When list_init() fails to allocate a list with calloc(), it calls
list_destroy(&l) with l = NULL. This functions starts by dereferencing
its argument ("(*list)->head"), which does not work well when it is
NULL.
This bug can be fixed by returning directly in list_init() when calloc()
fails. Doing so allows making list_init() implementation shorter by
removing label "exit" and local variable "rc".
This issue has been found using clang's static analyzer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/module_to_cil.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 6c33b94da9d9..308ada4f1381 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -250,19 +250,13 @@ static void attr_list_destroy(struct list **attr_list)
static int list_init(struct list **list)
{
- int rc = -1;
struct list *l = calloc(1, sizeof(*l));
if (l == NULL) {
- goto exit;
+ return -1;
}
*list = l;
-
return 0;
-
-exit:
- list_destroy(&l);
- return rc;
}
static int list_prepend(struct list *list, void *data)
--
2.11.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
