clang's static analyzer reports that ebitmap_to_names() can call
malloc(0) when the bitmap is empty. If malloc() returns NULL, this
triggers a misleading "Out of memory" error.
Work around this by treating empty bitmaps as appropriate.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
---
libsepol/src/module_to_cil.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 310cf1a7b1c1..56887366707a 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -1009,6 +1009,12 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n
}
}
+ if (!num) {
+ *names = NULL;
+ *num_names = 0;
+ goto exit;
+ }
+
name_arr = malloc(sizeof(*name_arr) * num);
if (name_arr == NULL) {
log_err("Out of memory");
--
2.17.0
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
