On Mon, Jun 14, 2021 at 5:05 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> When marking a type attribute as used in a neverallow (to help determine
> whether or not it should be expanded), check if the attribute's expression
> list is empty (no attributes are associated with it) before iterating
> over the list.
>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
For this patch:
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Thanks!
> ---
> libsepol/cil/src/cil_post.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
> index 05842b64..38544aef 100644
> --- a/libsepol/cil/src/cil_post.c
> +++ b/libsepol/cil/src/cil_post.c
> @@ -1494,6 +1494,10 @@ static void __mark_neverallow_attrs(struct cil_list *expr_list)
> {
> struct cil_list_item *curr;
>
> + if (!expr_list) {
> + return;
> + }
> +
> cil_list_for_each(curr, expr_list) {
> if (curr->flavor == CIL_DATUM) {
> if (FLAVOR(curr->data) == CIL_TYPEATTRIBUTE) {
> --
> 2.26.3
>
