From: William Roberts <william.c.roberts@xxxxxxxxx> The newc variable is calloc'd and assigned to a new owner during a loop. After the first assignment of newc to newgenfs->head, the subsequent iteration could fail before the newc is reseated with a new heap allocation pointer. When the subsequent iteration fails, the newc variable is freed. Later, an attempt it made to free the same pointer assigned to newgenfs->head. To correct this, clear newc after every loop iteration. Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> --- libsepol/src/policydb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 6a80f94..971793d 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2812,6 +2812,8 @@ static int genfs_read(policydb_t * p, struct policy_file *fp) l->next = newc; else newgenfs->head = newc; + /* clear newc after a new owner has the pointer */ + newc = NULL; } } -- 1.9.1 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
