Skip to content

Commit

Permalink
fuzz-bus-message: add a testcase triggering an invalid read
Browse files Browse the repository at this point in the history 
on 32-bit architectures so that it won't get lost.
```
==169373==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4900780 at pc 0xf75dd9cf bp 0xfff63438 sp 0xfff6342c
READ of size 1 at 0xf4900780 thread T0
    #0 0xf75dd9ce in bus_message_parse_fields ../src/libsystemd/sd-bus/bus-message.c:5272
    #1 0xf75b68c3 in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:568
    #2 0x80497f3 in LLVMFuzzerTestOneInput ../src/libsystemd/sd-bus/fuzz-bus-message.c:30
    #3 0x804a0ba in main ../src/fuzz/fuzz-main.c:50
    #4 0xf6f1f468 in __libc_start_call_main (/lib/libc.so.6+0x25468)
    #5 0xf6f1f549 in __libc_start_main_impl (/lib/libc.so.6+0x25549)
    #6 0x804928b in _start (/home/vagrant/systemd/build/fuzz-bus-message+0x804928b)

0xf4900780 is located 0 bytes to the right of 16-byte region [0xf4900770,0xf4900780)
allocated by thread T0 here:
    #0 0xf7abb39b in malloc (/lib/libasan.so.6+0xb239b)
    #1 0xf744cf1f in memdup ../src/basic/alloc-util.c:16
    #2 0x8049723 in LLVMFuzzerTestOneInput ../src/libsystemd/sd-bus/fuzz-bus-message.c:28
    #3 0x804a0ba in main ../src/fuzz/fuzz-main.c:50
    #4 0xf6f1f468 in __libc_start_call_main (/lib/libc.so.6+0x25468)
```
  • Loading branch information
@evverx
evverx committed Jan 11, 2022
1 parent 647082c commit 0957396
Showing 1 changed file with 0 additions and 0 deletions.
Binary file added test/fuzz/fuzz-bus-message/minimized-from-103b4d6749a442013d1dbc7cba39f1e6ff5c21b7
View file
Binary file not shown.

0 comments on commit 0957396

Please sign in to comment.