Commit 08020dbe authored Feb 10, 2026 by Massimiliano Pellizzer Committed by John Johansen Feb 18, 2026

apparmor: fix signedness bug in unpack_tags()



Smatch static checker warning:
    security/apparmor/policy_unpack.c:966 unpack_pdb()
    warn: unsigned 'unpack_tags(e, &pdb->tags, info)' is never less than zero.

unpack_tags() is declared with return type size_t (unsigned) but returns
negative errno values on failure. The caller in unpack_pdb() tests the
return with `< 0`, which is always false for an unsigned type, making
error handling dead code. Malformed tag data would be silently accepted
instead of causing a load failure.

Change return type of unpack_tags() from size_t to int to match the
functions's actual semantic.

Fixes: 3d28e239 ("apparmor: add support loading per permission tagging")
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Massimiliano Pellizzer <mpellizzer.dev@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

parent 1b51bd76

security/apparmor/policy_unpack.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -835,7 +835,7 @@ static int unpack_tag_headers(struct aa_ext e, struct aa_tags_struct tags)
		}


		static size_t unpack_tags(struct aa_ext e, struct aa_tags_struct tags,
		static int unpack_tags(struct aa_ext e, struct aa_tags_struct tags,
		const char **info)
		{
		int error = -EPROTO;