[3/4] libsepol/cil/cil_post: Initialize tmp on declaration

Message ID	20241022090314.173002-3-vmojzis@redhat.com (mailing list archive)
State	Accepted
Commit	00fb52ce3477
Headers	show Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B9FC189BA6 for <selinux@vger.kernel.org>; Tue, 22 Oct 2024 09:04:00 +0000 (UTC) From: Vit Mojzis <vmojzis@redhat.com> To: selinux@vger.kernel.org Subject: [PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration Date: Tue, 22 Oct 2024 11:03:13 +0200 Message-ID: <20241022090314.173002-3-vmojzis@redhat.com> In-Reply-To: <20241022090314.173002-1-vmojzis@redhat.com> References: <20241022090314.173002-1-vmojzis@redhat.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[1/4] libsepol/cil: Initialize avtab_datum on declaration \| expand [1/4] libsepol/cil: Initialize avtab_datum on declaration [2/4] libsepol/mls: Do not destroy context on memory error [3/4] libsepol/cil/cil_post: Initialize tmp on declaration [4/4] libsepol: Initialize "strs" on declaration

Message ID

20241022090314.173002-3-vmojzis@redhat.com (mailing list archive)

State

Accepted

Commit

00fb52ce3477

Headers

From: Vit Mojzis <vmojzis@redhat.com>
To: selinux@vger.kernel.org
Subject: [PATCH 3/4] libsepol/cil/cil_post: Initialize tmp on declaration
Date: Tue, 22 Oct 2024 11:03:13 +0200
Message-ID: <20241022090314.173002-3-vmojzis@redhat.com>
In-Reply-To: <20241022090314.173002-1-vmojzis@redhat.com>
References: <20241022090314.173002-1-vmojzis@redhat.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[1/4] libsepol/cil: Initialize avtab_datum on declaration | expand

Commit Message

Vit Mojzis Oct. 22, 2024, 9:03 a.m. UTC

tmp.node was not always initialized before being used by
ebitmap_destroy.

Fixes:
Error: UNINIT (CWE-457):
libsepol-3.7/cil/src/cil_post.c:1309:2: var_decl: Declaring variable "tmp" without initializer.
libsepol-3.7/cil/src/cil_post.c:1382:6: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy".
 \# 1380|   				if (rc != SEPOL_OK) {
 \# 1381|   					cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n");
 \# 1382|-> 					ebitmap_destroy(&tmp);
 \# 1383|   					goto exit;
 \# 1384|   				}

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 libsepol/cil/src/cil_post.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Carter Oct. 22, 2024, 8:27 p.m. UTC | #1

On Tue, Oct 22, 2024 at 5:09 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> tmp.node was not always initialized before being used by
> ebitmap_destroy.
>
> Fixes:
> Error: UNINIT (CWE-457):
> libsepol-3.7/cil/src/cil_post.c:1309:2: var_decl: Declaring variable "tmp" without initializer.
> libsepol-3.7/cil/src/cil_post.c:1382:6: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy".
>  \# 1380|                               if (rc != SEPOL_OK) {
>  \# 1381|                                       cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n");
>  \# 1382|->                                     ebitmap_destroy(&tmp);
>  \# 1383|                                       goto exit;
>  \# 1384|                               }
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
>  libsepol/cil/src/cil_post.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
> index ac99997f..c8dbfd3e 100644
> --- a/libsepol/cil/src/cil_post.c
> +++ b/libsepol/cil/src/cil_post.c
> @@ -1306,7 +1306,7 @@ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max,
>         int rc = SEPOL_ERR;
>         struct cil_list_item *curr;
>         enum cil_flavor flavor;
> -       ebitmap_t tmp, b1, b2;
> +       ebitmap_t tmp = {.node = NULL}, b1, b2;
>
>         if (expr == NULL || expr->head == NULL) {
>                 return SEPOL_OK;

I would rather have "ebitmap_init(&tmp);" here. That is how we
normally initialize an ebitmap.

Thanks,
Jim


> --
> 2.47.0
>
>

diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index ac99997f..c8dbfd3e 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -1306,7 +1306,7 @@  static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max,
 	int rc = SEPOL_ERR;
 	struct cil_list_item *curr;
 	enum cil_flavor flavor;
-	ebitmap_t tmp, b1, b2;
+	ebitmap_t tmp = {.node = NULL}, b1, b2;
 
 	if (expr == NULL || expr->head == NULL) {
 		return SEPOL_OK;

[3/4] libsepol/cil/cil_post: Initialize tmp on declaration

Commit Message

Comments

Patch