In cond_expr_to_cil(), when stack_init() fails to allocate a stack, the
function calls stack_pop() with stack = NULL. Then stack_pop()
dereferences the pointer ("if (stack->pos == -1) {"), which is NULL.
Fix this by moving the stack cleaning loop in a "if (stack != NULL)"
block.
This issue is reported by clang's static analyzer with the following
message:
module_to_cil.c:463:6: warning: Access to field 'pos' results in a
dereference of a null pointer (loaded from variable 'stack')
if (stack->pos == -1) {
^~~~~~~~~~
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/module_to_cil.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 5b8ed19eaa14..c6f1659c84ef 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -1917,10 +1917,12 @@ exit:
free(new_val);
free(val1);
free(val2);
- while ((val1 = stack_pop(stack)) != NULL) {
- free(val1);
+ if (stack != NULL) {
+ while ((val1 = stack_pop(stack)) != NULL) {
+ free(val1);
+ }
+ stack_destroy(&stack);
}
- stack_destroy(&stack);
return rc;
}
--
2.17.0
