Ensure counts are not set to the maximum value of their type. Also limit their size during fuzzing to prevent OOM reports. Reported-by: oss-fuzz (issue 60572), caused at the time by the filetrans prefix proposal Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- v2: rebase after revert of filename prefix proposal --- libsepol/src/avtab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 1ef5ee00..7c2328b7 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -600,7 +600,7 @@ int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers) goto bad; } nel = le32_to_cpu(buf[0]); - if (!nel) { + if (zero_or_saturated(nel)) { ERR(fp->handle, "table is empty"); goto bad; } -- 2.42.0