On Mon, Dec 11, 2023 at 12:07 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > On Mon, Dec 11, 2023 at 9:54 AM Christian Göttsche > <cgzones@xxxxxxxxxxxxxx> wrote: > > > > Use a growing dynamically allocated buffer to format permission names of > > an access vector instead of a fixed static buffer to support very long > > permission names. > > > > This changes the behavior of the since libsepol 3.4 exported function > > sepol_av_perm_to_string(): previously it returned a pointer to a static > > buffer which must not be free'd by the caller, now an allocated string > > which should be free'd by the caller (to avoid memory leaks). > > > > Reported-by: oss-fuzz (issue 64832, 64933) > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > I like this patch and would like to merge it, but it does change an > exported function (by removing const on the return type). > As far as I know, the only thing that uses the function externally is > sepol_compute_av in libsepol/utils and the function has only been > exported since 2022, so I doubt there would be any harm in making the > change. But I am still hesitant to make the change. > > What is the best way to handle this? Hmm...there is a reason why this and other libsepol functions were not exported in the first place, not sure why that changed. There is no real good way. Options are: 1. Change it without touching .so version and hope nothing breaks. Don't see any usage in Debian code search but one never knows. 2. Change it and bump the LIBVERSION to reflect an incompatible change. Seems like that should be batched with other longstanding desired incompatible changes if done that way. 3. Use per-symbol versioning to auto-magically redirect the caller to the old or new implementation based on the version against which they were compiled. Seems like that has caused us grief in the past. 4. Don't change it.