Skip to content

libqmi-glib,message: check message header size before accessing it

Reported by asan during fuzzing:

  ==1==WARNING: MemorySanitizer: use-of-uninitialized-value
  0x7f4261ef6c57 in message_check /build/amd64-generic/tmp/portage/net-libs/libqmi-1.32.0-r125/work/libqmi-1.32.0/src/libqmi-glib/qmi-message.c:331:9
  0x7f4261f00b9f in qmi_message_new_from_raw /build/amd64-generic/tmp/portage/net-libs/libqmi-1.32.0-r125/work/libqmi-1.32.0/src/libqmi-glib/qmi-message.c:1527:10
  0x557c9f672e6d in LLVMFuzzerTestOneInput /build/amd64-generic/tmp/portage/net-libs/libqmi-1.32.0-r125/work/libqmi-1.32.0/src/libqmi-glib/test/test-message-fuzzer.c:26:15
  0x557c9f5c1792 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
  0x557c9f5ad8a3 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)
  0x557c9f5b2b64 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))
  0x557c9f5da4f2 in main
  0x7f42617686c5 in __libc_start_call_main
  0x7f4261768781 in __libc_start_main_impl
  0x557c9f5a4940 in _start
Edited by Aleksander Morgado

Merge request reports

Loading