On Thu, Oct 21, 2021 at 10:09 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> memcpy(3) might be annotated with the function attribute nonnull and
> UBSan then complains:
>
> module.c:296:3: runtime error: null pointer passed as argument 2, which is declared to never be null
> #0 0x7f2468efa5b3 in link_netfilter_contexts ./libsepol/src/module.c:296
> #1 0x7f2468efa5b3 in sepol_link_packages ./libsepol/src/module.c:337
> #2 0x562331e9e123 in main ./semodule-utils/semodule_link/semodule_link.c:145
> #3 0x7f2467e247ec in __libc_start_main ../csu/libc-start.c:332
> #4 0x562331e9d2a9 in _start (./destdir/usr/bin/semodule_link+0x32a9)
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> libsepol/src/module.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/libsepol/src/module.c b/libsepol/src/module.c
> index 02a5de2c..ed777f8e 100644
> --- a/libsepol/src/module.c
> +++ b/libsepol/src/module.c
> @@ -293,9 +293,11 @@ static int link_netfilter_contexts(sepol_module_package_t * base,
> }
> base->netfilter_contexts = base_context;
> for (i = 0; i < num_modules; i++) {
> - memcpy(base->netfilter_contexts + base->netfilter_contexts_len,
> - modules[i]->netfilter_contexts,
> - modules[i]->netfilter_contexts_len);
> + if (modules[i]->netfilter_contexts_len > 0) {
> + memcpy(base->netfilter_contexts + base->netfilter_contexts_len,
> + modules[i]->netfilter_contexts,
> + modules[i]->netfilter_contexts_len);
> + }
> base->netfilter_contexts_len +=
> modules[i]->netfilter_contexts_len;
This line should be in the if statement as well. There is no point in
adding a 0, since the check for > 0 is already being made.
Jim
> }
> --
> 2.33.0
>
