60 lines
1.5 KiB
Diff
60 lines
1.5 KiB
Diff
From dfa1ad272528a92384adac523cf2f2949b767d8d Mon Sep 17 00:00:00 2001
|
|
From: Karel Zak <kzak@redhat.com>
|
|
Date: Tue, 27 Feb 2024 18:38:02 +0100
|
|
Subject: [PATCH] hexdump: check blocksize when display data
|
|
|
|
hexdump(1) stores input to buffer and apply format unit when prints
|
|
the output. The unit can move pointer which points to the buffer, but
|
|
code does not check for limits.
|
|
|
|
Fixes: https://github.com/util-linux/util-linux/issues/2806
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
---
|
|
text-utils/hexdump-display.c | 10 +++++++++-
|
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/text-utils/hexdump-display.c b/text-utils/hexdump-display.c
|
|
index bc92bd0ca..c865127c8 100644
|
|
--- a/text-utils/hexdump-display.c
|
|
+++ b/text-utils/hexdump-display.c
|
|
@@ -250,6 +250,8 @@ void display(struct hexdump *hex)
|
|
struct list_head *p, *q, *r;
|
|
|
|
while ((bp = get(hex)) != NULL) {
|
|
+ ssize_t rem = hex->blocksize;
|
|
+
|
|
fs = &hex->fshead; savebp = bp; saveaddress = address;
|
|
|
|
list_for_each(p, fs) {
|
|
@@ -263,7 +265,7 @@ void display(struct hexdump *hex)
|
|
|
|
cnt = fu->reps;
|
|
|
|
- while (cnt) {
|
|
+ while (cnt && rem >= 0) {
|
|
list_for_each(r, &fu->prlist) {
|
|
pr = list_entry(r, struct hexdump_pr, prlist);
|
|
|
|
@@ -280,12 +282,18 @@ void display(struct hexdump *hex)
|
|
print(pr, bp);
|
|
|
|
address += pr->bcnt;
|
|
+
|
|
+ rem -= pr->bcnt;
|
|
+ if (rem < 0)
|
|
+ break;
|
|
+
|
|
bp += pr->bcnt;
|
|
}
|
|
--cnt;
|
|
}
|
|
}
|
|
bp = savebp;
|
|
+ rem = hex->blocksize;
|
|
address = saveaddress;
|
|
}
|
|
}
|
|
--
|
|
2.33.0
|
|
|