patch 9.1.1683: xxd: Avoid null dereference in autoskip colorless

Problem: xxd: Avoid null dereference in autoskip colorless Solution: Verify that colors is not null (Joakim Nohlgård) Fixes bug introduced in 6897f18ee6 (v9.1.1459) which does a memcpy from NULL when color=never and the autoskip option is used. Before: dd if=/dev/zero bs=100 count=1 status=none | xxd -a -R never 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ Segmentation fault (core dumped) After: dd if=/dev/zero bs=100 count=1 status=none | ./xxd/xxd -a -R never 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ * 00000060: 0000 0000 .... closes: #18008 Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se> Signed-off-by: Christian Brabandt <cb@256bit.org>
2025-10-23 08:44:20 -04:00 · 2025-08-24 12:36:44 +02:00
parent 99964e2ea7
commit b922b30cfe
3 changed files with 32 additions and 2 deletions
--- a/src/testdir/test_xxd.vim
+++ b/src/testdir/test_xxd.vim
@@ -701,4 +701,28 @@ func Test_xxd_overflow()
  call assert_equal(expected, getline(1, 5))
  bw!
 endfunc
+
+" this caused a NULL derefence
+func Test_xxd_null_dereference()
+  CheckUnix
+  CheckExecutable /bin/true
+  new
+  " we are only checking, that there are addresses in the first 5 lines
+  let expected = [
+        \ '00000000: ',
+        \ '00000010: ',
+        \ '00000020: ',
+        \ '00000030: ',
+        \ '00000040: ']
+  exe "0r! " s:xxd_cmd "-a -R never /bin/true 2>&1"
+  " there should be more than 6 lines
+  call assert_true(line('$') > 5)
+  " there should not be an ASAN error message
+  call getline(1, '$')->join('\n')->assert_notmatch('runtime error')
+  6,$d
+  %s/^\x\+: \zs.*//g
+  call assert_equal(expected, getline(1, 5))
+  bw!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab