name_list_to_string() and constraint_expr_to_string() both define an exit label to clean-up dynamically-allocated memory when an error occurs, but they miss some variables. Free the missing ones too. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> --- libsepol/src/module_to_cil.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 18b2a6f86fe3..45acdeb1a4e0 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1153,6 +1153,7 @@ static int name_list_to_string(char **names, int num_names, char **string) return 0; exit: + free(str); return rc; } @@ -1697,7 +1698,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp const char *fmt_str; const char *attr1; const char *attr2; - char *names; + char *names = NULL; char **name_list = NULL; int num_names = 0; struct type_set *ts; @@ -1798,6 +1799,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp names_destroy(&name_list, &num_names); free(names); + names = NULL; } num_params = 0; @@ -1887,6 +1889,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp exit: names_destroy(&name_list, &num_names); + free(names); free(new_val); free(val1); -- 2.12.0 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
