Check (for the probably impossible) case the serialized data is longer
than the compiled fcontext format supports.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libselinux/src/regex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
index 16df6790..88d82fed 100644
--- a/libselinux/src/regex.c
+++ b/libselinux/src/regex.c
@@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex)
/* encode the pattern for serialization */
rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex,
1, &bytes, &serialized_size, NULL);
- if (rc != 1) {
+ if (rc != 1 || serialized_size >= UINT32_MAX) {
rc = -1;
goto out;
}
--
2.40.1
