Date: Sat, 13 Apr 2019 15:50:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237263] [patch] hexdump(1) crashes on invalid format strings without a conversion character after "%" Message-ID: <bug-237263-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237263 Bug ID: 237263 Summary: [patch] hexdump(1) crashes on invalid format strings without a conversion character after "%" Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: bojan_petrovic@fastmail.fm Created attachment 203645 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D203645&action= =3Dedit hexdump patch fixing missing conversion char crashes Hexdump can segfault if format contains a '%' at the end, without a conversion specifier.=20 Examples: hexdump -e '"%"' hexdump -e '4/2 "%"' hexdump -e '"%53"' I believe this happens because the behavior of "strchr" on '\0' is not handled when a conversion specifier is scanned: "The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator." I've attached a possible fix (with a test) which treats missing conversion characters as a format errors. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237263-227>