From 541aab88459128e2d48bd1fad2c190154a5288c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 9 Nov 2023 14:53:15 +0100 Subject: [PATCH] libsepol: avoid memory corruption on realloc failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use a single pointer variable for the realloc(3) result to not immediately override the source pointer. Also don't unnecessarily copy the first character. Reported by Clang Analyzer: services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign] 810 | **r_buf = **new_buf; | ^ ~~~~~~~~~ Signed-off-by: Christian Göttsche Acked-by: James Carter Reference: https://github.com/SELinuxProject/selinux/commit/541aab88459128e2d48bd1fad2c190154a5288c0 Conflict: NA --- libsepol/src/services.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libsepol/src/services.c b/libsepol/src/services.c index aa1ad52c..0eeee7ec 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -787,8 +787,8 @@ mls_ops: if (r_buf && ((s[0] == 0) || ((s[0] == 1 && (flags & SHOW_GRANTED) == SHOW_GRANTED)))) { - int len, new_buf_len; - char *p, **new_buf = r_buf; + int len; + char *p; /* * These contain the constraint components that are added to the * callers reason buffer. @@ -801,13 +801,13 @@ mls_ops: len = snprintf(p, reason_buf_len - reason_buf_used, "%s", buffers[x]); if (len < 0 || len >= reason_buf_len - reason_buf_used) { - new_buf_len = reason_buf_len + REASON_BUF_SIZE; - *new_buf = realloc(*r_buf, new_buf_len); - if (!*new_buf) { + int new_buf_len = reason_buf_len + REASON_BUF_SIZE; + char *new_buf = realloc(*r_buf, new_buf_len); + if (!new_buf) { ERR(NULL, "failed to realloc reason buffer"); goto out1; } - **r_buf = **new_buf; + *r_buf = new_buf; reason_buf_len = new_buf_len; continue; } else { -- 2.33.0