Handle format arguments that do not have a size of at least 2.
kernel_to_common.c:69:20: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long'
#0 0x557b0b in create_str_helper ./libsepol/src/kernel_to_common.c:69:20
#1 0x5577b8 in create_str ./libsepol/src/kernel_to_common.c:99:8
#2 0x56448c in cond_expr_to_str ./libsepol/src/kernel_to_conf.c:82:15
#3 0x56448c in write_cond_nodes_to_conf ./libsepol/src/kernel_to_conf.c:2103:10
#4 0x55bd9b in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3171:7
#5 0x4f9d79 in main ./checkpolicy/checkpolicy.c:684:11
#6 0x7fe2a342b7ec in __libc_start_main csu/../csu/libc-start.c:332:16
#7 0x41f3a9 in _start (./checkpolicy/checkpolicy+0x41f3a9)
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/src/kernel_to_common.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 47c02d61..152f2816 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -57,7 +57,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs)
va_list vargs2;
char *str = NULL;
char *s;
- size_t len;
+ size_t len, s_len;
int i, rc;
va_copy(vargs2, vargs);
@@ -66,7 +66,8 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs)
for (i=0; i<num; i++) {
s = va_arg(vargs, char *);
- len += strlen(s) - 2; /* -2 for each %s in fmt */
+ s_len = strlen(s);
+ len += s_len > 1 ? s_len - 2 : 0; /* -2 for each %s in fmt */
}
str = malloc(len);
--
2.33.1
