patch 9.1.1616: xxd: possible buffer overflow with bitwise output
Commit:
https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0
Author: Christian Brabandt <c...@256bit.org>
Date: Sun Aug 10 00:06:51 2025 +0200
patch 9.1.1616: xxd: possible buffer overflow with bitwise output
Problem: xxd: possible buffer overflow with bitwise output
(after v9.1.1459, Xudong Cao)
Solution: Update LLEN_NO_COLOR macro definition for the max line output
(using bitwise output -b)
fixes: #17944
closes: #17947
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_xxd.vim b/src/testdir/test_xxd.vim
index 79fc9bf10..477af7a54 100644
--- a/src/testdir/test_xxd.vim
+++ b/src/testdir/test_xxd.vim
@@ -680,4 +680,25 @@ func Test_xxd_color2()
call delete('XXDfile_colors')
unlet! $PS1
endfunc
+
+" this caused a buffer overflow
+func Test_xxd_overflow()
+ CheckUnix
+ CheckExecutable /bin/true
+ new
+ " we are only checking, that there are addresses in the first 5 lines
+ let expected = [
+ \ '00000000: ',
+ \ '00000080: ',
+ \ '00000100: ',
+ \ '00000180: ',
+ \ '00000200: ']
+ exe "0r! " s:xxd_cmd "-b -E -c 128 -g 256 /bin/true 2>&1"
+ " there should not be an ASAN error message
+ call getline(1, '$')->join('
')->assert_notmatch('runtime error')
+ 6,$d
+ %s/^\x\+: \zs.*//g
+ call assert_equal(expected, getline(1, 5))
+ bw!
+endfunc
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 4792ff1bd..947bda8f1 100644
--- a/src/version.c
+++ b/src/version.c
@@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1616,
/**/
1615,
/**/
diff --git a/src/xxd/Makefile b/src/xxd/Makefile
index 5937f1374..1a6ca5fb2 100644
--- a/src/xxd/Makefile
+++ b/src/xxd/Makefile
@@ -1,7 +1,9 @@
# The most simplistic Makefile
+# SANITIZER_CFLAGS=-g -O0 -fsanitize-recover=all -fsanitize=address
-fsanitize=undefined -fno-omit-frame-pointer
+
xxd: xxd.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DUNIX -o xxd xxd.c $(LIBS)
+ $(CC) $(SANITIZER_CFLAGS) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DUNIX -o
xxd xxd.c $(LIBS)
clean:
rm -f xxd xxd.o
diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c
index 3e7c54b42..36a5a88ec 100644
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -148,7 +148,7 @@ extern void perror __P((char *));
# endif
#endif
-char version[] = "xxd 2025-06-15 by Juergen Weigert et al.";
+char version[] = "xxd 2025-08-08 by Juergen Weigert et al.";
#ifdef WIN32
char osver[] = " (Win32)";
#else
@@ -228,10 +228,9 @@ char osver[] = "";
#define LLEN_NO_COLOR \
(39 /* addr: ⌈log10(ULONG_MAX)⌉ if "-d" flag given. We assume
ULONG_MAX = 2**128 */ \
+ 2 /* ": " */ \
- + 2 * COLS /* hex dump */ \
- + (COLS - 1) /* whitespace between groups if "-g1" option given and "-c"
maxed out */ \
+ + 9 * COLS /* hex dump, worst case: bitwise output using -b */ \
+ 2 /* whitespace */ \
- + COLS /* ASCII dump */ \
+ + COLS /* ASCII dump */ \
+ 2) /* "
char hexxa[] = "0123456789abcdef0123456789ABCDEF", *hexx = hexxa;
@@ -1182,9 +1181,7 @@ main(int argc, char *argv[])
c += addrlen + 3 + p;
if (color)
- {
colors[c] = cur_color;
- }
l[c++] =
#if defined(__MVS__) && __CHARSET_LIB == 0
(e >= 64)
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1ukrqC-005Ds2-Si%40256bit.org.
