(":memory:");
  +        dbfname = xstrdup(":memory:");
       else
           dbfname = rpmGenPath(dbhome, dbi->dbi_file, NULL);
   
  @@ -988,9 +986,9 @@
       if (dbi->dbi_perms) {
           if ((0644 /* = SQLite hard-coded default */ & dbi->dbi_perms) != dbi->dbi_perms) {
               /* add requested permission bits which are still missing (semantic) */
  -            Chmod(dbfname, dbi->dbi_perms);
  +            (void) Chmod(dbfname, dbi->dbi_perms);
           }
  -        umask(umask_safed);
  +        (void) umask(umask_safed);
       }
       if (xx != SQLITE_OK)
   	sql_errcode = sqlite3_errmsg(sqldb->db);
  @@ -1576,7 +1574,6 @@
   
   /*@=evalorderuncon@*/
   /*@=modfilesystem@*/
  -/*@=branchstate@*/
   /*@=compmempass@*/
   /*@=compdef@*/
   /*@=moduncon@*/
  @@ -1584,4 +1581,3 @@
   /*@=globuse@*/
   /*@=paramuse@*/
   /*@=mustmod@*/
  -/*@=bounds@*/
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/rpmdb/tagname.c
  ============================================================================
  $ cvs diff -u -r1.5 -r1.6 tagname.c
  --- rpm/rpmdb/tagname.c	16 Jul 2007 01:32:32 -0000	1.5
  +++ rpm/rpmdb/tagname.c	30 Sep 2007 17:29:05 -0000	1.6
  @@ -144,7 +144,6 @@
   	strcpy(nameBuf, "(unknown)");
   	if (_rpmTags.byValue == NULL)
   	    break;
  -/*@-boundswrite@*/
   	l = 0;
   	u = _rpmTags.byValueSize;
   	while (l < u) {
  @@ -201,7 +200,6 @@
       default:
   	if (_rpmTags.byValue == NULL)
   	    break;
  -/*@-boundswrite@*/
   	l = 0;
   	u = _rpmTags.byValueSize;
   	while (l < u) {
  @@ .
  patch -p0 <<'@@ .'
  Index: rpm/system.h
  ============================================================================
  $ cvs diff -u -r2.87 -r2.88 system.h
  --- rpm/system.h	11 Sep 2007 06:39:05 -0000	2.87
  +++ rpm/system.h	30 Sep 2007 17:29:04 -0000	2.88
  @@ -600,8 +600,10 @@
   /*@=constuse@*/
   #endif
   
  +/*@-redecl@*/
   extern int fnmatch (const char *__pattern, const char *__name, int __flags)
   	/*@*/;
  +/*@=redecl@*/
   /*@=declundef =incondefs @*/
   #endif
   
  @@ .
Received on Sun Sep 30 19:29:07 2007
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.