libsepol: replace an assert with an error message
When fuzzing hll/pp inputs, a policy module where the value of scope->decl_ids_len has been modified to zero makes the program abort (when it has been compiled without -DNDEBUG). Change the behavior to report an error message instead. This eases fuzzing functions like policydb_read(). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
a96184bcbb
commit
784b43b2ae
|
@ -3635,7 +3635,10 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
scope->scope = le32_to_cpu(buf[0]);
|
scope->scope = le32_to_cpu(buf[0]);
|
||||||
scope->decl_ids_len = le32_to_cpu(buf[1]);
|
scope->decl_ids_len = le32_to_cpu(buf[1]);
|
||||||
assert(scope->decl_ids_len > 0);
|
if (scope->decl_ids_len == 0) {
|
||||||
|
ERR(fp->handle, "invalid scope with no declaration");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
if ((scope->decl_ids =
|
if ((scope->decl_ids =
|
||||||
malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
|
malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) {
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
Loading…
Reference in New Issue