diff options
| author | Aleksander Morgado <aleksandermj@chromium.org> | 2023-03-30 19:41:02 +0000 |
|---|---|---|
| committer | Aleksander Morgado <aleksandermj@chromium.org> | 2023-03-30 20:32:37 +0000 |
| commit | bc2aeeb7bd059aa1ee9e6457a53204416c33efd8 (patch) | |
| tree | a17f02eea34a47e71368ad44e4772138b17e7831 /src/tests/test-sms-part-3gpp.c | |
| parent | 5d64ea763333813983c6f9f56ec4d07904411c37 (diff) | |
sms-part-3gpp: fix invalid memory read parsing address
[debug] parsing PDU (0)...
[debug] no SMSC address given
[debug] status report type PDU detected
[debug] message reference: 191
[debug] address size: 0 digits (0 bytes)
==78906== Command: ./build/test/mmsmspdu --pdu=000ABF00 --verbose
==78906==
==78906== Invalid read of size 1
==78906== at 0x10AA80: sms_decode_address (mm-sms-part-3gpp.c:132)
==78906== by 0x10AF7C: mm_sms_part_3gpp_new_from_binary_pdu (mm-sms-part-3gpp.c:507)
==78906== by 0x10BE17: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:368)
==78906== by 0x10A44D: main (mmsmspdu.c:202)
==78906== Address 0x5199874 is 0 bytes after a block of size 4 alloc'd
==78906== at 0x48455EF: calloc (vg_replace_malloc.c:1328)
==78906== by 0x49DF6C0: g_malloc0 (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7400.2)
==78906== by 0x48ABD24: mm_utils_hexstr2bin (mm-common-helpers.c:1884)
==78906== by 0x10BDF6: mm_sms_part_3gpp_new_from_pdu (mm-sms-part-3gpp.c:362)
==78906== by 0x10A44D: main (mmsmspdu.c:202)
Diffstat (limited to 'src/tests/test-sms-part-3gpp.c')
| -rw-r--r-- | src/tests/test-sms-part-3gpp.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/tests/test-sms-part-3gpp.c b/src/tests/test-sms-part-3gpp.c index e4483240..d6573b13 100644 --- a/src/tests/test-sms-part-3gpp.c +++ b/src/tests/test-sms-part-3gpp.c @@ -441,6 +441,14 @@ test_pdu_insufficient_data (void) common_test_invalid_pdu (pdu, G_N_ELEMENTS (pdu)); } +static void +test_pdu_no_address (void) +{ + static const guint8 pdu[] = { 0x00, 0x0A, 0xBF, 0x00 }; + + common_test_invalid_pdu (pdu, G_N_ELEMENTS (pdu)); +} + /********************* SMS ADDRESS ENCODER TESTS *********************/ static void @@ -737,6 +745,7 @@ int main (int argc, char **argv) g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-stored-by-us", test_pdu_stored_by_us); g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-not-stored", test_pdu_not_stored); g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-insufficient-data", test_pdu_insufficient_data); + g_test_add_func ("/MM/SMS/3GPP/PDU-Parser/pdu-no-address", test_pdu_no_address); g_test_add_func ("/MM/SMS/3GPP/Address-Encoder/smsc-intl", test_address_encode_smsc_intl); g_test_add_func ("/MM/SMS/3GPP/Address-Encoder/smsc-unknown", test_address_encode_smsc_unknown); |