tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libsepol: do not dereference a NULL pointer when stack_init() fails

Browse source 
In cond_expr_to_cil() when stack_init(&stack) fails, stack is set to
NULL and the execution flow jumps to label "exit". This triggers a call
to stack_pop(stack) which dereferences a NULL pointer in "if (stack->pos
== -1)".

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-03-28 23:41:46 +02:00 committed by James Carter
parent 5ed45797df
commit a83f1cfd7e
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
libsepol/src/module_to_cil.c
View file

@ -1363,11 +1363,12 @@ exit:
free(new_val);
free(val1);
free(val2);
while ((val1 = stack_pop(stack)) != NULL) {
free(val1);
if (stack != NULL) {
while ((val1 = stack_pop(stack)) != NULL) {
free(val1);
}
stack_destroy(&stack);
}
stack_destroy(&stack);
return rc;
}