[apparmor] [PATCH] parser: Quiet valgrind false positive

Wed Feb 5 18:22:42 UTC 2014

strlen() assumes that it can read an entire word but when a char array
array does not end on a word boundary, it reads past the end of the
array. This results in the following valgrind warning:

 Invalid read of size 4
    at 0x40A162: yylex() (parser_lex.l:277)
    by 0x40FA14: yyparse() (parser_yacc.c:1487)
    by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
    by 0x404074: main (parser_main.c:1340)
  Address 0x578d870 is 16 bytes inside a block of size 18 alloc'd
    at 0x4C2A420: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x53E31C9: strdup (strdup.c:42)
    by 0x40A145: yylex() (parser_lex.l:276)
    by 0x40FA14: yyparse() (parser_yacc.c:1487)
    by 0x40C5B9: process_profile(int, char const*) (parser_main.c:1003)
    by 0x404074: main (parser_main.c:1340)

This patch quiets the warning by not using strlen(). This can be done
because yyleng already contains the length of string.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 parser/parser_lex.l | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index 1938297..1b60053 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -273,8 +273,7 @@ LT_EQUAL	<=
 
 <INCLUDE>{
 	(\<([^\> \t\n]+)\>|\"([^\" \t\n]+)\")	{	/* <filename> */
-		char *filename = strdup(yytext);
-		filename[strlen(filename) - 1] = '\0';
+		char *filename = strndup(yytext, yyleng - 1);
 		include_filename(filename + 1, *filename == '<');
 		free(filename);
 		yy_pop_state();
-- 
1.9.rc1


