diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-05-20 09:05:17 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-05-20 09:33:54 +0200 |
| commit | e0c17a7d1bdd197dfb5e24ba527bd281f404f1a9 (patch) | |
| tree | 387000eee594a77a866ab54204c9f5d87cd1bcd3 /test | |
| parent | 1d06deba0fb82411a209d5bdd99f0fb42a174788 (diff) | |
| download | systemd-e0c17a7d1bdd197dfb5e24ba527bd281f404f1a9.tar.gz | |
bus-message: fix negative offset with ~empty message
In the linked reproducer, m->fields_size == 0, and we calculate ri == -1, which
of course doesn't end well. Skip the whole calculation if m->fields_size == 0,
and also check that we don't go negative even if it is non-zero.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19446 and #15583.
Diffstat (limited to 'test')
| -rw-r--r-- | test/fuzz/fuzz-bus-message/oss-fuzz-19446 | bin | 0 -> 17 bytes |
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/oss-fuzz-19446 b/test/fuzz/fuzz-bus-message/oss-fuzz-19446 Binary files differnew file mode 100644 index 0000000000..f937ef8c71 --- /dev/null +++ b/test/fuzz/fuzz-bus-message/oss-fuzz-19446 |