Skip to content

broadband-modem-mbim: ensure message array contains valid PDUs

When reading SMS PDUs during initialization or upon a notification of a new PDU arriving, we should ensure that the array of messages returned is of type PDU, otherwise we could be dereferencing invalid memory.

This is trying to fix crashes like the following:

0x000059502b7ebaa2(ModemManager -mm-broadband-modem-mbim.c:7816)add_sms_part
0x000059502b7f5cf5(ModemManager -mm-broadband-modem-mbim.c:7849)sms_read_query_ready
0x000079e48edb36d3(libgio-2.0.so.0 -gtask.c:1230)g_task_return_now
0x000079e48edb2732(libgio-2.0.so.0 -gtask.c:1300)g_task_return
0x000079e48ee64ce5(libmbim-glib.so.4 -mbim-device.c:240)transaction_task_complete_and_free
0x000079e48ee6665f(libmbim-glib.so.4 -mbim-device.c:1017)data_available
0x000079e48ec65463(libglib-2.0.so.0 -gmain.c:3417)g_main_context_dispatch
0x000079e48ec6576e(libglib-2.0.so.0 -gmain.c:4211)g_main_context_iterate
0x000079e48ec659e2(libglib-2.0.so.0 -gmain.c:4411)g_main_loop_run
0x000059502b7796b1(ModemManager -main.c:217)main
0x000079e48e9f77a7(libc.so.6 + 0x000227a7)__libc_start_main
0x000059502b7794b9(ModemManager + 0x0005f4b9)_start
0x00007ffef825c6a7

Merge request reports

Loading