bus-message: fix calculation of offsets table

The offsets specify the ends of variable length data. We would trust the incoming data, putting the offsets specified in our message into the offsets tables after doing some superficial verification. But when actually reading the data we apply alignment, so we would take the previous offset, align it, making it bigger then current offset, and then we'd try to read data of negative length. In the attached example, the message specifies the following offsets: [1, 4] but the alignment of those items is [1, 8] so we'd calculate the second item as starting at 8 and ending at 4.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-08-02 14:25:11 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2018-10-02 11:53:20 +0200
commit: 12603b84d2fb07603e2ea94b240c6b78ad17510e (patch)
tree: 86f6b09fac23182c25fb84355d573a5d88d27b40 /test/fuzz
parent: e8fd7e4b5b5269377efc641a7da43850822c1250 (diff)
download: systemd-12603b84d2fb07603e2ea94b240c6b78ad17510e.tar.gz
1 files changed, 0 insertions, 0 deletions
diff --git a/test/fuzz/fuzz-bus-message/crash-e1b811da5ca494e494b77c6bd8e1c2f2989425c5 b/test/fuzz/fuzz-bus-message/crash-e1b811da5ca494e494b77c6bd8e1c2f2989425c5
new file mode 100644
index 0000000000..9d3fa0035f
--- /dev/null
+++ b/test/fuzz/fuzz-bus-message/crash-e1b811da5ca494e494b77c6bd8e1c2f2989425c5
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-08-02 14:25:11 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2018-10-02 11:53:20 +0200
commit	12603b84d2fb07603e2ea94b240c6b78ad17510e (patch)
tree	86f6b09fac23182c25fb84355d573a5d88d27b40 /test/fuzz
parent	e8fd7e4b5b5269377efc641a7da43850822c1250 (diff)
download	systemd-12603b84d2fb07603e2ea94b240c6b78ad17510e.tar.gz