When marking a type attribute as used in a neverallow (to help determine whether or not it should be expanded), check if the attribute's expression list is empty (no attributes are associated with it) before iterating over the list. Signed-off-by: James Carter <jwcart2@xxxxxxxxx> Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> --- libsepol/cil/src/cil_post.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 05842b64..38544aef 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -1494,6 +1494,10 @@ static void __mark_neverallow_attrs(struct cil_list *expr_list) { struct cil_list_item *curr; + if (!expr_list) { + return; + } + cil_list_for_each(curr, expr_list) { if (curr->flavor == CIL_DATUM) { if (FLAVOR(curr->data) == CIL_TYPEATTRIBUTE) { -- 2.26.3