When set_to_names() fails to allocate *names, it frees variable attr_name even though it either came from attr_list or was newly created and added to attr_list. By doing so, the name is freed a second time when attr_list is destroyed (with "attr_list_destroy(&attr_list)").
Avoid this double free by not freeing attr_name when it belongs to attr_list. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <[email protected]> --- libsepol/src/module_to_cil.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 3f633fbb0a3f..18b2a6f86fe3 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -962,7 +962,6 @@ static int set_to_names(struct policydb *pdb, int is_type, void *set, struct lis *names = malloc(sizeof(char *)); if (!*names) { log_err("Out of memory"); - free(attr_name); rc = -1; goto exit; } -- 2.12.0 _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
