patch 9.1.1683: xxd: Avoid null dereference in autoskip colorless

Problem:  xxd: Avoid null dereference in autoskip colorless
Solution: Verify that colors is not null (Joakim Nohlgård)

Fixes bug introduced in 6897f18ee6e5bb78b32c97616e484030fd514750
(v9.1.1459) which does a memcpy from NULL when color=never and the
autoskip option is used.

Before:

dd if=/dev/zero bs=100 count=1 status=none | xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
Segmentation fault (core dumped)

After:

dd if=/dev/zero bs=100 count=1 status=none | ./xxd/xxd -a -R never
00000000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
*
00000060: 0000 0000                                ....

closes: #18008

Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/testdir/test_xxd.vim b/src/testdir/test_xxd.vim
index 477af7a540fc30936f9b39b7a5ab2726153da1f4..b98988157b08acd183e9be8d2feea284129ce35f 100644 (file)
--- a/src/testdir/test_xxd.vim
+++ b/src/testdir/test_xxd.vim
@@ -701,4 +701,28 @@ func Test_xxd_overflow()
   call assert_equal(expected, getline(1, 5))
   bw!
 endfunc
+
+" this caused a NULL derefence
+func Test_xxd_null_dereference()
+  CheckUnix
+  CheckExecutable /bin/true
+  new
+  " we are only checking, that there are addresses in the first 5 lines
+  let expected = [
+        \ '00000000: ',
+        \ '00000010: ',
+        \ '00000020: ',
+        \ '00000030: ',
+        \ '00000040: ']
+  exe "0r! " s:xxd_cmd "-a -R never /bin/true 2>&1"
+  " there should be more than 6 lines
+  call assert_true(line('$') > 5)
+  " there should not be an ASAN error message
+  call getline(1, '$')->join('\n')->assert_notmatch('runtime error')
+  6,$d
+  %s/^\x\+: \zs.*//g
+  call assert_equal(expected, getline(1, 5))
+  bw!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab

diff --git a/src/version.c b/src/version.c
index 5ac3db391283a07cbbafad378391defa4a5fecb1..4f3912aedd1606b933f583f16282b96617d267be 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1683,
 /**/
     1682,
 /**/

diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c
index 0c70b5a95d750638a2846a2e386eee018411e771..b46cee41f0be353db34cbdd82eba1776f7dda9c7 100644 (file)
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -70,6 +70,7 @@
  * 15.06.2025  improve color code logic
  * 08.08.2025  fix overflow with bitwise output
  * 20.08.2025  remove external library call for autoconversion on z/OS (MVS)
+ * 24.08.2025  avoid NULL dereference with autoskip colorless
  *
  * (c) 1990-1998 by Juergen Weigert (jnweiger@gmail.com)
  *
@@ -150,7 +151,7 @@ extern void perror __P((char *));
 # endif
 #endif
 
-char version[] = "xxd 2025-08-20 by Juergen Weigert et al.";
+char version[] = "xxd 2025-08-24 by Juergen Weigert et al.";
 #ifdef WIN32
 char osver[] = " (Win32)";
 #else
@@ -599,7 +600,10 @@ xxdline(FILE *fp, char *l, char *colors, int nz)
   if (!nz && zero_seen == 1)
     {
       strcpy(z, l);
-      memcpy(z_colors, colors, strlen(z));
+      if (colors)
+       {
+         memcpy(z_colors, colors, strlen(z));
+       }
     }
 
   if (nz || !zero_seen++)