diff options
author | Nicolas Boichat <drinkcat@chromium.org> | 2018-06-22 21:35:34 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-28 07:06:53 -0700 |
commit | 8e2765c4208dc86077ee7932d4e414aa79c3e354 (patch) | |
tree | fdefac2239610f2db8e8972d23f4341944adce0c /util/cros_ec_dev.h | |
parent | 6c6888037c8d82228b480eeba0eaf1b0aa83e9f8 (diff) | |
download | chrome-ec-8e2765c4208dc86077ee7932d4e414aa79c3e354.tar.gz |
host_command: Fix response_size to match data that was copied
Both host_command_read_test and host_command_test_protocol write
back an incorrect response_size, that does not match the number
of bytes that were actually copied.
This is easily noticed when fuzzing with verbose host command
printing, as host_command_debug_request attempts to print
the whole response, reading the response buffer out of bounds.
BRANCH=none
BUG=chromium:854975
TEST=
#define FUZZ_HOSTCMD_VERBOSE in test/test_config.h
echo AwoAAAAALADvDAE= | base64 -d > crash
Request: cmd=0013 data=03df1300007f0b000000007f00007f7f7f7f06
or
echo AwMAAEpK | base64 -d > crash
Request: cmd=0003 data=03650300004a01004a
make buildfuzztests -j
ASAN_OPTIONS="log_path=stderr" \
build/host/host_command_fuzz/host_command_fuzz.exe crash
Change-Id: Ibc8fe958cf6fae38fbfecec558c37ed3d676a51b
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1116199
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'util/cros_ec_dev.h')
0 files changed, 0 insertions, 0 deletions