diff -u -p -r1.5 ebitmap.c
--- libsepol/src/ebitmap.c	7 Oct 2005 20:10:15 -0000	1.5
+++ libsepol/src/ebitmap.c	27 Mar 2006 21:13:45 -0000
@@ -12,6 +12,7 @@
 #include <sepol/policydb/ebitmap.h>
 #include <sepol/policydb/policydb.h>
 
+#include "debug.h"
 #include "private.h"
 
 int ebitmap_or(ebitmap_t * dst, ebitmap_t * e1, ebitmap_t * e2)
@@ -182,6 +183,10 @@ int ebitmap_set_bit(ebitmap_t * e, unsig
 {
 	ebitmap_node_t *n, *prev, *new;
 
+	if (bit == (unsigned int)-1) {
+		ERR(NULL, "negative bit position.");
+		return -EINVAL;
+	}
 
 	prev = 0;
 	n = e->node;
Index: libsepol/src/expand.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsepol/src/expand.c,v
retrieving revision 1.23
diff -u -p -r1.23 expand.c
--- libsepol/src/expand.c	13 Feb 2006 13:59:54 -0000	1.23
+++ libsepol/src/expand.c	27 Mar 2006 21:17:21 -0000
@@ -138,6 +138,8 @@ static int attr_convert_callback(hashtab
 	ebitmap_for_each_bit(&type->types, node, i) {
 		if (!ebitmap_node_get_bit(node, i))
 			continue; 
+		if (!state->typemap[i])
+			continue;
 		if (ebitmap_set_bit(&new_type->types,
 				    state->typemap[i]-1, 1)) {
 			ERR (state->handle, "out of memory");
@@ -1441,6 +1443,8 @@ int expand_convert_type_set(policydb_t *
 	ebitmap_for_each_bit(&tmp, tnode, i) {                
                 if (!ebitmap_node_get_bit(tnode, i))
                         continue;
+		if (!typemap[i])
+			continue;
                 if (ebitmap_set_bit(types, typemap[i] - 1, 1))
                         return -1;
         }