From: William Roberts <[email protected]> Correct an invalid memory access when attr_type_map array indexing is outside of bounds.
Signed-off-by: William Roberts <[email protected]> --- libsepol/src/policydb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 971793d..b8f6ca8 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -3926,6 +3926,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) if (!ebitmap_node_get_bit(tnode, j) || i == j) continue; + + if (j >= p->p_types.nprim) + goto bad; + if (ebitmap_set_bit (&p->attr_type_map[j], i, 1)) goto bad; -- 1.9.1 _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
