From b9422bf04c66ac4c6fd5fec1f539e8ff270f83f1 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 10 Jun 2019 13:51:20 +0200
Subject: [PATCH] expression: use expr_clone() from verdict_expr_clone()

Chains are now expressions, do not assume a constant value is used.

==26302== Process terminating with default action of signal 11 (SIGSEGV)
==26302==  Access not within mapped region at address 0x50
==26302==    at 0x67D7EE7: __gmpz_init_set (in /usr/lib/x86_64-linux-gnu/libgmp.so.10.3.2)
==26302==    by 0x4E61224: expr_clone (expression.c:65)
==26302==    by 0x4E7898B: interval_map_decompose (segtree.c:943)
==26302==    by 0x4E6DDA0: netlink_list_setelems (netlink.c:882)
==26302==    by 0x4E5A806: cache_init_objects (rule.c:166)
==26302==    by 0x4E5A806: cache_init (rule.c:216)
==26302==    by 0x4E5A806: cache_update (rule.c:266)
==26302==    by 0x4E7E0EE: nft_evaluate (libnftables.c:388)
==26302==    by 0x4E7E8AB: nft_run_cmd_from_buffer (libnftables.c:428)

Fixes: f1e8a129ee42 ("src: Introduce chain_expr in jump and goto statements")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit aaf0167f2615372c1baaff327d1fb89d4297a52a)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/expression.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/expression.c b/src/expression.c
index 411047cb9341d..a339c6f30bce5 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -184,7 +184,7 @@ static void verdict_expr_clone(struct expr *new, const struct expr *expr)
 {
 	new->verdict = expr->verdict;
 	if (expr->chain != NULL)
-		mpz_init_set(new->chain->value, expr->chain->value);
+		new->chain = expr_clone(expr->chain);
 }
 
 static void verdict_expr_destroy(struct expr *expr)
-- 
2.21.0