diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2014-03-23 22:01:38 +0100 |
|---|---|---|
| committer |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2014-04-08 17:20:48 +0200 |
| commit | 2b3ad3e102a5932ca54db3276cabc35a744b33ea (patch) | |
| tree | 66ad603fd2af323f59f1babc62731e23dcde31eb /support | |
| parent | fc_sort: fix typos in comments (diff) | |
| download | hardened-refpolicy-2b3ad3e102a5932ca54db3276cabc35a744b33ea.tar.gz hardened-refpolicy-2b3ad3e102a5932ca54db3276cabc35a744b33ea.tar.bz2 hardened-refpolicy-2b3ad3e102a5932ca54db3276cabc35a744b33ea.zip | |
fc_sort: initialize allocated memory to fix execution on an empty file
When running fc_sort on an empty context file, this program uses uninitialized
pointers when accessing to the elements of a list. On my system, it goes in a
very long loop (maybe infinite) because uninitialized fields in malloc'ed
structures happen to contain valid pointers in the heap.
This patch fixes this bug by initializing ->next and ->data fields before they
may be read.
Diffstat (limited to 'support')
| -rw-r--r-- | support/fc_sort.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/support/fc_sort.c b/support/fc_sort.c index 29e2ce991..5aed783c7 100644 --- a/support/fc_sort.c +++ b/support/fc_sort.c @@ -346,6 +346,7 @@ int main(int argc, char *argv[]) /* Initialize the head of the linked list. */ head = current = (file_context_node_t*)malloc(sizeof(file_context_node_t)); + head->next = NULL; /* Parse the file into a file_context linked list. */ line_buf = NULL; @@ -489,6 +490,8 @@ int main(int argc, char *argv[]) bcurrent = master = (file_context_bucket_t *) malloc(sizeof(file_context_bucket_t)); + bcurrent->next = NULL; + bcurrent->data = NULL; /* Go until all the nodes have been put in individual buckets. */ while (current) { |