Google Git
Sign in
chromium / chromiumos / third_party / libmbim / refs/heads/release-R117-15572.B
commit623d6bf0df63b57b2c466677140aadb705c67cc5[log] [tgz]
authorAleksander Morgado <aleksandermj@chromium.org>Fri Jun 30 09:51:17 2023
committerChromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Jul 03 06:49:08 2023
treee974130d07b3bb33a26e40c14212e7bed08d30f8
parent3aea3445b36b6fc80d04fc0e7ef2dba23ce71f12 [diff]
UPSTREAM: libmbim-glib,message: fix leak when processing string array is aborted

We must define the GPtrArray with a valid GDestroyFunc for its
elements, so that if we abort reading the string array due to a bug in
one of its elements, we fully cleanup the GPtrArray and its temporary
contents.

  Direct leak of 1 byte(s) in 1 object(s) allocated from:
      #0 0x566dc312fb8e in malloc
      #1 0x7ab42f23ac00 in try_malloc_n /build/amd64-generic/tmp/portage/dev-libs/glib-2.74.1-r1/work/glib-2.74.1/glib/gutf8.c:831:20
      #2 0x7ab42f23b23e in g_utf16_to_utf8 /build/amd64-generic/tmp/portage/dev-libs/glib-2.74.1-r1/work/glib-2.74.1/glib/gutf8.c:1108:12
      #3 0x566dc3160ebc in _mbim_message_read_string /build/amd64-generic/tmp/portage/net-libs/libmbim-1.29.7-r109/work/libmbim-1.29.7/src/libmbim-glib/mbim-message.c:608:16
      #4 0x566dc3161203 in _mbim_message_read_string_array /build/amd64-generic/tmp/portage/net-libs/libmbim-1.29.7-r109/work/libmbim-1.29.7/src/libmbim-glib/mbim-message.c:664:14
      #5 0x566dc31a65bd in mbim_message_subscriber_ready_status_notification_get_printable /build/amd64-generic/tmp/portage/net-libs/libmbim-1.29.7-r109/work/libmbim-1.29.7-build/src/libmbim-glib/generated/mbim-basic-connect.c:3535:14
      #6 0x566dc3169111 in mbim_message_get_printable_full /build/amd64-generic/tmp/portage/net-libs/libmbim-1.29.7-r109/work/libmbim-1.29.7/src/libmbim-glib/mbim-message.c:0
      #7 0x566dc315f0b5 in LLVMFuzzerTestOneInput /build/amd64-generic/tmp/portage/net-libs/libmbim-1.29.7-r109/work/libmbim-1.29.7/src/libmbim-glib/test/test-message-fuzzer.c:31:17
      #8 0x566dc3063020 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)
      #9 0x566dc304d890 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long)
      #10 0x566dc3052d54 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))
      #11 0x566dc307e3b2 in main
      #12 0x7ab42e81b6c5 in __libc_start_call_main
      #13 0x7ab42e81b781 in __libc_start_main_impl
      #14 0x566dc3044c80 in _start

Fixes d39f942f7fb29ca8040bb3b3b4e09d60a1ce34cb

(cherry picked from commit c6728b8e34d828e0c9a11eeb46a5f6e369fc5dd5)

BUG=b:289451093
TEST=Manually run fuzzer reproducer.
  (cr) $ setup_board --board=amd64-generic --force
  (cr) $ cros_workon --board=amd64-generic start libmbim
  (cr) $ build_packages --board=amd64-generic --skip_chroot_upgrade --nousepkg libmbim
  (cr) $ cros_fuzz \
      --board=amd64-generic \
      reproduce \
      --testcase ~/chromiumos/chroot/build/amd64-generic/tmp/clusterfuzz-testcase-minimized \
      --fuzzer /usr/libexec/fuzzers/test-mbim-message-fuzzer \
      --package libmbim \
      --build-type

Change-Id: I29c09010e130ba2a70346d525b3233a420ca57ba
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/libmbim/+/4660989
Tested-by: Aleksander Morgado <aleksandermj@google.com>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
Commit-Queue: Aleksander Morgado <aleksandermj@google.com>
Reviewed-by: Nagi Marupaka <nmarupaka@google.com>
Auto-Submit: Aleksander Morgado <aleksandermj@google.com>
1 file changed
tree: e974130d07b3bb33a26e40c14212e7bed08d30f8
  1. build-aux/
  2. data/
  3. docs/
  4. examples/
  5. LICENSES/
  6. src/
  7. utils/
  8. .gitignore
  9. .gitlab-ci.yml
  10. AUTHORS
  11. DIR_METADATA
  12. meson.build
  13. meson_options.txt
  14. NEWS
  15. OWNERS
  16. PRESUBMIT.cfg
  17. README.chromium
  18. README.md
  19. RELEASING
  20. unblocked_terms.txt
README.md

libmbim

libmbim is a glib-based library for talking to WWAN modems and devices which speak the Mobile Broadband Interface Model (MBIM) protocol.

Documentation

Project documentation is kept in: https://modemmanager.org/docs/libmbim/

License

  • libmbim-glib library is released under the LGPL-2.1-or-later license.
  • mbimcli and mbim-network tools are released under the GPL-2.0-or-later license.

License texts can be found under the LICENSES folder.

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms, which you can find in the following link: https://www.freedesktop.org/wiki/CodeOfConduct CoC issues may be raised to the project maintainers at the following address: libmbim-devel-owner@lists.freedesktop.org