diff options
author | Lennard Hofmann <lennard.hofmann@web.de> | 2024-05-10 14:17:26 +0200 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2024-05-10 14:41:18 +0200 |
commit | 67797191e039196128c69ba1538ccaf2a4711323 (patch) | |
tree | ca26c9474f4cf8743173cc23b99bf19bd8a475e0 /runtime/doc/xxd.1 | |
parent | 8c35c26c1f68950a75a1a93339410244fec23afc (diff) |
patch 9.1.0404: [security] xxd: buffer-overflow with specific flagsv9.1.0404
Problem: [security] xxd: buffer-overflow with specific flags
Solution: Correctly calculate the required buffer space
(Lennard Hofmann)
xxd writes each output line into a global buffer before printing.
The maximum size of that buffer was not calculated correctly.
This command was crashing in AddressSanitizer:
$ xxd -Ralways -g1 -c256 -d -o 9223372036854775808 /etc/passwd
This prints a line of 6680 bytes but the buffer only had room for 6549 bytes.
If the output from "-b" was colored, the line could be even longer.
closes: #14738
Co-authored-by: K.Takata <kentkt@csc.jp>
Signed-off-by: Lennard Hofmann <lennard.hofmann@web.de>
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'runtime/doc/xxd.1')
-rw-r--r-- | runtime/doc/xxd.1 | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/runtime/doc/xxd.1 b/runtime/doc/xxd.1 index f5a7c65893..c76f89bb65 100644 --- a/runtime/doc/xxd.1 +++ b/runtime/doc/xxd.1 @@ -75,6 +75,9 @@ No maximum for \-ps. With \-ps, 0 results in one long line of output. .IR \-C " | " \-capitalize Capitalize variable names in C include file style, when using \-i. .TP +.I \-d +show offset in decimal instead of hex. +.TP .IR \-E " | " \-EBCDIC Change the character encoding in the righthand column from ASCII to EBCDIC. This does not change the hexadecimal representation. The option is @@ -138,12 +141,12 @@ anywhere. Use the combination to read a bits dump instead of a hex dump. .TP .IR \-R " " when -In output the hex-value and the value are both colored with the same color +In the output the hex-value and the value are both colored with the same color depending on the hex-value. Mostly helping to differentiate printable and non-printable characters. .I \fIwhen\fP is -.BR never ", " always ", or " auto . +.BR never ", " always ", or " auto " (default: auto). When the .BR $NO_COLOR environment variable is set, colorization will be disabled. |