patch 9.1.0912: xxd: integer overflow with sparse files and -autoskip
Commit:
https://github.com/vim/vim/commit/6e6aff0f7ad2a2c9033724738e66dfdbb9e4c2ec
Author: sendittothenewts <ross....@gmail.com>
Date: Sat Dec 7 16:27:22 2024 +0100
patch 9.1.0912: xxd: integer overflow with sparse files and -autoskip
Problem: xxd: integer overflow with sparse files and -autoskip
Solution: reset zero_seen when at the limit, change the type to char
(sendittothenewts)
When encountering INT_MAX lines of zeros in the input, xxd overflows an
`int` counter, resulting in undefined behaviour. Usually, this results
in a spurious line of zeros being output every 2**32 lines, while the
"*" line is lost, as is the final line of zeros that delineate the file
size if at end of file.
Since xxd doesn't need to know exactly how many lines are being skipped
when it's > 3, the exact value of the line counter `zero_seen` doesn't
matter and it can simply be reduced in value before the overflow occurs.
Changing the type of `zero_seen` to `signed char` is not important, and
done only to make the bug triggerable with more modest file sizes, and
therefore more convenient to test the fix.
fixes: #16170
closes: #16175
Signed-off-by: sendittothenewts <ross....@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/version.c b/src/version.c
index 81ebbae3e..6dc9a47ec 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 912,
/**/
911,
/**/
diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c
index c22288545..9031d713d 100644
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -66,6 +66,7 @@
* 10.09.2024 Support -b and -i together, #15661
* 19.10.2024 -e did add an extra space #15899
* 11.11.2024 improve end-of-options argument parser #9285
+ * 07.12.2024 fix overflow with xxd --autoskip and large sparse files #16175
*
* (c) 1990-1998 by Juergen Weigert (jnwei...@gmail.com)
*
@@ -146,7 +147,7 @@ extern void perror __P((char *));
# endif
#endif
-char version[] = "xxd 2024-11-11 by Juergen Weigert et al.";
+char version[] = "xxd 2024-12-07 by Juergen Weigert et al.";
#ifdef WIN32
char osver[] = " (Win32)";
#else
@@ -515,7 +516,7 @@ huntype(
}
/*
- * Print line l. If nz is false, xxdline regards the line a line of
+ * Print line l. If nz is false, xxdline regards the line as a line of
* zeroes. If there are three or more consecutive lines of zeroes,
* they are replaced by a single '*' character.
*
@@ -530,7 +531,7 @@ huntype(
xxdline(FILE *fp, char *l, int nz)
{
static char z[LLEN+1];
- static int zero_seen = 0;
+ static signed char zero_seen = 0;
if (!nz && zero_seen == 1)
strcpy(z, l);
@@ -551,6 +552,11 @@ xxdline(FILE *fp, char *l, int nz)
if (nz)
zero_seen = 0;
}
+
+ /* If zero_seen > 3, then its exact value doesn't matter, so long as it
+ * remains >3 and incrementing it will not cause overflow. */
+ if (zero_seen >= 0x7F)
+ zero_seen = 4;
}
/* This is an EBCDIC to ASCII conversion table */
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1tJwzO-00FFE1-TM%40256bit.org.
