diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-08-23 14:48:40 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-02 11:59:08 +0200 |
commit | 902000c19830f5e5a96e8948d691b42e91ecb1e7 (patch) | |
tree | 98cfc501ff2a8ad2937663cee1831186b7361f93 /test | |
parent | d831fb6f2bde829f9309aea242f502587662d1cc (diff) | |
download | systemd-902000c19830f5e5a96e8948d691b42e91ecb1e7.tar.gz systemd-902000c19830f5e5a96e8948d691b42e91ecb1e7.tar.bz2 systemd-902000c19830f5e5a96e8948d691b42e91ecb1e7.zip |
bus-message: avoid wrap-around when using length read from message
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.
The fuzzer test case is just for one site, but they all look similar.
v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
Diffstat (limited to 'test')
-rw-r--r-- | test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 | bin | 0 -> 40 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 b/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 Binary files differnew file mode 100644 index 0000000000..b3fee9e07a --- /dev/null +++ b/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 |