patch 9.1.1683: xxd: Avoid null dereference in autoskip colorless
Commit:
https://github.com/vim/vim/commit/b922b30cfe4c044c83bac3cc908084ed20a83598
Author: Joakim Nohlgård <joa...@nohlgard.se>
Date: Sun Aug 24 12:36:44 2025 +0200
patch 9.1.1683: xxd: Avoid null dereference in autoskip colorless
Problem: xxd: Avoid null dereference in autoskip colorless
Solution: Verify that colors is not null (Joakim Nohlgård)
Fixes bug introduced in 6897f18ee6e5bb78b32c97616e484030fd514750
(v9.1.1459) which does a memcpy from NULL when color=never and the
autoskip option is used.
Before:
dd if=/dev/zero bs=100 count=1 status=none | xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
Segmentation fault (core dumped)
After:
dd if=/dev/zero bs=100 count=1 status=none | ./xxd/xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
*
00000060: 0000 0000 ....
closes: #18008
Signed-off-by: Joakim Nohlgård <joa...@nohlgard.se>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/testdir/test_xxd.vim b/src/testdir/test_xxd.vim
index 477af7a54..b98988157 100644
--- a/src/testdir/test_xxd.vim
+++ b/src/testdir/test_xxd.vim
@@ -701,4 +701,28 @@ func Test_xxd_overflow()
call assert_equal(expected, getline(1, 5))
bw!
endfunc
+
+" this caused a NULL derefence
+func Test_xxd_null_dereference()
+ CheckUnix
+ CheckExecutable /bin/true
+ new
+ " we are only checking, that there are addresses in the first 5 lines
+ let expected = [
+ \ '00000000: ',
+ \ '00000010: ',
+ \ '00000020: ',
+ \ '00000030: ',
+ \ '00000040: ']
+ exe "0r! " s:xxd_cmd "-a -R never /bin/true 2>&1"
+ " there should be more than 6 lines
+ call assert_true(line('$') > 5)
+ " there should not be an ASAN error message
+ call getline(1, '$')->join('
')->assert_notmatch('runtime error')
+ 6,$d
+ %s/^\x\+: \zs.*//g
+ call assert_equal(expected, getline(1, 5))
+ bw!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index 5ac3db391..4f3912aed 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1683,
/**/
1682,
/**/
diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c
index 0c70b5a95..b46cee41f 100644
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -70,6 +70,7 @@
* 15.06.2025 improve color code logic
* 08.08.2025 fix overflow with bitwise output
* 20.08.2025 remove external library call for autoconversion on z/OS (MVS)
+ * 24.08.2025 avoid NULL dereference with autoskip colorless
*
* (c) 1990-1998 by Juergen Weigert (jnwei...@gmail.com)
*
@@ -150,7 +151,7 @@ extern void perror __P((char *));
# endif
#endif
-char version[] = "xxd 2025-08-20 by Juergen Weigert et al.";
+char version[] = "xxd 2025-08-24 by Juergen Weigert et al.";
#ifdef WIN32
char osver[] = " (Win32)";
#else
@@ -599,7 +600,10 @@ xxdline(FILE *fp, char *l, char *colors, int nz)
if (!nz && zero_seen == 1)
{
strcpy(z, l);
- memcpy(z_colors, colors, strlen(z));
+ if (colors)
+ {
+ memcpy(z_colors, colors, strlen(z));
+ }
}
if (nz || !zero_seen++)
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1uq8Dg-00Gi0S-5q%40256bit.org.
