Merged: https://github.com/SELinuxProject/selinux/pull/94
On Mon, Apr 23, 2018 at 9:50 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Sun, Apr 22, 2018 at 12:30 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
>> When split_args() calls append_arg(), the returned value needs to be
>> checked in order to detect memory allocation failure. Checks were
>> missing in two places, which are spotted by clang's static analyzer:
>>
>> semanage_store.c:1352:7: warning: Value stored to 'rc' is never
>> read
>> rc = append_arg(&argv, &num_args, arg);
>> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> semanage_store.c:1368:3: warning: Value stored to 'rc' is never read
>> rc = append_arg(&argv, &num_args, arg);
>> ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Signed-off-by: Nicolas Iooss <nicolas.io...@m4x.org>
>> ---
>> libsemanage/src/semanage_store.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/libsemanage/src/semanage_store.c
>> b/libsemanage/src/semanage_store.c
>> index 14ad99c152ad..bce648c46464 100644
>> --- a/libsemanage/src/semanage_store.c
>> +++ b/libsemanage/src/semanage_store.c
>> @@ -1350,6 +1350,8 @@ static char **split_args(const char *arg0, char
>> *arg_string,
>> if (isspace(*s) && !in_quote && !in_dquote) {
>> if (arg != NULL) {
>> rc = append_arg(&argv,
>> &num_args, arg);
>> + if (rc)
>> + goto cleanup;
>> free(arg);
>> arg = NULL;
>> }
>> @@ -1366,6 +1368,8 @@ static char **split_args(const char *arg0, char
>> *arg_string,
>> }
>> if (arg != NULL) {
>> rc = append_arg(&argv, &num_args, arg);
>> + if (rc)
>> + goto cleanup;
>> free(arg);
>> arg = NULL;
>> }
>> --
>> 2.17.0
>>
>>
>
> ack
