1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
systemd-stable/test/fuzz/fuzz-bus-message/crash-603dfd98252375ac7dbced53c2ec312671939a36
Zbigniew Jędrzejewski-Szmek 902000c198 bus-message: avoid wrap-around when using length read from message
We would read (-1), and then add 1 to it, call message_peek_body(..., 0, ...),
and when trying to make use of the data.

The fuzzer test case is just for one site, but they all look similar.

v2: fix two UINT8_MAX/UINT32_MAX mismatches founds by LGTM
2018-10-02 11:59:08 +02:00

40 B