| Message ID | 20210614150546.512001-5-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Another round of secilc-fuzzer problems fixed | expand |
On Mon, Jun 14, 2021 at 5:05 PM James Carter <jwcart2@gmail.com> wrote: > > It is possible to create bad behaving policy that can consume all > of a system's memory (one way is through the use of inheritance). > Analyzing these policies shows that most of the memory usage is for > the block symtabs. > > Most of the nineteen symtabs will most likely never be used, so give > these symtabs an initial size of 1. The others are given more > appropriate sizes. > > Signed-off-by: James Carter <jwcart2@gmail.com> For this patch: Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> Thanks! > --- > libsepol/cil/src/cil.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c > index 0d351b49..c6674fc1 100644 > --- a/libsepol/cil/src/cil.c > +++ b/libsepol/cil/src/cil.c > @@ -54,7 +54,7 @@ > > int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { > {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, > - {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, > + {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, > {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, > {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, > {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1} > -- > 2.26.3 >
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 0d351b49..c6674fc1 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -54,7 +54,7 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, - {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, + {8, 8, 8, 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}, {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
It is possible to create bad behaving policy that can consume all of a system's memory (one way is through the use of inheritance). Analyzing these policies shows that most of the memory usage is for the block symtabs. Most of the nineteen symtabs will most likely never be used, so give these symtabs an initial size of 1. The others are given more appropriate sizes. Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)