diff --git a/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch b/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f27dc56565b67e76f1804bfd1329428a4cd98a49
--- /dev/null
+++ b/backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch
@@ -0,0 +1,34 @@
+From c916f0884bd08b99ddc77b6a148a730d107a9979 Mon Sep 17 00:00:00 2001
+From: Juraj Marcin <juraj@jurajmarcin.com>
+Date: Mon, 29 Aug 2022 14:28:40 +0200
+Subject: [PATCH] checkpolicy: avoid passing NULL pointer to memset()
+
+Function `class_perm_node_init()` is called with `dest_perms` before it
+is checked that its allocation succeeded. If the allocation fails, then
+a NULL pointer is passed to `memset()` inside the
+`class_perm_node_init()` function.
+
+Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com>
+Conflict: file path adaptation
+---
+ checkpolicy/policy_define.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/policy_define.c b/policy_define.c
+index f3b488702..54bb304b3 100644
+--- a/policy_define.c
++++ b/policy_define.c
+@@ -2371,11 +2371,12 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
+ 	src_perms = src->perms;
+ 	while (src_perms) {
+ 		dest_perms = (class_perm_node_t *) calloc(1, sizeof(class_perm_node_t));
+-		class_perm_node_init(dest_perms);
+ 		if (!dest_perms) {
+ 			yyerror("out of memory");
+ 			return -1;
+ 		}
++		class_perm_node_init(dest_perms);
++
+ 		if (!dest->perms)
+ 			dest->perms = dest_perms;
+ 		else
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 0e4fd5c9802f163f51cbbcefc0ca684f29845afe..a8d96063f512917f64017d460226532f41e32a6d 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -1,11 +1,13 @@
 Name:          checkpolicy
 Version:       3.1
-Release:       1
+Release:       2
 Summary:       SELinux policy compiler
 License:       GPLv2
 URL:           https://github.com/SELinuxProject/selinux
 Source0:       https://github.com/SELinuxProject/selinux/releases/download/20200710/checkpolicy-3.1.tar.gz
 
+Patch0:        backport-checkpolicy-avoid-passing-NULL-pointer-to-memset.patch
+
 BuildRequires: gcc byacc bison flex flex-static libsepol-static libselinux-devel git
 
 Conflicts: selinux-policy-base < 3.13.1-138
@@ -54,6 +56,10 @@ install test/dispol %{buildroot}%{_bindir}/sedispol
 %{_mandir}/*/*
 
 %changelog
+* Thu Feb 16 2023 zhangguangzhi <zhangguangzhi3@huawei.com> - 3.1-2
+- backport patch
+  backport checkpolicy avoid passing NULL pointer to memset
+
 * Tue Aug 25 2020 liquor <lirui130@huawei.com> - 3.1-1
 - update to 3.1