Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1382760

Summary: semodule_link segfaults on certain inputs
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: policycoreutilsAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: low    
Version: 7.3CC: dwalsh, lvrabec, mgrepl, mmalik, plautrba, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1382490
: 1382769 (view as bug list) Environment:
Last Closed: 2017-06-29 13:42:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
bzip2 archive of input files causing a crash none

Description Milos Malik 2016-10-07 16:04:47 UTC 
Created attachment 1208185 [details]
bzip2 archive of input files causing a crash

Description of problem:
* found by American Fuzzy Lop

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-debuginfo-2.5-6.el7.x86_64
libselinux-devel-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-ruby-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-4.el7.x86_64
libsemanage-devel-2.5-4.el7.x86_64
libsemanage-python-2.5-4.el7.x86_64
libsemanage-static-2.5-4.el7.x86_64
libsepol-2.5-6.el7.x86_64
libsepol-debuginfo-2.5-6.el7.x86_64
libsepol-devel-2.5-6.el7.x86_64
libsepol-static-2.5-6.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-debuginfo-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
policycoreutils-gui-2.5-9.el7.x86_64
policycoreutils-newrole-2.5-9.el7.x86_64
policycoreutils-python-2.5-9.el7.x86_64
policycoreutils-sandbox-2.5-9.el7.x86_64
selinux-policy-3.13.1-102.el7.noarch
selinux-policy-devel-3.13.1-102.el7.noarch
selinux-policy-doc-3.13.1-102.el7.noarch
selinux-policy-minimum-3.13.1-102.el7.noarch
selinux-policy-mls-3.13.1-102.el7.noarch
selinux-policy-sandbox-3.13.1-102.el7.noarch
selinux-policy-targeted-3.13.1-102.el7.noarch

How reproducible:
* always

Steps to Reproduce:
# tar jxf crashes.tar.bz2 
# ls -l semodule_link
total 3752
-rw-r--r--. 1 root root   64540 Oct  7 17:49 empty.pp
-rw-------. 1 root root 1888053 Oct  7 17:47 id000000
-rw-------. 1 root root 1888053 Oct  7 17:46 id000001
# semodule_link -o output semodule_link/id000001 semodule_link/empty.pp 
semodule_link:  loading package from file semodule_link/id000001
Segmentation fault
# dmesg | tail -n 1
[26281.682140] semodule_link[10834]: segfault at 0 ip 00007f0637b40544 sp 00007ffea7f02680 error 4 in libsepol.so.1[7f0637b2f000+95000]
# semodule_link -o output semodule_link/id000000 semodule_link/empty.pp
semodule_link:  loading package from file semodule_link/id000000
semodule_link:  loading package from file semodule_link/empty.pp
libsepol.ebitmap_set_bit: bitmap overflow, bit 0xffffffff
libsepol.copy_scope_index: Out of memory!
*** Error in `semodule_link': double free or corruption (out): 0x00007fd735663040 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7c503)[0x7fd7334a7503]
/lib64/libsepol.so.1(+0xa63c)[0x7fd733a1d63c]
/lib64/libsepol.so.1(+0xa662)[0x7fd733a1d662]
/lib64/libsepol.so.1(+0xa6bf)[0x7fd733a1d6bf]
/lib64/libsepol.so.1(+0x7982)[0x7fd733a1a982]
/lib64/libsepol.so.1(+0x7b0f)[0x7fd733a1ab0f]
/lib64/libsepol.so.1(+0x7b4c)[0x7fd733a1ab4c]
/lib64/libsepol.so.1(+0x1e764)[0x7fd733a31764]
/lib64/libsepol.so.1(sepol_link_packages+0x68)[0x7fd733a34aa8]
semodule_link(+0xfee)[0x7fd733ecdfee]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fd73344cb35]
semodule_link(+0x1194)[0x7fd733ece194]
======= Memory map: ========
7fd72c000000-7fd72c021000 rw-p 00000000 00:00 0 
7fd72c021000-7fd730000000 ---p 00000000 00:00 0 
7fd732b94000-7fd732ba9000 r-xp 00000000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732ba9000-7fd732da8000 ---p 00015000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732da8000-7fd732da9000 r--p 00014000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732da9000-7fd732daa000 rw-p 00015000 fd:02 37469376                   /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7fd732daa000-7fd732dc1000 r-xp 00000000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732dc1000-7fd732fc0000 ---p 00017000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc0000-7fd732fc1000 r--p 00016000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc1000-7fd732fc2000 rw-p 00017000 fd:02 34058634                   /usr/lib64/libpthread-2.17.so
7fd732fc2000-7fd732fc6000 rw-p 00000000 00:00 0 
7fd732fc6000-7fd732fc8000 r-xp 00000000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd732fc8000-7fd7331c8000 ---p 00002000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331c8000-7fd7331c9000 r--p 00002000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331c9000-7fd7331ca000 rw-p 00003000 fd:02 33855089                   /usr/lib64/libdl-2.17.so
7fd7331ca000-7fd73322a000 r-xp 00000000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73322a000-7fd733429000 ---p 00060000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd733429000-7fd73342a000 r--p 0005f000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73342a000-7fd73342b000 rw-p 00060000 fd:02 33871161                   /usr/lib64/libpcre.so.1.2.0
7fd73342b000-7fd7335e1000 r-xp 00000000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7335e1000-7fd7337e1000 ---p 001b6000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e1000-7fd7337e5000 r--p 001b6000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e5000-7fd7337e7000 rw-p 001ba000 fd:02 33722321                   /usr/lib64/libc-2.17.so
7fd7337e7000-7fd7337ec000 rw-p 00000000 00:00 0 
7fd7337ec000-7fd733810000 r-xp 00000000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733810000-7fd733a0f000 ---p 00024000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a0f000-7fd733a10000 r--p 00023000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a10000-7fd733a11000 rw-p 00024000 fd:02 33696881                   /usr/lib64/libselinux.so.1
7fd733a11000-7fd733a13000 rw-p 00000000 00:00 0 
7fd733a13000-7fd733aa8000 r-xp 00000000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733aa8000-7fd733ca8000 ---p 00095000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733ca8000-7fd733ca9000 r--p 00095000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733ca9000-7fd733caa000 rw-p 00096000 fd:02 34636291                   /usr/lib64/libsepol.so.1
7fd733caa000-7fd733cab000 rw-p 00000000 00:00 0 
7fd733cab000-7fd733ccb000 r-xp 00000000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733e9c000-7fd733ea1000 rw-p 00000000 00:00 0 
7fd733ec7000-7fd733eca000 rw-p 00000000 00:00 0 
7fd733eca000-7fd733ecb000 r--p 0001f000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733ecb000-7fd733ecc000 rw-p 00020000 fd:02 33640401                   /usr/lib64/ld-2.17.so
7fd733ecc000-7fd733ecd000 rw-p 00000000 00:00 0 
7fd733ecd000-7fd733ecf000 r-xp 00000000 fd:02 16993335                   /usr/bin/semodule_link
7fd7340ce000-7fd7340cf000 r--p 00001000 fd:02 16993335                   /usr/bin/semodule_link
7fd7340cf000-7fd7340d0000 rw-p 00002000 fd:02 16993335                   /usr/bin/semodule_link
7fd735162000-7fd735669000 rw-p 00000000 00:00 0                          [heap]
7ffdc6ec9000-7ffdc6eea000 rw-p 00000000 00:00 0                          [stack]
7ffdc6f5a000-7ffdc6f5c000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted
# 

Actual results:
* segfaults

Expected results:
* some error message but no segfault