On Tue, Oct 19, 2021 at 5:13 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> For the first iteration `mod->perm_map[sclassi]` is NULL, thus do not
> use it as source of a memcpy(3), even with a size of 0. memcpy(3) might
> be annotated with the function attribute nonnull and UBSan then
> complains:
>
> link.c:193:3: runtime error: null pointer passed as argument 2, which is declared to never be null
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
For these 3 patches:
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Sorry for the delay, I have been busy with other topics.
Thanks!
Nicolas
> ---
> v2:
> drop realloc rewrite, just check for 0 size
> ---
> libsepol/src/link.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> index 7512a4d9..b14240d5 100644
> --- a/libsepol/src/link.c
> +++ b/libsepol/src/link.c
> @@ -190,8 +190,9 @@ static int permission_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
> ERR(state->handle, "Out of memory!");
> return -1;
> }
> - memcpy(newmap, mod->perm_map[sclassi],
> - mod->perm_map_len[sclassi] * sizeof(*newmap));
> + if (mod->perm_map_len[sclassi] > 0) {
> + memcpy(newmap, mod->perm_map[sclassi], mod->perm_map_len[sclassi] * sizeof(*newmap));
> + }
> free(mod->perm_map[sclassi]);
> mod->perm_map[sclassi] = newmap;
> mod->perm_map_len[sclassi] = perm->s.value;
> --
> 2.33.0
>
