| Message ID | 20190206210752.11828-1-nicolas.iooss@m4x.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] libsepol/cil: silence static analyser's use-after-free warning | expand |
On 2/6/19 4:07 PM, Nicolas Iooss wrote: > clang's static analyze reports a use-after-free in > __cil_expr_to_string(), when __cil_expr_to_string_helper() does not > modify its third parameter (variable s1 here) in this loop: > > for (curr = curr->next; curr; curr = curr->next) { > __cil_expr_to_string_helper(curr, flavor, &s1); > cil_asprintf(&c2, "%s %s", c1, s1); > free(c1); > free(s1); > c1 = c2; > } > > Silence this warning by making sure s1 is always NULL at the beginning > of every iteration of the loop. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> Acked-by: James Carter <jwcart2@tycho.nsa.gov> > --- > libsepol/cil/src/cil_binary.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index a10c3763bea4..e2eb3ebe8ff3 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -2075,6 +2075,7 @@ static void __cil_expr_to_string(struct cil_list *expr, enum cil_flavor flavor, > char *c2 = NULL; > __cil_expr_to_string_helper(curr, flavor, &c1); > for (curr = curr->next; curr; curr = curr->next) { > + s1 = NULL; > __cil_expr_to_string_helper(curr, flavor, &s1); > cil_asprintf(&c2, "%s %s", c1, s1); > free(c1); >
On Mon, Feb 11, 2019 at 8:06 PM jwcart2 <jwcart2@tycho.nsa.gov> wrote: > > On 2/6/19 4:07 PM, Nicolas Iooss wrote: > > clang's static analyze reports a use-after-free in > > __cil_expr_to_string(), when __cil_expr_to_string_helper() does not > > modify its third parameter (variable s1 here) in this loop: > > > > for (curr = curr->next; curr; curr = curr->next) { > > __cil_expr_to_string_helper(curr, flavor, &s1); > > cil_asprintf(&c2, "%s %s", c1, s1); > > free(c1); > > free(s1); > > c1 = c2; > > } > > > > Silence this warning by making sure s1 is always NULL at the beginning > > of every iteration of the loop. > > > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> > > Acked-by: James Carter <jwcart2@tycho.nsa.gov> Merged. Nicolas > > --- > > libsepol/cil/src/cil_binary.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > > index a10c3763bea4..e2eb3ebe8ff3 100644 > > --- a/libsepol/cil/src/cil_binary.c > > +++ b/libsepol/cil/src/cil_binary.c > > @@ -2075,6 +2075,7 @@ static void __cil_expr_to_string(struct cil_list *expr, enum cil_flavor flavor, > > char *c2 = NULL; > > __cil_expr_to_string_helper(curr, flavor, &c1); > > for (curr = curr->next; curr; curr = curr->next) { > > + s1 = NULL; > > __cil_expr_to_string_helper(curr, flavor, &s1); > > cil_asprintf(&c2, "%s %s", c1, s1); > > free(c1); > > > > > -- > James Carter <jwcart2@tycho.nsa.gov> > National Security Agency
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index a10c3763bea4..e2eb3ebe8ff3 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -2075,6 +2075,7 @@ static void __cil_expr_to_string(struct cil_list *expr, enum cil_flavor flavor, char *c2 = NULL; __cil_expr_to_string_helper(curr, flavor, &c1); for (curr = curr->next; curr; curr = curr->next) { + s1 = NULL; __cil_expr_to_string_helper(curr, flavor, &s1); cil_asprintf(&c2, "%s %s", c1, s1); free(c1);
clang's static analyze reports a use-after-free in __cil_expr_to_string(), when __cil_expr_to_string_helper() does not modify its third parameter (variable s1 here) in this loop: for (curr = curr->next; curr; curr = curr->next) { __cil_expr_to_string_helper(curr, flavor, &s1); cil_asprintf(&c2, "%s %s", c1, s1); free(c1); free(s1); c1 = c2; } Silence this warning by making sure s1 is always NULL at the beginning of every iteration of the loop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- libsepol/cil/src/cil_binary.c | 1 + 1 file changed, 1 insertion(+)