1b3b36aeec
Nicolas Iooss found while fuzzing secilc with AFL that the following policy will cause a segfault. (category c0) (category c1) (categoryorder (c0 c1)) (sensitivity s0) (sensitivitycategory s0 (not (all))) The expression "(not (all))" is evaluated as containing no categories. There is a check for the resulting empty list and the category datum expression is set to NULL. The segfault occurs because the datum expression is assumed to be non-NULL after evaluation. Assign the list to the datum expression even if it is empty. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| cil | ||
| include | ||
| man | ||
| src | ||
| tests | ||
| utils | ||
| .gitignore | ||
| ChangeLog | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||