diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 4005023d241..8a8fbde7810 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -3159,7 +3159,8 @@ static struct bus_body_part* find_part(sd_bus_message *m, size_t index, size_t s return NULL; if (p) - *p = (uint8_t*) part->data + index - begin; + *p = part->data ? (uint8_t*) part->data + index - begin + : NULL; /* Avoid dereferencing a NULL pointer. */ m->cached_rindex_part = part; m->cached_rindex_part_begin = begin; diff --git a/test/fuzz/fuzz-bus-message/zero-offset-to-null-pointer b/test/fuzz/fuzz-bus-message/zero-offset-to-null-pointer new file mode 100644 index 00000000000..c1380441ed1 Binary files /dev/null and b/test/fuzz/fuzz-bus-message/zero-offset-to-null-pointer differ