mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
12603b84d2
The offsets specify the ends of variable length data. We would trust the incoming data, putting the offsets specified in our message into the offsets tables after doing some superficial verification. But when actually reading the data we apply alignment, so we would take the previous offset, align it, making it bigger then current offset, and then we'd try to read data of negative length. In the attached example, the message specifies the following offsets: [1, 4] but the alignment of those items is [1, 8] so we'd calculate the second item as starting at 8 and ending at 4. |
||
---|---|---|
.. | ||
fuzz-bus-message | ||
fuzz-dhcp6-client | ||
fuzz-dhcp-server | ||
fuzz-dns-packet | ||
fuzz-journal-remote | ||
fuzz-journald-syslog | ||
fuzz-ndisc-rs | ||
fuzz-unit-file | ||
.gitattributes | ||
meson.build |