delta/coreboot/chrome-ec.git - review.coreboot.org: chrome-ec.git

diff options

author	Nicolas Boichat <drinkcat@chromium.org>	2019-05-15 13:07:35 +0800
committer	chrome-bot <chrome-bot@chromium.org>	2019-05-16 09:04:26 -0700
commit	f88989e7518b97c83afc93497f97e33d9d4c12f4 (patch)
tree	aff241c15d12ee97b0f08f3e90ec5597608804a8 /util
parent	2c321f4ab89d2ec171f7b3c463893fa5051479fe (diff)
download	chrome-ec-f88989e7518b97c83afc93497f97e33d9d4c12f4.tar.gz

tcpci/usb_pd_fuzz: Avoid using unitialized data in payload

Found with MSAN fuzzer: usb_pd_protocol.c may use payload data that is not initialized. Fix the test by copying over the whole payload, which is what tcpci.c's version does. Also, in tcpci.c, clear cached_messages head before using get_message_raw to fill it up, to make sure that we do not accidentally use older data in the queue. BRANCH=none BUG=chromium:963076 TEST=make TEST_MSAN=y host-usb_pd_fuzz -j MSAN_OPTIONS=log_path=stderr:exitcode=0 \ build/host/usb_pd_fuzz/usb_pd_fuzz.exe \ clusterfuzz-testcase-minimized-ec_usb_pd_fuzzer-5716775969357824 Change-Id: I74c38538440cb5a01d1714657b9e2d63e5b80cea Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1610163 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>

Diffstat (limited to 'util')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: