From abba1018e447d5cf89b9122df98d4756013885a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sun, 23 May 2021 20:26:45 +0200
Subject: [PATCH] fix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

hierarchy.c:638:8: runtime error: applying zero offset to null pointer
    #0 0x60e6a7 in hierarchy_add_role_callback /home/christian/Coding/workspaces/selinux_userland/libsepol/src/hierarchy.c:638:8
    #1 0x607201 in hashtab_map /home/christian/Coding/workspaces/selinux_userland/libsepol/src/hashtab.c:234:10
    #2 0x60c823 in hierarchy_add_bounds /home/christian/Coding/workspaces/selinux_userland/libsepol/src/hierarchy.c:653:7
    #3 0x60fbf5 in hierarchy_check_constraints /home/christian/Coding/workspaces/selinux_userland/libsepol/src/hierarchy.c:674:7
    #4 0x557023 in LLVMFuzzerTestOneInput /home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer.c:115:6
    #5 0x45cf31 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x45cf31)
    #6 0x45e546 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x45e546)
    #7 0x45e9d9 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x45e9d9)
    #8 0x44cfc6 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x44cfc6)
    #9 0x476ee2 in main (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x476ee2)
    #10 0x7fdbc2259d09 in __libc_start_main csu/../csu/libc-start.c:308:16
    #11 0x4216f9 in _start (/home/christian/Coding/workspaces/selinux_userland/checkpolicy/checkmodule-fuzzer+0x4216f9)

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/hierarchy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/src/hierarchy.c b/libsepol/src/hierarchy.c
index 8919daa79e..325b2fb7d6 100644
--- a/libsepol/src/hierarchy.c
+++ b/libsepol/src/hierarchy.c
@@ -603,7 +603,7 @@ int bounds_check_users(sepol_handle_t *handle, policydb_t *p)
 	prefix##_datum_t *parent;					\
 	char *parent_name, *datum_name, *tmp;				\
 									\
-	if (!datum->bounds) {						\
+	if (p->p_##prefix##_val_to_name && !datum->bounds) {		\
 		datum_name = p->p_##prefix##_val_to_name[datum->s.value - 1]; \
 									\
 		tmp = strrchr(datum_name, '.');				\