diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-08-11 08:32:20 +0200 |
|---|---|---|
| committer | Lukáš Nykrýn <lnykryn@redhat.com> | 2019-05-03 12:50:30 +0200 |
| commit | d212765dc94ba25c04e0e9a278586f0e86851e35 (patch) | |
| tree | c37441367f64b3d16430e0169f96858821977b20 /test | |
| parent | f6af2bfe4b353b25a61c362c3ada9be06c8f15c9 (diff) | |
| download | systemd-d212765dc94ba25c04e0e9a278586f0e86851e35.tar.gz | |
bus-message: fix skipping of array fields in !gvariant messages
We copied part of the string into a buffer that was off by two.
If the element signature had length one, we'd copy 0 bytes and crash when
looking at the "first" byte. Otherwise, we would crash because strncpy would
not terminate the string.
(cherry picked from commit 73777ddba5100fe6c0791cd37a91f24a515f3202)
Resolves: #1696224
Diffstat (limited to 'test')
| -rw-r--r-- | test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 | bin | 0 -> 534 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 b/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 Binary files differnew file mode 100644 index 0000000000..6a20265a39 --- /dev/null +++ b/test/fuzz/fuzz-bus-message/crash-37449529b1ad867f0c2671fa80aca5d7812a2b70 |