cil_level_equals() builds two bitmap and compare them but does not destroy them before returning the result. This memory leak has been found by running clang's Address Sanitizer on a set of policies generated by American Fuzzy Lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> --- libsepol/cil/src/cil.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 15833c1322e2..7c40ad0c5ed8 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -1299,7 +1299,9 @@ static int cil_level_equals(struct cil_level *low, struct cil_level *high) goto exit; } - return ebitmap_cmp(&elow, &ehigh); + rc = ebitmap_cmp(&elow, &ehigh); + ebitmap_destroy(&elow); + ebitmap_destroy(&ehigh); exit: return rc; -- 2.11.1 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
