Handle format arguments that do not have a size of at least 2. kernel_to_common.c:69:20: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long' #0 0x557b0b in create_str_helper ./libsepol/src/kernel_to_common.c:69:20 #1 0x5577b8 in create_str ./libsepol/src/kernel_to_common.c:99:8 #2 0x56448c in cond_expr_to_str ./libsepol/src/kernel_to_conf.c:82:15 #3 0x56448c in write_cond_nodes_to_conf ./libsepol/src/kernel_to_conf.c:2103:10 #4 0x55bd9b in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3171:7 #5 0x4f9d79 in main ./checkpolicy/checkpolicy.c:684:11 #6 0x7fe2a342b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #7 0x41f3a9 in _start (./checkpolicy/checkpolicy+0x41f3a9) Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/kernel_to_common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 47c02d61..152f2816 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -57,7 +57,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) va_list vargs2; char *str = NULL; char *s; - size_t len; + size_t len, s_len; int i, rc; va_copy(vargs2, vargs); @@ -66,7 +66,8 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) for (i=0; i<num; i++) { s = va_arg(vargs, char *); - len += strlen(s) - 2; /* -2 for each %s in fmt */ + s_len = strlen(s); + len += s_len > 1 ? s_len - 2 : 0; /* -2 for each %s in fmt */ } str = malloc(len); -- 2.33.0