From 2b6f639a5209f70a6c065f57bfd4b2bf3e28dbe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 29 Apr 2024 18:39:00 +0200 Subject: [PATCH] libselinux: avoid pointer dereference before check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit 5876aca0 ("libselinux: free data on selabel open failure") the close handler of label backends must support partial initialized state, e.g. ->data being NULL. Thus checks for NULL were added, but in two cases the pointers in question were already dereferenced before. Reorder the dereference after the NULL-checks. Fixes: 5876aca0 ("libselinux: free data on selabel open failure") Reported-by: Cppcheck Signed-off-by: Christian Göttsche Acked-by: James Carter --- src/label_media.c | 4 +++- src/label_x.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/label_media.c b/src/label_media.c index 94a58062..852aeada 100644 --- a/src/label_media.c +++ b/src/label_media.c @@ -164,12 +164,14 @@ finish: static void close(struct selabel_handle *rec) { struct saved_data *data = (struct saved_data *)rec->data; - struct spec *spec, *spec_arr = data->spec_arr; + struct spec *spec, *spec_arr; unsigned int i; if (!data) return; + spec_arr = data->spec_arr; + for (i = 0; i < data->nspec; i++) { spec = &spec_arr[i]; free(spec->key); diff --git a/src/label_x.c b/src/label_x.c index f994eefa..a8decc7a 100644 --- a/src/label_x.c +++ b/src/label_x.c @@ -191,12 +191,14 @@ finish: static void close(struct selabel_handle *rec) { struct saved_data *data = (struct saved_data *)rec->data; - struct spec *spec, *spec_arr = data->spec_arr; + struct spec *spec, *spec_arr; unsigned int i; if (!data) return; + spec_arr = data->spec_arr; + for (i = 0; i < data->nspec; i++) { spec = &spec_arr[i]; free(spec->key); -- 2.33.0