On Mon, Mar 14, 2022 at 2:24 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > Use calloc() instead of mallocarray() so that everything is > initialized to zero to prevent the use of unitialized memory when > validating malformed binary policies. > > Found by oss-fuzz (#45493) > > Signed-off-by: James Carter <jwcart2@xxxxxxxxx> > --- > libsepol/src/conditional.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c > index f78b38a2..a620451d 100644 > --- a/libsepol/src/conditional.c > +++ b/libsepol/src/conditional.c > @@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p) > if (p->bool_val_to_struct) > free(p->bool_val_to_struct); > p->bool_val_to_struct = (cond_bool_datum_t **) > - mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); > + calloc(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); > if (!p->bool_val_to_struct) > return -1; > return 0; > -- > 2.34.1 Why not change the mallocarray macro to use calloc? I see a number of mallocarray calls that should be audited if this approach is taken.
