Avoid integer underflow on invalid filetrans source types. policydb.c:2658:47: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int' #0 0x4cf4cb in policydb_filetrans_insert ./libsepol/src/policydb.c:2658:47 #1 0x4d221a in filename_trans_read_one_compat ./libsepol/src/policydb.c:2691:7 #2 0x4d221a in filename_trans_read ./libsepol/src/policydb.c:2842:9 #3 0x4d1370 in policydb_read ./libsepol/src/policydb.c:4447:7 #4 0x4b1ee3 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:35:6 #5 0x43f2f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #6 0x42ae32 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #7 0x430d5b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #8 0x45a1f2 in main (./out/binpolicy-fuzzer+0x45a1f2) #9 0x7f8b8923a7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #10 0x407aa9 in _start (./out/binpolicy-fuzzer+0x407aa9) Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/policydb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index a3d34d30..25ffa07c 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2683,7 +2683,10 @@ static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp) if (rc < 0) goto err; - stype = le32_to_cpu(buf[0]); + stype = le32_to_cpu(buf[0]); + if (stype == 0) + goto err; + ttype = le32_to_cpu(buf[1]); tclass = le32_to_cpu(buf[2]); otype = le32_to_cpu(buf[3]); -- 2.34.1