1382472 – semodule_package segfaults on certain inputs

Bug 1382472 - semodule_package segfaults on certain inputs

Summary: semodule_package segfaults on certain inputs

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Lautrbach
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-10-06 18:56 UTC by Milos Malik
Modified:	2017-06-29 13:41 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1382490 1382754 (view as bug list)
Environment:
Last Closed:	2017-06-29 13:41:50 UTC
Target Upstream Version:

Attachments	(Terms of Use)
first input file found by AFL that crashed semodule_package (1.46 KB, application/octet-stream) 2016-10-06 18:59 UTC, Milos Malik	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2016-10-06 18:56:26 UTC

Description of problem:
* found by American Fuzzy Lop

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-4.el7.x86_64
libsemanage-python-2.5-4.el7.x86_64
libsepol-2.5-6.el7.x86_64
policycoreutils-2.5-8.el7.x86_64
policycoreutils-python-2.5-8.el7.x86_64

How reproducible:
* always

Steps to Reproduce:
# semodule_package -o mypolicy.pp -m crash2 
security: ebitmap: map size 0 does not match my size 64 (high bit was 1)
security: ebitmap: map size 1 does not match my size 64 (high bit was 64)
security: ebitmap: map size 1 does not match my size 64 (high bit was 0)
Segmentation fault
# echo $?
139
# dmesg | tail -n 1
[  316.625311] semodule_packag[4547]: segfault at 7f6d77da91c8 ip 00007f6576d20dd4 sp 00007fffdb1b7780 error 6 in libsepol.so.1[7f6576cf2000+95000]
# 

Actual results:
* segfault

Expected results:
* some error message but no segfault

Comment 1 Milos Malik 2016-10-06 18:59:26 UTC

Created attachment 1208020 [details]
first input file found by AFL that crashed semodule_package

Note You need to log in before you can comment on or make changes to this bug.