On Thu, Aug 27, 2015 at 03:31:44PM -0700, Seth Arnold wrote: > While this patch does look correct in itself, I'm curious if this > means the aa_policy_cache_unref() function has not been as tested as > we thought -- it might not have been run in production if it hasn't > been used here. The other uses look conditional -- and perhaps only in > uncommon situations.
Possible. It turns out this portion of the parser code wasn't exercised enough, as many tests failed, but only on i386 where it segfaults when a new cache object is not needed/created but then an attempt is made to unref it -- we apparently got "lucky" on x86-64. The following patch should address it: Signed-off-by: Steve Beattie <[email protected]> --- parser/parser_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: b/parser/parser_main.c =================================================================== --- a/parser/parser_main.c +++ b/parser/parser_main.c @@ -860,7 +860,7 @@ static void setup_flags(void) int main(int argc, char *argv[]) { aa_kernel_interface *kernel_interface = NULL; - aa_policy_cache *policy_cache; + aa_policy_cache *policy_cache = NULL; int retval, last_error; int i; int optind; -- Steve Beattie <[email protected]> http://NxNW.org/~steve/
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
