mirror of
https://github.com/vim/vim.git
synced 2025-10-24 08:54:47 -04:00
patch 9.1.1683: xxd: Avoid null dereference in autoskip colorless
Problem: xxd: Avoid null dereference in autoskip colorless
Solution: Verify that colors is not null (Joakim Nohlgård)
Fixes bug introduced in 6897f18ee6
(v9.1.1459) which does a memcpy from NULL when color=never and the
autoskip option is used.
Before:
dd if=/dev/zero bs=100 count=1 status=none | xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
Segmentation fault (core dumped)
After:
dd if=/dev/zero bs=100 count=1 status=none | ./xxd/xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
*
00000060: 0000 0000 ....
closes: #18008
Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se>
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Joakim Nohlgård
committed by
Christian Brabandt
Christian Brabandt
parent
99964e2ea7
commit
b922b30cfe
@@ -701,4 +701,28 @@ func Test_xxd_overflow()
|
|||||||
call assert_equal(expected, getline(1, 5))
|
call assert_equal(expected, getline(1, 5))
|
||||||
bw!
|
bw!
|
||||||
endfunc
|
endfunc
|
||||||
|
|
||||||
|
" this caused a NULL derefence
|
||||||
|
func Test_xxd_null_dereference()
|
||||||
|
CheckUnix
|
||||||
|
CheckExecutable /bin/true
|
||||||
|
new
|
||||||
|
" we are only checking, that there are addresses in the first 5 lines
|
||||||
|
let expected = [
|
||||||
|
\ '00000000: ',
|
||||||
|
\ '00000010: ',
|
||||||
|
\ '00000020: ',
|
||||||
|
\ '00000030: ',
|
||||||
|
\ '00000040: ']
|
||||||
|
exe "0r! " s:xxd_cmd "-a -R never /bin/true 2>&1"
|
||||||
|
" there should be more than 6 lines
|
||||||
|
call assert_true(line('$') > 5)
|
||||||
|
" there should not be an ASAN error message
|
||||||
|
call getline(1, '$')->join('\n')->assert_notmatch('runtime error')
|
||||||
|
6,$d
|
||||||
|
%s/^\x\+: \zs.*//g
|
||||||
|
call assert_equal(expected, getline(1, 5))
|
||||||
|
bw!
|
||||||
|
endfunc
|
||||||
|
|
||||||
" vim: shiftwidth=2 sts=2 expandtab
|
" vim: shiftwidth=2 sts=2 expandtab
|
||||||
|
|||||||
@@ -724,6 +724,8 @@ static char *(features[]) =
|
|||||||
|
|
||||||
static int included_patches[] =
|
static int included_patches[] =
|
||||||
{ /* Add new patch number below this line */
|
{ /* Add new patch number below this line */
|
||||||
|
/**/
|
||||||
|
1683,
|
||||||
/**/
|
/**/
|
||||||
1682,
|
1682,
|
||||||
/**/
|
/**/
|
||||||
|
|||||||
@@ -70,6 +70,7 @@
|
|||||||
* 15.06.2025 improve color code logic
|
* 15.06.2025 improve color code logic
|
||||||
* 08.08.2025 fix overflow with bitwise output
|
* 08.08.2025 fix overflow with bitwise output
|
||||||
* 20.08.2025 remove external library call for autoconversion on z/OS (MVS)
|
* 20.08.2025 remove external library call for autoconversion on z/OS (MVS)
|
||||||
|
* 24.08.2025 avoid NULL dereference with autoskip colorless
|
||||||
*
|
*
|
||||||
* (c) 1990-1998 by Juergen Weigert (jnweiger@gmail.com)
|
* (c) 1990-1998 by Juergen Weigert (jnweiger@gmail.com)
|
||||||
*
|
*
|
||||||
@@ -150,7 +151,7 @@ extern void perror __P((char *));
|
|||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
char version[] = "xxd 2025-08-20 by Juergen Weigert et al.";
|
char version[] = "xxd 2025-08-24 by Juergen Weigert et al.";
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
char osver[] = " (Win32)";
|
char osver[] = " (Win32)";
|
||||||
#else
|
#else
|
||||||
@@ -599,7 +600,10 @@ xxdline(FILE *fp, char *l, char *colors, int nz)
|
|||||||
if (!nz && zero_seen == 1)
|
if (!nz && zero_seen == 1)
|
||||||
{
|
{
|
||||||
strcpy(z, l);
|
strcpy(z, l);
|
||||||
memcpy(z_colors, colors, strlen(z));
|
if (colors)
|
||||||
|
{
|
||||||
|
memcpy(z_colors, colors, strlen(z));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (nz || !zero_seen++)
|
if (nz || !zero_seen++)
|
||||||
|
|||||||
Reference in New Issue
Block a user