Use calloc() instead of mallocarray() so that everything is initialized to zero to prevent the use of unitialized memory when validating malformed binary policies. Found by oss-fuzz (#45493) Signed-off-by: James Carter <jwcart2@xxxxxxxxx> --- libsepol/src/conditional.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index f78b38a2..a620451d 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p) if (p->bool_val_to_struct) free(p->bool_val_to_struct); p->bool_val_to_struct = (cond_bool_datum_t **) - mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); + calloc(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); if (!p->bool_val_to_struct) return -1; return 0; -- 2.34.1
