Date: Sat, 13 Apr 2019 15:50:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237263] [patch] hexdump(1) crashes on invalid format strings without a conversion character after "%" Message-ID: <bug-237263-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237263 Bug ID: 237263 Summary: [patch] hexdump(1) crashes on invalid format strings without a conversion character after "%" Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: bojan_petrovic@fastmail.fm Created attachment 203645 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=203645&action=edit hexdump patch fixing missing conversion char crashes Hexdump can segfault if format contains a '%' at the end, without a conversion specifier. Examples: hexdump -e '"%"' hexdump -e '4/2 "%"' hexdump -e '"%53"' I believe this happens because the behavior of "strchr" on '\0' is not handled when a conversion specifier is scanned: "The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator." I've attached a possible fix (with a test) which treats missing conversion characters as a format errors. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237263-227>