Bug 1382754 - semodule_expand segfaults on certain inputs
Summary: semodule_expand segfaults on certain inputs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: policycoreutils
Version: 7.3
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-07 15:43 UTC by Milos Malik
Modified: 2017-06-29 13:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1382472
Environment:
Last Closed: 2017-06-29 13:42:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
bzip2 archive of input files causing a crash (172.38 KB, application/x-bzip)
2016-10-07 15:43 UTC, Milos Malik 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2016-10-07 15:43:47 UTC 
Created attachment 1208180 [details]
bzip2 archive of input files causing a crash

Description of problem:
* found by American Fuzzy Lop

Version-Release number of selected component (if applicable):
libselinux-2.5-6.el7.x86_64
libselinux-debuginfo-2.5-6.el7.x86_64
libselinux-devel-2.5-6.el7.x86_64
libselinux-python-2.5-6.el7.x86_64
libselinux-ruby-2.5-6.el7.x86_64
libselinux-utils-2.5-6.el7.x86_64
libsemanage-2.5-4.el7.x86_64
libsemanage-devel-2.5-4.el7.x86_64
libsemanage-python-2.5-4.el7.x86_64
libsemanage-static-2.5-4.el7.x86_64
libsepol-2.5-6.el7.x86_64
libsepol-debuginfo-2.5-6.el7.x86_64
libsepol-devel-2.5-6.el7.x86_64
libsepol-static-2.5-6.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-debuginfo-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
policycoreutils-gui-2.5-9.el7.x86_64
policycoreutils-newrole-2.5-9.el7.x86_64
policycoreutils-python-2.5-9.el7.x86_64
policycoreutils-sandbox-2.5-9.el7.x86_64
selinux-policy-3.13.1-102.el7.noarch
selinux-policy-devel-3.13.1-102.el7.noarch
selinux-policy-doc-3.13.1-102.el7.noarch
selinux-policy-minimum-3.13.1-102.el7.noarch
selinux-policy-mls-3.13.1-102.el7.noarch
selinux-policy-sandbox-3.13.1-102.el7.noarch
selinux-policy-targeted-3.13.1-102.el7.noarch

How reproducible:
* always

Steps to Reproduce:
# tar jxf crashes.tar.bz2
# ls -l semodule_expand/
total 5532
-rw-------. 1 root root 1888053 Oct  7 17:28 id000000
-rw-------. 1 root root 1888053 Oct  7 17:28 id000001
-rw-------. 1 root root 1888053 Oct  7 17:28 id000002
# semodule_expand semodule_expand/id000000 output
Segmentation fault
# dmesg | tail -n 1
[25004.756204] semodule_expand[9156]: segfault at 0 ip 00007f6942b39e71 sp 00007ffd8dd13c58 error 4 in libc-2.17.so[7f69429d6000+1b6000]
# semodule_expand semodule_expand/id000001 output
Segmentation fault
# dmesg | tail -n 1
[25049.115354] semodule_expand[9214]: segfault at 7fcc853e9080 ip 00007fcc843953a0 sp 00007ffcfe125e40 error 4 in libsepol.so.1[7fcc84388000+95000]
# semodule_expand semodule_expand/id000002 output
Segmentation fault
# dmesg | tail -n 1
[25057.699634] semodule_expand[9237]: segfault at 0 ip 00007f1e643ba544 sp 00007ffe893283e0 error 4 in libsepol.so.1[7f1e643a9000+95000]
#

Actual results:
* segfaults

Expected results:
* some error message but no segfault
Note You need to log in before you can comment on or make changes to this bug.