diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-08-23 14:48:40 +0200 |
---|---|---|
committer | Lukáš Nykrýn <lnykryn@redhat.com> | 2019-05-03 12:50:30 +0200 |
commit | 709214f554355158b2c3e70c7f3424997e002cee (patch) | |
tree | 674b85b9bfb3867270ffecbd9a29d4714b04c684 /test | |
parent | b63440ad69581bad39a2eda7ab449f8a3f901c4e (diff) | |
download | systemd-709214f554355158b2c3e70c7f3424997e002cee.tar.gz |
bus-message: avoid wrap-around when using length read from message
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.
The fuzzer test case is just for one site, but they all look similar.
v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
(cherry picked from commit 902000c19830f5e5a96e8948d691b42e91ecb1e7)
Resolves: #1696224
Diffstat (limited to 'test')
-rw-r--r-- | test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 | bin | 0 -> 40 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 b/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 Binary files differnew file mode 100644 index 0000000000..b3fee9e07a --- /dev/null +++ b/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36 |