git.ipfire.org Git - thirdparty/systemd.git/commit

]> git.ipfire.org Git - thirdparty/systemd.git/commit

projects / thirdparty / systemd.git / commit

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 20 May 2020 07:05:17 +0000 (09:05 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 20 May 2020 07:33:54 +0000 (09:33 +0200)
commit	e0c17a7d1bdd197dfb5e24ba527bd281f404f1a9
tree	387000eee594a77a866ab54204c9f5d87cd1bcd3	tree \| snapshot
parent	1d06deba0fb82411a209d5bdd99f0fb42a174788	commit \| diff

bus-message: fix negative offset with ~empty message

In the linked reproducer, m->fields_size == 0, and we calculate ri == -1, which
of course doesn't end well. Skip the whole calculation if m->fields_size == 0,
and also check that we don't go negative even if it is non-zero.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19446 and #15583.

src/libsystemd/sd-bus/bus-message.c		diff \| blob \| blame \| history
test/fuzz/fuzz-bus-message/oss-fuzz-19446	[new file with mode: 0644]	blob

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom