Ensure counts are not set to the maximum value of their type.
Also limit their size during fuzzing to prevent OOM reports.
Reported-by: oss-fuzz (issue 60572), caused at the time by the filetrans
prefix proposal
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
v2:
rebase after revert of filename prefix proposal
---
libsepol/src/avtab.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
index 1ef5ee00..7c2328b7 100644
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@@ -600,7 +600,7 @@ int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers)
goto bad;
}
nel = le32_to_cpu(buf[0]);
- if (!nel) {
+ if (zero_or_saturated(nel)) {
ERR(fp->handle, "table is empty");
goto bad;
}
--
2.42.0
