cil_gen_default() and cil_gen_defaultrange() call cil_fill_list()
without checking its return value. If it failed, propagate the return
value to the caller.
This issue has been found using clang's static analyzer. It reported
"warning: Value stored to 'rc' is never read" four times.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/cil/src/cil_build_ast.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 8a19df480989..4b03dc35d408 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -5592,9 +5592,11 @@ int cil_gen_default(struct cil_tree_node *parse_current, struct cil_tree_node *a
if (parse_current->next->cl_head == NULL) {
cil_list_init(&def->class_strs, CIL_CLASS);
cil_list_append(def->class_strs, CIL_STRING, parse_current->next->data);
- rc = SEPOL_OK;
} else {
rc = cil_fill_list(parse_current->next->cl_head, CIL_CLASS, &def->class_strs);
+ if (rc != SEPOL_OK) {
+ goto exit;
+ }
}
object = parse_current->next->next->data;
@@ -5657,9 +5659,11 @@ int cil_gen_defaultrange(struct cil_tree_node *parse_current, struct cil_tree_no
if (parse_current->next->cl_head == NULL) {
cil_list_init(&def->class_strs, CIL_CLASS);
cil_list_append(def->class_strs, CIL_STRING, parse_current->next->data);
- rc = SEPOL_OK;
} else {
rc = cil_fill_list(parse_current->next->cl_head, CIL_CLASS, &def->class_strs);
+ if (rc != SEPOL_OK) {
+ goto exit;
+ }
}
object = parse_current->next->next->data;
--
2.12.0
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
