commit bf2f9270195fc7425ce1712281a5e48147cc5091
author George Burgess IV <gbiv@google.com> Tue Mar 19 12:00:26 2019 -0700
committer George Burgess IV <gbiv@google.com> Tue Mar 19 12:10:51 2019 -0700
tree aa6142e3d2a4d1c32d6d97cc29437d37929bc731
parent e668732936e853fad060dfd35e3509980b7741f5

Fix memory leaks

This CL fixes leaks of the policy that we're building up. The analyzer
only caught the leaks on the error path, but I assume that
`check_assertions` does nothing to free the object that it's handed.

Analyzer warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'avrule'
[clang-analyzer-unix.Malloc]

system/sepolicy/tools/sepolicy-analyze/neverallow.c:439:9: warning:
Potential leak of memory pointed to by 'neverallows'
[clang-analyzer-unix.Malloc]

Bug: None
Test: Treehugger; reran the analyzer
Change-Id: I79a0c34e8b53d33a1f01497337590eab660ad3ec

tools/sepolicy-analyze/neverallow.c

diff --git a/tools/sepolicy-analyze/neverallow.c b/tools/sepolicy-analyze/neverallow.c
index 25e6a0c..0209678 100644
--- a/tools/sepolicy-analyze/neverallow.c
+++ b/tools/sepolicy-analyze/neverallow.c
@@ -380,6 +380,7 @@
     size_t keyword_size = strlen(keyword), len;
     struct avrule *neverallows = NULL, *avrule;
     char *p, *start;
+    int result;
 
     p = text;
     while (p < end) {
@@ -434,12 +435,19 @@
     if (!neverallows)
         goto err;
 
-    return check_assertions(NULL, policydb, neverallows);
+    result = check_assertions(NULL, policydb, neverallows);
+    avrule_list_destroy(neverallows);
+    return result;
 err:
     if (errno == ENOMEM) {
         fprintf(stderr, "Out of memory while parsing neverallow rules\n");
     } else
         fprintf(stderr, "Error while parsing neverallow rules\n");
+
+    avrule_list_destroy(neverallows);
+    if (avrule != neverallows)
+        avrule_destroy(avrule);
+
     return -1;
 }