diff mbox series

checkpolicy: free ebitmap on error in define_compute_type_helper()

Message ID 20250314171355.27185-1-cgoettsche@seltendoof.de (mailing list archive)
State New
Headers show
Series checkpolicy: free ebitmap on error in define_compute_type_helper() | expand

Commit Message

Christian Göttsche March 14, 2025, 5:13 p.m. UTC 
From: Christian Göttsche <cgzones@googlemail.com>

Free the local ebitmap for classes in define_compute_type_helper() on
error.

Reported-by: oss-fuzz (issue 403364352)
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/policy_define.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index f19e9f6d..cdd98cdb 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -1699,6 +1699,8 @@  static int define_compute_type_helper(int which, avrule_t ** rule)
 		return -1;
 	}
 
+	ebitmap_init(&tclasses);
+
 	while ((id = queue_remove(id_queue))) {
 		if (set_types(&avrule->stypes, id, &add, 0))
 			goto bad;
@@ -1718,7 +1720,6 @@  static int define_compute_type_helper(int which, avrule_t ** rule)
 			goto bad;
 	}
 
-	ebitmap_init(&tclasses);
 	if (read_classes(&tclasses))
 		goto bad;
 
@@ -1759,6 +1760,7 @@  static int define_compute_type_helper(int which, avrule_t ** rule)
 	return 0;
 
       bad:
+	ebitmap_destroy(&tclasses);
 	avrule_destroy(avrule);
 	free(avrule);
 	return -1;