patch 9.1.0912: xxd: integer overflow with sparse files and -autoskip

Problem:  xxd: integer overflow with sparse files and -autoskip
Solution: reset zero_seen when at the limit, change the type to char
          (sendittothenewts)

When encountering INT_MAX lines of zeros in the input, xxd overflows an
`int` counter, resulting in undefined behaviour.  Usually, this results
in a spurious line of zeros being output every 2**32 lines, while the
"*" line is lost, as is the final line of zeros that delineate the file
size if at end of file.

Since xxd doesn't need to know exactly how many lines are being skipped
when it's > 3, the exact value of the line counter `zero_seen` doesn't
matter and it can simply be reduced in value before the overflow occurs.

Changing the type of `zero_seen` to `signed char` is not important, and
done only to make the bug triggerable with more modest file sizes, and
therefore more convenient to test the fix.

fixes: #16170
closes: #16175

Signed-off-by: sendittothenewts <ross.axe@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/version.c b/src/version.c
index 81ebbae3e54b4475d05e1838381db4a633e95985..6dc9a47ec8d6fe6fa170ba644ea7569ecf5a7177 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    912,
 /**/
     911,
 /**/

diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c
index c222885455f12d145b30efb8b7f63d42df8fbf1d..9031d713de94d3e0f89b4b74cea788c3f8927790 100644 (file)
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -66,6 +66,7 @@
  * 10.09.2024  Support -b and -i together, #15661
  * 19.10.2024  -e did add an extra space #15899
  * 11.11.2024  improve end-of-options argument parser #9285
+ * 07.12.2024  fix overflow with xxd --autoskip and large sparse files #16175
  *
  * (c) 1990-1998 by Juergen Weigert (jnweiger@gmail.com)
  *
@@ -146,7 +147,7 @@ extern void perror __P((char *));
 # endif
 #endif
 
-char version[] = "xxd 2024-11-11 by Juergen Weigert et al.";
+char version[] = "xxd 2024-12-07 by Juergen Weigert et al.";
 #ifdef WIN32
 char osver[] = " (Win32)";
 #else
@@ -515,7 +516,7 @@ huntype(
 }
 
 /*
- * Print line l. If nz is false, xxdline regards the line a line of
+ * Print line l. If nz is false, xxdline regards the line as a line of
  * zeroes. If there are three or more consecutive lines of zeroes,
  * they are replaced by a single '*' character.
  *
@@ -530,7 +531,7 @@ huntype(
 xxdline(FILE *fp, char *l, int nz)
 {
   static char z[LLEN+1];
-  static int zero_seen = 0;
+  static signed char zero_seen = 0;
 
   if (!nz && zero_seen == 1)
     strcpy(z, l);
@@ -551,6 +552,11 @@ xxdline(FILE *fp, char *l, int nz)
       if (nz)
        zero_seen = 0;
     }
+
+  /* If zero_seen > 3, then its exact value doesn't matter, so long as it
+   * remains >3 and incrementing it will not cause overflow. */
+  if (zero_seen >= 0x7F)
+    zero_seen = 4;
 }
 
 /* This is an EBCDIC to ASCII conversion table */