diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-08-11 08:32:20 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-10-02 11:53:20 +0200 |
| commit | 73777ddba5100fe6c0791cd37a91f24a515f3202 (patch) | |
| tree | 601fd142d1bc2e68f1ea0cc6f893a6987242819d /test | |
| parent | 0b4775b52747bebf7ecb62062798475629767044 (diff) | |
| download | systemd-73777ddba5100fe6c0791cd37a91f24a515f3202.tar.gz | |
bus-message: fix skipping of array fields in !gvariant messages
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
Diffstat (limited to 'test')
| -rw-r--r-- | test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 | bin | 0 -> 534 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 b/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 Binary files differnew file mode 100644 index 0000000000..6a20265a39 --- /dev/null +++ b/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 |