Clear errno before call to strtol(3). #3

DanAlbert · 2014-12-10T21:07:38Z

Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.

Signed-off-by: Dan Albert danalbert@google.com

Since strtol(3) doesn't clear errno on success, anything that sets errno prior to this call will make it look like the call failed. This happens when built with ASAN. Signed-off-by: Dan Albert <danalbert@google.com>

stevedlawrence · 2014-12-11T13:33:28Z

Thanks! Committed as b1bbd30

When hll/pp reads an invalid policy module where some scopes use required symbols which are not defined, the program crashes with a segmentation fault in required_scopes_to_cil(): Program received signal SIGSEGV, Segmentation fault. required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780, pdb=0x6042e0, indent=0) at module_to_cil.c:3479 3479 for (j = 0; j < scope_datum->decl_ids_len; j++) { => 0x00007ffff7a7b1a8 <block_to_cil+5224>: 44 8b 58 10 mov 0x10(%rax),%r11d (gdb) bt #0 required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780, pdb=0x6042e0, indent=0) at module_to_cil.c:3479 #1 block_to_cil (pdb=pdb@entry=0x6042e0, block=block@entry=0x607780, stack=stack@entry=0x6040b0, indent=indent@entry=0) at module_to_cil.c:3622 #2 0x00007ffff7a85a18 in global_block_to_cil (stack=0x6040b0, block=0x607780, pdb=0x6042e0) at module_to_cil.c:3738 #3 blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3764 #4 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4051 #5 0x00007ffff7a86b55 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4080 #6 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 (gdb) p scope_datum $1 = (struct scope_datum *) 0x0 Detect such errors and exit with an error return value. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

When scope_index_read() fails while attempting to allocate memory for scope_index->class_perms_map, scope_index_destroy() gets called with scope->class_perms_len != 0 and scope->class_perms_map == NULL. This triggers the following segmentation fault (in semodule_package): Program received signal SIGSEGV, Segmentation fault. ebitmap_destroy (e=0x10) at ebitmap.c:362 362 n = e->node; => 0x00007ffff79ff7f6 <ebitmap_destroy+134>: 48 8b 3f mov (%rdi),%rdi (gdb) bt #0 ebitmap_destroy (e=0x10) at ebitmap.c:362 #1 0x00007ffff79e2c37 in scope_index_destroy (scope=0x608860) at avrule_block.c:87 #2 avrule_decl_destroy (x=0x608830) at avrule_block.c:103 #3 0x00007ffff7aae99c in avrule_block_read (fp=0x605090, num_scope_syms=8, block=0x6054e8, p=0x605360) at policydb.c:3598 #4 policydb_read (p=0x605360, fp=fp@entry=0x605090, verbose=verbose@entry=0) at policydb.c:3946 #5 0x00007ffff7ab4ab4 in sepol_policydb_read (p=<optimized out>, pf=pf@entry=0x605090) at policydb_public.c:174 #6 0x0000000000401d33 in main (argc=<optimized out>, argv=0x7fffffffdc88) at semodule_package.c:220 (gdb) f 1 (gdb) p *scope $1 = {scope = {{node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}}, class_perms_map = 0x0, class_perms_len = 4294934272} Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

When loading an invalid module which uses a declaration ID 0, semodule_package crashes in policydb_index_decls(): p->decl_val_to_struct[decl->decl_id - 1] = decl; gdb shows the following stack trace: #0 0x00007ffff7aa1bbd in policydb_index_decls (p=p@entry=0x605360) at policydb.c:1034 #1 0x00007ffff7aaa9fc in policydb_read (p=<optimized out>, fp=fp@entry=0x605090, verbose=verbose@entry=0) at policydb.c:3958 #2 0x00007ffff7ab4764 in sepol_policydb_read (p=<optimized out>, pf=pf@entry=0x605090) at policydb_public.c:174 #3 0x0000000000401d33 in main (argc=<optimized out>, argv=0x7fffffffdc88) at semodule_package.c:220 Change policydb_index_decls() to report an error instead: libsepol.policydb_index_decls: invalid decl ID 0 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

When sepol_polcap_getname() is called with a negative capnum, it dereferences polcap_names[capnum] which produces a segmentation fault most of the time. For information, here is a gdb session when hll/pp loads a policy module which has been mutated by American Fuzzy Lop: Program received signal SIGSEGV, Segmentation fault. sepol_polcap_getname (capnum=capnum@entry=-4259840) at polcaps.c:34 34 return polcap_names[capnum]; => 0x00007ffff7a8da07 <sepol_polcap_getname+135>: 48 8b 04 f8 mov (%rax,%rdi,8),%rax (gdb) bt #0 sepol_polcap_getname (capnum=capnum@entry=-4259840) at polcaps.c:34 #1 0x00007ffff7a7c440 in polcaps_to_cil (pdb=0x6042e0) at module_to_cil.c:2492 #2 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79c75e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4039 #3 0x00007ffff7a7e695 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79c75e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4087 #4 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

While checkmodule tries to compile the following policy file and fails because class "process" is not found, it does not free some allocated memory: module ckpol_leaktest 1.0.0; require {type TYPE1;} allow TYPE1 self:process fork; clang memory sanitier output is: ================================================================= ==16050==ERROR: LeakSanitizer: detected memory leaks Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x41a620 in define_te_avtab_helper /usr/src/selinux/checkpolicy/policy_define.c:2450:24 #2 0x41b6c8 in define_te_avtab /usr/src/selinux/checkpolicy/policy_define.c:2621:6 #3 0x40522b in yyparse /usr/src/selinux/checkpolicy/policy_parse.y:470:10 #4 0x411816 in read_source_policy /usr/src/selinux/checkpolicy/parse_util.c:64:6 #5 0x7f8bd7cb3290 in __libc_start_main (/usr/lib/libc.so.6+0x20290) Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x411c87 in insert_id /usr/src/selinux/checkpolicy/policy_define.c:120:18 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x43133c in ebitmap_set_bit /usr/src/selinux/libsepol/src/ebitmap.c:321:27 Indirect leak of 18 byte(s) in 1 object(s) allocated from: #0 0x7f8bd80b5eb0 in __interceptor___strdup (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0x84eb0) #1 0x41a6e5 in define_te_avtab_helper /usr/src/selinux/checkpolicy/policy_define.c:2460:28 #2 0x41b6c8 in define_te_avtab /usr/src/selinux/checkpolicy/policy_define.c:2621:6 #3 0x40522b in yyparse /usr/src/selinux/checkpolicy/policy_parse.y:470:10 #4 0x411816 in read_source_policy /usr/src/selinux/checkpolicy/parse_util.c:64:6 #5 0x7f8bd7cb3290 in __libc_start_main (/usr/lib/libc.so.6+0x20290) SUMMARY: AddressSanitizer: 186 byte(s) leaked in 4 allocation(s). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

When running secilc on the following CIL file, the program tries to free the data associated with type X using cil_destroy_typeattribute(): (macro sys_obj_type ((user ARG1)) (typeattribute X)) (block B (type X) (call sys_obj_type (Y)) ) By adding some printf statements to cil_typeattribute_init(), cil_type_init() and cil_destroy_typeattribute(), the error message I get when using gcc's address sanitizer is: $ secilc -o /dev/null -f /dev/null test.cil -vvvvvv creating TYPE 0x60400000dfd0 Parsing 2017-02-02_crashing_nulptrderef_cil.cil Building AST from Parse Tree creating TYPEATTR 0x60600000e420 creating TYPE 0x60400000df50 Destroying Parse Tree Resolving AST Failed to resolve call statement at 2017-02-02_crashing_nulptrderef_cil.cil:5 Problem at 2017-02-02_crashing_nulptrderef_cil.cil:5 Pass 8 of resolution failed Failed to resolve ast Failed to compile cildb: -2 Destroying TYPEATTR 0x60600000e420, types (nil) name X Destroying TYPEATTR 0x60400000df50, types 0xbebebebe00000000 name X ASAN:DEADLYSIGNAL ================================================================= ==30684==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fc0539d114a bp 0x7ffc1fbcb300 sp 0x7ffc1fbcb2f0 T0) #0 0x7fc0539d1149 in ebitmap_destroy /usr/src/selinux/libsepol/src/ebitmap.c:356 #1 0x7fc053b96201 in cil_destroy_typeattribute ../cil/src/cil_build_ast.c:2370 #2 0x7fc053b42ea4 in cil_destroy_data ../cil/src/cil.c:616 #3 0x7fc053c595bf in cil_tree_node_destroy ../cil/src/cil_tree.c:235 #4 0x7fc053c59819 in cil_tree_children_destroy ../cil/src/cil_tree.c:201 #5 0x7fc053c59958 in cil_tree_subtree_destroy ../cil/src/cil_tree.c:172 #6 0x7fc053c59a27 in cil_tree_destroy ../cil/src/cil_tree.c:165 #7 0x7fc053b44fd7 in cil_db_destroy ../cil/src/cil.c:299 #8 0x4026a1 in main /usr/src/selinux/secilc/secilc.c:335 #9 0x7fc0535e5290 in __libc_start_main (/usr/lib/libc.so.6+0x20290) #10 0x403af9 in _start (/usr/src/selinux/DESTDIR/usr/bin/secilc+0x403af9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /usr/src/selinux/libsepol/src/ebitmap.c:356 in ebitmap_destroy ==30684==ABORTING When copying the AST tree in cil_resolve_call1(), __cil_copy_node_helper() calls cil_copy_typeattribute() to grab type X in the symbol table of block B, and creates a node with the data of X but with CIL_TYPEATTRIBUTE flavor. This example is a "type confusion" bug between cil_type and cil_typeattribute structures. It can be generalized to any couple of structures sharing the same symbol table (an easy way of finding other couples is by reading the code of cil_flavor_to_symtab_index()). Fix this issue in a "generic" way in __cil_copy_node_helper(), by verifying that the flavor of the found data is the same as expected and triggering an error when it is not. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

…garbage Currently this Python program triggers a segmentation fault in libselinux SWIG wrapper: import selinux selinux.get_ordered_context_list() gdb shows that the segmentation fault occurs when freeing some memory: Reading symbols from python...(no debugging symbols found)...done. Starting program: /usr/bin/python -c import\ selinux\;selinux.get_ordered_context_list [Thread debugging using libthread_db enabled] Using host libthread_db library "/usr/lib/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. 0x00007ffff789a304 in free () from /usr/lib/libc.so.6 (gdb) bt #0 0x00007ffff789a304 in free () from /usr/lib/libc.so.6 #1 0x00007ffff6011499 in freeconary (con=0x7ffff6ac5d00) at freeconary.c:14 #2 0x00007ffff6296899 in _wrap_get_ordered_context_list (self=<optimized out>, args=<optimized out>) at selinuxswig_wrap.c:6185 #3 0x00007ffff741891f in _PyCFunction_FastCallDict () from /usr/lib/libpython3.6m.so.1.0 ... SWIG generated the following code for _wrap_get_ordered_context_list(): char ***arg3 = (char ***) 0 ; char **temp3 ; arg3 = &temp3; if (!PyArg_ParseTuple(args, "OO:get_ordered_context_list",&obj0,&obj1)) SWIG_fail; /* ... */ fail: if (*arg3) freeconary(*arg3); If PyArg_ParseTuple fails, freeconary() is called on the value of "temp3", which has not been initialized. Fix this by initializing temp to NULL in the SWIG template. A similar issue exists with security_get_boolean_names(). Fix it too. This issue has been found using clang's static analyzer, on a system which uses SWIG 3.0.12. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

When a function called by sepol_module_policydb_to_cil() fails before role_list_create() has been called, role_list is still NULL but is dereferenced in role_list_destroy(). Here is a gdb session on hll/pp: Unknown value for handle-unknown: 6 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7a68a37 in role_list_destroy () at module_to_cil.c:215 215 struct list_node *curr = role_list->head; (gdb) bt #0 0x00007ffff7a68a37 in role_list_destroy () at module_to_cil.c:215 #1 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79925e0 <_IO_2_1_stdout_>, pdb=<optimized out>, linked=linked@entry=0) at module_to_cil.c:4060 #2 0x00007ffff7a6ac75 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79925e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4080 #3 0x0000000000401a58 in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 This issue has been found while fuzzing hll/pp with the American Fuzzy Lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

… fails In mls_semantic_range_expand(), when a call to mls_semantic_level_expand() fails, the function destroys the semantic level instead of the expanded one. This leads to a use-after-free which is reported by gcc's Address Sanitizer: libsepol.mls_semantic_level_expand: mls_semantic_level_expand: invalid sensitivity level found 128/0. libsepol.sepol_module_package_read: invalid module in module package (at section 0) Failed to read policy package ================================================================= ==24456==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000ee58 at pc 0x7fe6c4fb96b4 bp 0x7fffa5ea6b70 sp 0x7fffa5ea6b60 READ of size 8 at 0x60200000ee58 thread T0 #0 0x7fe6c4fb96b3 in mls_semantic_level_destroy /usr/src/selinux/libsepol/src/mls.c:755 #1 0x7fe6c4fb9b88 in mls_semantic_range_destroy /usr/src/selinux/libsepol/src/mls.c:802 #2 0x7fe6c500e8ab in user_datum_destroy /usr/src/selinux/libsepol/src/policydb.c:535 #3 0x7fe6c500e980 in user_destroy /usr/src/selinux/libsepol/src/policydb.c:1390 #4 0x7fe6c4f36c48 in hashtab_map /usr/src/selinux/libsepol/src/hashtab.c:235 #5 0x7fe6c50152da in symtabs_destroy /usr/src/selinux/libsepol/src/policydb.c:1595 #6 0x7fe6c5015433 in policydb_destroy /usr/src/selinux/libsepol/src/policydb.c:1503 #7 0x7fe6c5040e0d in sepol_policydb_free /usr/src/selinux/libsepol/src/policydb_public.c:82 #8 0x7fe6c4fbc503 in sepol_module_package_free /usr/src/selinux/libsepol/src/module.c:143 #9 0x7fe6c4fefefb in sepol_ppfile_to_module_package /usr/src/selinux/libsepol/src/module_to_cil.c:4293 #10 0x401e51 in main /usr/src/selinux/policycoreutils/hll/pp/pp.c:124 #11 0x7fe6c4add510 in __libc_start_main (/usr/lib/libc.so.6+0x20510) #12 0x402589 in _start (/usr/src/selinux/DESTDIR/usr/libexec/selinux/hll/pp+0x402589) 0x60200000ee58 is located 8 bytes inside of 16-byte region [0x60200000ee50,0x60200000ee60) freed by thread T0 here: #0 0x7fe6c5537ae0 in __interceptor_free /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45 #1 0x7fe6c4fb969b in mls_semantic_level_destroy /usr/src/selinux/libsepol/src/mls.c:757 #2 0x7fe6c4f02a57 in mls_semantic_range_expand /usr/src/selinux/libsepol/src/expand.c:948 #3 0x7fe6c5007a98 in policydb_user_cache /usr/src/selinux/libsepol/src/policydb.c:939 #4 0x7fe6c4f36c48 in hashtab_map /usr/src/selinux/libsepol/src/hashtab.c:235 #5 0x7fe6c5013859 in policydb_index_others /usr/src/selinux/libsepol/src/policydb.c:1286 #6 0x7fe6c5020b65 in policydb_read /usr/src/selinux/libsepol/src/policydb.c:4342 #7 0x7fe6c4fc0cdb in sepol_module_package_read /usr/src/selinux/libsepol/src/module.c:618 #8 0x7fe6c4ff008d in sepol_ppfile_to_module_package /usr/src/selinux/libsepol/src/module_to_cil.c:4276 #9 0x401e51 in main /usr/src/selinux/policycoreutils/hll/pp/pp.c:124 #10 0x7fe6c4add510 in __libc_start_main (/usr/lib/libc.so.6+0x20510) previously allocated by thread T0 here: #0 0x7fe6c5537e40 in __interceptor_malloc /build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x7fe6c5004efc in mls_read_semantic_level_helper /usr/src/selinux/libsepol/src/policydb.c:1976 #2 0x7fe6c500f596 in mls_read_semantic_range_helper /usr/src/selinux/libsepol/src/policydb.c:2010 #3 0x7fe6c500f596 in user_read /usr/src/selinux/libsepol/src/policydb.c:3258 #4 0x7fe6c502055b in policydb_read /usr/src/selinux/libsepol/src/policydb.c:4286 #5 0x7fe6c4fc0cdb in sepol_module_package_read /usr/src/selinux/libsepol/src/module.c:618 #6 0x7fe6c4ff008d in sepol_ppfile_to_module_package /usr/src/selinux/libsepol/src/module_to_cil.c:4276 #7 0x401e51 in main /usr/src/selinux/policycoreutils/hll/pp/pp.c:124 #8 0x7fe6c4add510 in __libc_start_main (/usr/lib/libc.so.6+0x20510) SUMMARY: AddressSanitizer: heap-use-after-free /usr/src/selinux/libsepol/src/mls.c:755 in mls_semantic_level_destroy Shadow bytes around the buggy address: 0x0c047fff9d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9da0: fa fa fa fa fa fa fa fa fa fa 01 fa fa fa 01 fa 0x0c047fff9db0: fa fa 01 fa fa fa 01 fa fa fa 01 fa fa fa 01 fa =>0x0c047fff9dc0: fa fa 00 00 fa fa 00 00 fa fa fd[fd]fa fa fd fd 0x0c047fff9dd0: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fd 0x0c047fff9de0: fa fa 04 fa fa fa 00 01 fa fa fd fd fa fa fd fd 0x0c047fff9df0: fa fa fd fd fa fa fd fd fa fa 00 00 fa fa fd fd 0x0c047fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c047fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==24456==ABORTING This issue has been found while fuzzing hll/pp with the American Fuzzy Lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

TODO: does it make sense to have a policy with ->global=NULL? gdb session: Program received signal SIGSEGV, Segmentation fault. blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 3760 rc = global_block_to_cil(pdb, block, stack); (gdb) bt #0 blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 SELinuxProject#1 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4047 SELinuxProject#2 0x00007ffff7a86ac5 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4076 SELinuxProject#3 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 (gdb) p pdb->global $1 = (avrule_block_t *) 0x0 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

class s sid e class s { y } sensitivity i alias { d }; ==13999==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000008b8 at pc 0x000000594081 bp 0x7ffcd296ad80 sp 0x7ffcd296ad78 READ of size 8 at 0x6030000008b8 thread T0 #0 0x594080 in ebitmap_destroy ./libsepol/src/ebitmap.c:379:9 SELinuxProject#1 0x61d546 in mls_level_destroy ./DESTDIR/usr/include/sepol/policydb/mls_types.h:98:2 SELinuxProject#2 0x61d546 in sens_destroy ./libsepol/src/policydb.c:1380:2 SELinuxProject#3 0x5bc9d5 in hashtab_map ./libsepol/src/hashtab.c:234:10 SELinuxProject#4 0x60cbf1 in symtabs_destroy ./libsepol/src/policydb.c:1581:9 SELinuxProject#5 0x60cbf1 in policydb_destroy ./libsepol/src/policydb.c:1489:2 SELinuxProject#6 0x55aaa2 in LLVMFuzzerTestOneInput ./checkpolicy/fuzz/checkpolicy-fuzzer.c:209:2 SELinuxProject#7 0x45af33 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o SELinuxProject#8 0x446a72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o SELinuxProject#9 0x44c99b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o SELinuxProject#10 0x475e32 in main (./out/checkpolicy-fuzzer+0x475e32) SELinuxProject#11 0x7f31b5ea1e49 in __libc_start_main csu/../csu/libc-start.c:314:16 SELinuxProject#12 0x4236e9 in _start (./out/checkpolicy-fuzzer+0x4236e9) 0x6030000008b8 is located 8 bytes inside of 24-byte region [0x6030000008b0,0x6030000008c8) freed by thread T0 here: #0 0x525762 in __interceptor_free (./out/checkpolicy-fuzzer+0x525762) SELinuxProject#1 0x61d566 in sens_destroy ./libsepol/src/policydb.c:1381:2 SELinuxProject#2 0x5bc9d5 in hashtab_map ./libsepol/src/hashtab.c:234:10 SELinuxProject#3 0x60cbf1 in symtabs_destroy ./libsepol/src/policydb.c:1581:9 SELinuxProject#4 0x60cbf1 in policydb_destroy ./libsepol/src/policydb.c:1489:2 SELinuxProject#5 0x55aaa2 in LLVMFuzzerTestOneInput ./checkpolicy/fuzz/checkpolicy-fuzzer.c:209:2 SELinuxProject#6 0x45af33 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o SELinuxProject#7 0x446a72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o SELinuxProject#8 0x44c99b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o SELinuxProject#9 0x475e32 in main (./out/checkpolicy-fuzzer+0x475e32) SELinuxProject#10 0x7f31b5ea1e49 in __libc_start_main csu/../csu/libc-start.c:314:16 previously allocated by thread T0 here: #0 0x5259cd in malloc (./out/checkpolicy-fuzzer+0x5259cd) SELinuxProject#1 0x56be7e in define_sens ./checkpolicy/policy_define.c:744:26 SELinuxProject#2 0x583ed4 in yyparse ./checkpolicy/policy_parse.y:261:30 SELinuxProject#3 0x55a5a0 in read_source_policy ./checkpolicy/fuzz/checkpolicy-fuzzer.c:96:6 SELinuxProject#4 0x55a5a0 in LLVMFuzzerTestOneInput ./checkpolicy/fuzz/checkpolicy-fuzzer.c:162:6 SELinuxProject#5 0x45af33 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o SELinuxProject#6 0x446a72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o SELinuxProject#7 0x44c99b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o SELinuxProject#8 0x475e32 in main (./out/checkpolicy-fuzzer+0x475e32) SELinuxProject#9 0x7f31b5ea1e49 in __libc_start_main csu/../csu/libc-start.c:314:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

class process sid tl class process { transition } sensitivity s0; dominance { s0 } category c0; level s0; mlsconstrain process transition t1 eq t2; role e; user sys_useallowr roles e level s0 range s0:c0; user sys_useallowr roles e level s0 range s0; sid e se:s:s Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x5259cd in malloc (./out/checkpolicy-fuzzer+0x5259cd) SELinuxProject#1 0x606369 in mls_semantic_level_cpy ./libsepol/src/mls.c:768:30 SELinuxProject#2 0x57bb08 in define_user ./checkpolicy/policy_define.c:4377:8 SELinuxProject#3 0x585955 in yyparse ./checkpolicy/policy_parse.y:657:30 SELinuxProject#4 0x55a7d7 in read_source_policy ./checkpolicy/fuzz/checkpolicy-fuzzer.c:108:6 SELinuxProject#5 0x55a7d7 in LLVMFuzzerTestOneInput ./checkpolicy/fuzz/checkpolicy-fuzzer.c:162:6 SELinuxProject#6 0x45af33 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o SELinuxProject#7 0x446a72 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o SELinuxProject#8 0x44c99b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o SELinuxProject#9 0x475e32 in main (./out/checkpolicy-fuzzer+0x475e32) SELinuxProject#10 0x7febb0536e49 in __libc_start_main csu/../csu/libc-start.c:314:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Free the allocated avrule in define_te_avtab_xperms_helper() on failures. Also free the target classes ebitmap on allocation failure. Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x4e6eea in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2041:24 SELinuxProject#2 0x4e6eea in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4877b4 in strdup (./checkpolicy/checkpolicy+0x4877b4) SELinuxProject#1 0x4e6fa7 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2051:28 SELinuxProject#2 0x4e6fa7 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x50f2fa in ebitmap_set_bit ./libsepol/src/ebitmap.c:346:27 SELinuxProject#2 0x4eb632 in set_types ./checkpolicy/policy_define.c SELinuxProject#3 0x4e7055 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2059:7 SELinuxProject#4 0x4e7055 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#5 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#6 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#7 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#8 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

TODO: does it make sense to have a policy with ->global=NULL? gdb session: Program received signal SIGSEGV, Segmentation fault. blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 3760 rc = global_block_to_cil(pdb, block, stack); (gdb) bt #0 blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 SELinuxProject#1 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4047 SELinuxProject#2 0x00007ffff7a86ac5 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4076 SELinuxProject#3 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 (gdb) p pdb->global $1 = (avrule_block_t *) 0x0 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Free the allocated avrule in define_te_avtab_xperms_helper() on failures. Also free the target classes ebitmap on allocation failure. Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x4e6eea in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2041:24 SELinuxProject#2 0x4e6eea in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4877b4 in strdup (./checkpolicy/checkpolicy+0x4877b4) SELinuxProject#1 0x4e6fa7 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2051:28 SELinuxProject#2 0x4e6fa7 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x50f2fa in ebitmap_set_bit ./libsepol/src/ebitmap.c:346:27 SELinuxProject#2 0x4eb632 in set_types ./checkpolicy/policy_define.c SELinuxProject#3 0x4e7055 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2059:7 SELinuxProject#4 0x4e7055 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#5 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#6 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#7 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#8 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

TODO: does it make sense to have a policy with ->global=NULL? gdb session: Program received signal SIGSEGV, Segmentation fault. blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 3760 rc = global_block_to_cil(pdb, block, stack); (gdb) bt #0 blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3760 SELinuxProject#1 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4047 SELinuxProject#2 0x00007ffff7a86ac5 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4076 SELinuxProject#3 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 (gdb) p pdb->global $1 = (avrule_block_t *) 0x0 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Free the allocated avrule in define_te_avtab_xperms_helper() on failures. Also free the target classes ebitmap on allocation failure. Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x4e6eea in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2041:24 SELinuxProject#2 0x4e6eea in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4877b4 in strdup (./checkpolicy/checkpolicy+0x4877b4) SELinuxProject#1 0x4e6fa7 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2051:28 SELinuxProject#2 0x4e6fa7 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x50f2fa in ebitmap_set_bit ./libsepol/src/ebitmap.c:346:27 SELinuxProject#2 0x4eb632 in set_types ./checkpolicy/policy_define.c SELinuxProject#3 0x4e7055 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2059:7 SELinuxProject#4 0x4e7055 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#5 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#6 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#7 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#8 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Add return check for regex_data_create() to avoid NULL reference of regex_data (gdb) bt #0 0x00007fbde5caec14 in pthread_mutex_init () from /usr/lib64/libc.so.6 #1 0x00007fbde5e3a489 in regex_data_create () at regex.c:260 SELinuxProject#2 0x00007fbde5e3a4af in regex_prepare_data (regex=regex@entry=0x7fbde4613770, pattern_string=pattern_string@entry=0x563c6799a820 "^/home$", errordata=errordata@entry=0x7ffeb83fa950) at regex.c:76 SELinuxProject#3 0x00007fbde5e32fe6 in compile_regex (errbuf=0x0, spec=0x7fbde4613748) at label_file.h:407 SELinuxProject#4 lookup_all (key=0x563c679974e5 "/var/log/kadmind.log", type=<optimized out>, partial=partial@entry=false, match_count=match_count@entry=0x0, rec=<optimized out>, rec=<optimized out>) at label_file.c:949 SELinuxProject#5 0x00007fbde5e33350 in lookup (rec=<optimized out>, key=<optimized out>, type=<optimized out>) at label_file.c:1092 SELinuxProject#6 0x00007fbde5e31878 in selabel_lookup_common (rec=0x563c67998cc0, translating=1, key=<optimized out>, type=<optimized out>) at label.c:167 Signed-off-by: Jie Lu <lujie54@huawei.com> Acked-by: James Carter <jwcart2@gmail.com>

Add return check for regex_data_create() to avoid NULL reference of regex_data (gdb) bt #0 0x00007fbde5caec14 in pthread_mutex_init () from /usr/lib64/libc.so.6 #1 0x00007fbde5e3a489 in regex_data_create () at regex.c:260 #2 0x00007fbde5e3a4af in regex_prepare_data (regex=regex@entry=0x7fbde4613770, pattern_string=pattern_string@entry=0x563c6799a820 "^/home$", errordata=errordata@entry=0x7ffeb83fa950) at regex.c:76 #3 0x00007fbde5e32fe6 in compile_regex (errbuf=0x0, spec=0x7fbde4613748) at label_file.h:407 #4 lookup_all (key=0x563c679974e5 "/var/log/kadmind.log", type=<optimized out>, partial=partial@entry=false, match_count=match_count@entry=0x0, rec=<optimized out>, rec=<optimized out>) at label_file.c:949 #5 0x00007fbde5e33350 in lookup (rec=<optimized out>, key=<optimized out>, type=<optimized out>) at label_file.c:1092 #6 0x00007fbde5e31878 in selabel_lookup_common (rec=0x563c67998cc0, translating=1, key=<optimized out>, type=<optimized out>) at label.c:167 Signed-off-by: Jie Lu <lujie54@huawei.com> Acked-by: James Carter <jwcart2@gmail.com>

Free the allocated avrule in define_te_avtab_xperms_helper() on failures. Also free the target classes ebitmap on allocation failure. Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x4e6eea in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2041:24 SELinuxProject#2 0x4e6eea in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4877b4 in strdup (./checkpolicy/checkpolicy+0x4877b4) SELinuxProject#1 0x4e6fa7 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2051:28 SELinuxProject#2 0x4e6fa7 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) SELinuxProject#1 0x50f2fa in ebitmap_set_bit ./libsepol/src/ebitmap.c:346:27 SELinuxProject#2 0x4eb632 in set_types ./checkpolicy/policy_define.c SELinuxProject#3 0x4e7055 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2059:7 SELinuxProject#4 0x4e7055 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 SELinuxProject#5 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 SELinuxProject#6 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 SELinuxProject#7 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 SELinuxProject#8 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

In case the init function for a selabel backend fails, free the possible already allocated data: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x5e7e2bf001e3 in malloc (/tmp/destdir/usr/sbin/selabel_digest+0xc71e3) #1 0x7233764baa65 in selabel_media_init /home/christian/Coding/workspaces/selinux/libselinux/src/label_media.c:226:30 SELinuxProject#2 0x7233764ac1fe in selabel_open /home/christian/Coding/workspaces/selinux/libselinux/src/label.c:227:6 SELinuxProject#3 0x5e7e2bf3ebfc in main /home/christian/Coding/workspaces/selinux/libselinux/utils/selabel_digest.c:125:8 SELinuxProject#4 0x7233761856c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>

In case the init function for a selabel backend fails, free the possible already allocated data: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x5e7e2bf001e3 in malloc (/tmp/destdir/usr/sbin/selabel_digest+0xc71e3) #1 0x7233764baa65 in selabel_media_init /home/christian/Coding/workspaces/selinux/libselinux/src/label_media.c:226:30 #2 0x7233764ac1fe in selabel_open /home/christian/Coding/workspaces/selinux/libselinux/src/label.c:227:6 #3 0x5e7e2bf3ebfc in main /home/christian/Coding/workspaces/selinux/libselinux/utils/selabel_digest.c:125:8 #4 0x7233761856c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>

Clear errno before call to strtol(3).

9ef4886

Since strtol(3) doesn't clear errno on success, anything that sets errno prior to this call will make it look like the call failed. This happens when built with ASAN. Signed-off-by: Dan Albert <danalbert@google.com>

stevedlawrence closed this Dec 11, 2014

DanAlbert deleted the clear-errno branch December 11, 2014 19:17

muyu888 mentioned this pull request Jul 12, 2023

libsepol：The libsepol package detects memory leaks and segmentation errors when tested by OSS-fuzz. #404

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clear errno before call to strtol(3). #3

Clear errno before call to strtol(3). #3

DanAlbert commented Dec 10, 2014

stevedlawrence commented Dec 11, 2014

Clear errno before call to strtol(3). #3

Clear errno before call to strtol(3). #3

Conversation

DanAlbert commented Dec 10, 2014

stevedlawrence commented Dec 11, 2014