libsepol: sepol_av_to_string: clear static buffer

chenxiaolong reported this via
https://github.com/SELinuxProject/selinux/issues/23

A nicer fix would be to rework the interface to be more
like security_av_string() in libselinux, but that requires
updating all callers.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

libsepol/src/util.c

@@ -89,6 +89,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
 	int rc;
 	int avlen = 0, len;
 
+	memset(avbuf, 0, sizeof avbuf);
 	cladatum = policydbp->class_val_to_struct[tclass - 1];
 	p = avbuf;
 	for (i = 0; i < cladatum->permissions.nprim; i++) {