From: "Christian Göttsche" <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 1/3] libsepol: do not pass NULL to memcpy
Date: Wed, 13 Oct 2021 14:53:56 +0200 [thread overview]
Message-ID: <20211013125358.15534-1-cgzones@googlemail.com> (raw)
For the first iteration `mod->perm_map[sclassi]` is NULL, thus do not
use it as source of a memcpy(3), even with a size of 0. memcpy(3) might
be annotated with the function attribute nonnull and UBSan then
complains:
link.c:193:3: runtime error: null pointer passed as argument 2, which is declared to never be null
Use a realloc + memset instead of a calloc and free to increase the size
of `mod->perm_map[sclassi]`.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/link.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
index 7512a4d9..75ce2b20 100644
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@@ -185,14 +185,12 @@ static int permission_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
* may have originated from the class -or- it could be from
* the class's common parent.*/
if (perm->s.value > mod->perm_map_len[sclassi]) {
- uint32_t *newmap = calloc(perm->s.value, sizeof(*newmap));
+ uint32_t *newmap = realloc(mod->perm_map[sclassi], perm->s.value * sizeof(*newmap));
if (newmap == NULL) {
ERR(state->handle, "Out of memory!");
return -1;
}
- memcpy(newmap, mod->perm_map[sclassi],
- mod->perm_map_len[sclassi] * sizeof(*newmap));
- free(mod->perm_map[sclassi]);
+ memset(newmap + mod->perm_map_len[sclassi], '\0', perm->s.value - mod->perm_map_len[sclassi]);
mod->perm_map[sclassi] = newmap;
mod->perm_map_len[sclassi] = perm->s.value;
}
--
2.33.0
next reply other threads:[~2021-10-13 12:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 12:53 Christian Göttsche [this message]
2021-10-13 12:53 ` [PATCH 2/3] libsemanage: do not sort empty records Christian Göttsche
2021-10-16 19:34 ` Nicolas Iooss
2021-10-13 12:53 ` [PATCH 3/3] libsemanage/tests: free memory Christian Göttsche
2021-10-16 20:08 ` Nicolas Iooss
2021-10-16 19:30 ` [PATCH 1/3] libsepol: do not pass NULL to memcpy Nicolas Iooss
2021-10-19 12:50 ` Christian Göttsche
2021-10-19 15:11 ` [PATCH v2 " Christian Göttsche
2021-10-19 15:11 ` [PATCH v2 2/3] libsemanage: do not sort empty records Christian Göttsche
2021-10-19 15:11 ` [PATCH v2 3/3] libsemanage/tests: free memory Christian Göttsche
2021-11-08 21:38 ` [PATCH v2 1/3] libsepol: do not pass NULL to memcpy Nicolas Iooss
2021-11-11 22:01 ` Nicolas Iooss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211013125358.15534-1-cgzones@googlemail.com \
--to=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.