Bug#452789: xxd segfaults with large values for -c
On Thu, Nov 29, 2007 at 09:19:10PM +0100, Bram Moolenaar wrote: > > James - > > > On Wed, Nov 28, 2007 at 09:19:46AM -0500, James Vega wrote: > > > On Tue, Nov 27, 2007 at 10:26:31PM +0100, Bram Moolenaar wrote: > > > > I'm not the maintainer of xxd, but since it's included with Vim I tried > > > > fixing it anyway. Please try the patch below and check that it fixes > > > > the problem for you. > > > > > > That does work. Thanks. > > > > Actually, I was incorrect. I still see crashes when using values larger > > than 140 for -c. The following was from running > > "xxd -b -c 145 /usr/bin/xxd". > > Hmm, I still underestimated the size of the array needed for the bitwise > display. Try this new diff: Yeah, that one does work for the entire range of valid values. Thanks. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#452789: xxd segfaults with large values for -c
James -
> On Wed, Nov 28, 2007 at 09:19:46AM -0500, James Vega wrote:
> > On Tue, Nov 27, 2007 at 10:26:31PM +0100, Bram Moolenaar wrote:
> > > I'm not the maintainer of xxd, but since it's included with Vim I tried
> > > fixing it anyway. Please try the patch below and check that it fixes
> > > the problem for you.
> >
> > That does work. Thanks.
>
> Actually, I was incorrect. I still see crashes when using values larger
> than 140 for -c. The following was from running
> "xxd -b -c 145 /usr/bin/xxd".
Hmm, I still underestimated the size of the array needed for the bitwise
display. Try this new diff:
*** ../vim-7.1.163/src/xxd/xxd.cThu May 10 19:07:42 2007
--- src/xxd/xxd.c Thu Nov 29 21:05:16 2007
***
*** 212,218
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (9 + (5*COLS-1)/2 + 2 + COLS)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
--- 212,218
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (11 + (9*COLS-1)/1 + COLS + 2)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
***
*** 590,596
default:octspergrp = 0; break;
}
! if (cols < 1 || (!hextype && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname,
COLS);
exit(1);
--- 590,597
default:octspergrp = 0; break;
}
! if (cols < 1 || ((hextype == HEX_NORMAL || hextype == HEX_BITS)
! && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname,
COLS);
exit(1);
***
*** 750,755
--- 751,757
}
if (ebcdic)
e = (e < 64) ? '.' : etoa64[e-64];
+ /* When changing this update definition of LLEN above. */
l[11 + (grplen * cols - 1)/octspergrp + p] =
#ifdef __MVS__
(e >= 64)
--
hundred-and-one symptoms of being an internet addict:
160. You get in the elevator and double-click the button for the floor
you want.
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\download, build and distribute -- http://www.A-A-P.org///
\\\help me help AIDS victims -- http://ICCF-Holland.org///
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#452789: xxd segfaults with large values for -c
On Wed, Nov 28, 2007 at 09:19:46AM -0500, James Vega wrote: > On Tue, Nov 27, 2007 at 10:26:31PM +0100, Bram Moolenaar wrote: > > I'm not the maintainer of xxd, but since it's included with Vim I tried > > fixing it anyway. Please try the patch below and check that it fixes > > the problem for you. > > That does work. Thanks. Actually, I was incorrect. I still see crashes when using values larger than 140 for -c. The following was from running "xxd -b -c 145 /usr/bin/xxd". Program received signal SIGSEGV, Segmentation fault. 0xb7e4fdfd in getc () from /lib/i686/cmov/libc.so.6 (gdb) bt #0 0xb7e4fdfd in getc () from /lib/i686/cmov/libc.so.6 #1 0x0804a0a8 in main (argc=2, argv=0xbff033d0) at xxd.c:732 #2 0xb7e04450 in __libc_start_main () from /lib/i686/cmov/libc.so.6 #3 0x08048851 in _start () (gdb) bt full #0 0xb7e4fdfd in getc () from /lib/i686/cmov/libc.so.6 No symbol table info available. #1 0x0804a0a8 in main (argc=2, argv=0xbff033d0) at xxd.c:732 fp = (FILE *) 0x804c02e fpo = (FILE *) 0xb7f374e0 c = 952 e = 19 p = 105 relseek = 1 negseek = 0 revert = 0 cols = 145 nonzero = 50 autoskip = 0 hextype = 3 ebcdic = 0 octspergrp = 1 grplen = 9 length = -1 n = 105 seekoff = 0 l = "000: 0111 01000101 01001100 01000110 0001 0001 0001 0010 0011 0001 00"... pname = 0xbff035ee "xxd" pp = 0xbff035fc "/usr/bin/xxd" #2 0xb7e04450 in __libc_start_main () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x08048851 in _start () No symbol table info available. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#452789: xxd segfaults with large values for -c
On Tue, Nov 27, 2007 at 10:26:31PM +0100, Bram Moolenaar wrote: > I'm not the maintainer of xxd, but since it's included with Vim I tried > fixing it anyway. Please try the patch below and check that it fixes > the problem for you. That does work. Thanks. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#452789: xxd segfaults with large values for -c
James -
> Large values for the -c option (approximately 100 or greater) cause xxd
> to segfault. Where the segfault occurs seems to vary based on how large the
> columns option is.
>
> I get this traceback when running "xxd -b -c 100 /usr/bin/xxd".
>
> Program terminated with signal 11, Segmentation fault.
> #0 0xb7e6ce0d in getc () from /lib/i686/cmov/libc.so.6
> (gdb) bt full
> #0 0xb7e4ce0d in getc () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #1 0x0804a0a2 in main (argc=2, argv=0xbfb6e3c0) at xxd.c:731
> fp = (FILE *) 0x2e04c008
> fpo = (FILE *) 0xb7f344e0
> c = 16
> e = 127
> p = 1
> relseek = 1
> negseek = 0
> revert = 0
> cols = 100
> nonzero = 1
> autoskip = 0
> hextype = 3
> ebcdic = 0
> octspergrp = 1
> grplen = 9
> length = -1
> n = 1
> seekoff = 0
> l = "000: 0111", ' '
> pname = 0xbfb6f984 "xxd"
> pp = 0xbfb6f992 "/usr/bin/xxd"
> #2 0xb7e01450 in __libc_start_main () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #3 0x08048851 in _start ()
> No symbol table info available.
>
> Yet when running "xxd -b -c 1000 /usr/bin/xxd" I get the following.
>
> Program terminated with signal 11, Segmentation fault.
> #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753
> 753 l[11 + (grplen * cols - 1)/octspergrp + p] =
> (gdb) bt full
> #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753
> fp = (FILE *) 0x804c008
> fpo = (FILE *) 0xb7f354e0
> c = 16
> e = 127
> p = 0
> relseek = 1
> negseek = 0
> revert = 0
> cols = 1000
> nonzero = 0
> autoskip = 0
> hextype = 3
> ebcdic = 0
> octspergrp = 1
> grplen = 9
> length = -1
> n = 0
> seekoff = 0
> l = "000: 0111", ' '
> pname = 0xbfc6b983 "xxd"
> pp = 0xbfc6b992 "/usr/bin/xxd"
> #1 0xb7e02450 in __libc_start_main () from /lib/i686/cmov/libc.so.6
> No symbol table info available.
> #2 0x08048851 in _start ()
> No symbol table info available.
>
> The above tracebacks were generated after building xxd with no
> optimizations.
I'm not the maintainer of xxd, but since it's included with Vim I tried
fixing it anyway. Please try the patch below and check that it fixes
the problem for you.
- Bram
*** ../vim-7.1.162/src/xxd/xxd.cThu May 10 19:07:42 2007
--- src/xxd/xxd.c Tue Nov 27 22:20:19 2007
***
*** 212,218
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (9 + (5*COLS-1)/2 + 2 + COLS)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
--- 212,218
#define TRY_SEEK /* attempt to use lseek, or skip forward by reading */
#define COLS 256 /* change here, if you ever need more columns */
! #define LLEN (9 + (9*COLS-1)/2 + 2 + COLS)
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
***
*** 590,596
default:octspergrp = 0; break;
}
! if (cols < 1 || (!hextype && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname,
COLS);
exit(1);
--- 590,597
default:octspergrp = 0; break;
}
! if (cols < 1 || ((hextype == HEX_NORMAL || hextype == HEX_BITS)
! && (cols > COLS)))
{
fprintf(stderr, "%s: invalid number of columns (max. %d).\n", pname,
COLS);
exit(1);
--
Although the scythe isn't pre-eminent among the weapons of war, anyone who
has been on the wrong end of, say, a peasants' revolt will know that in
skilled hands it is fearsome.
-- (Terry Pratchett, Mort)
/// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\
///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\download, build and distribute -- http://www.A-A-P.org///
\\\help me help AIDS victims -- http://ICCF-Holland.org///
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#452789: xxd segfaults with large values for -c
Bram, Large values for the -c option (approximately 100 or greater) cause xxd to segfault. Where the segfault occurs seems to vary based on how large the columns option is. I get this traceback when running "xxd -b -c 100 /usr/bin/xxd". Program terminated with signal 11, Segmentation fault. #0 0xb7e6ce0d in getc () from /lib/i686/cmov/libc.so.6 (gdb) bt full #0 0xb7e4ce0d in getc () from /lib/i686/cmov/libc.so.6 No symbol table info available. #1 0x0804a0a2 in main (argc=2, argv=0xbfb6e3c0) at xxd.c:731 fp = (FILE *) 0x2e04c008 fpo = (FILE *) 0xb7f344e0 c = 16 e = 127 p = 1 relseek = 1 negseek = 0 revert = 0 cols = 100 nonzero = 1 autoskip = 0 hextype = 3 ebcdic = 0 octspergrp = 1 grplen = 9 length = -1 n = 1 seekoff = 0 l = "000: 0111", ' ' pname = 0xbfb6f984 "xxd" pp = 0xbfb6f992 "/usr/bin/xxd" #2 0xb7e01450 in __libc_start_main () from /lib/i686/cmov/libc.so.6 No symbol table info available. #3 0x08048851 in _start () No symbol table info available. Yet when running "xxd -b -c 1000 /usr/bin/xxd" I get the following. Program terminated with signal 11, Segmentation fault. #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753 753 l[11 + (grplen * cols - 1)/octspergrp + p] = (gdb) bt full #0 0x08049feb in main (argc=2, argv=0xbfc6acb0) at xxd.c:753 fp = (FILE *) 0x804c008 fpo = (FILE *) 0xb7f354e0 c = 16 e = 127 p = 0 relseek = 1 negseek = 0 revert = 0 cols = 1000 nonzero = 0 autoskip = 0 hextype = 3 ebcdic = 0 octspergrp = 1 grplen = 9 length = -1 n = 0 seekoff = 0 l = "000: 0111", ' ' pname = 0xbfc6b983 "xxd" pp = 0xbfc6b992 "/usr/bin/xxd" #1 0xb7e02450 in __libc_start_main () from /lib/i686/cmov/libc.so.6 No symbol table info available. #2 0x08048851 in _start () No symbol table info available. The above tracebacks were generated after building xxd with no optimizations. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
