Mercurial > vim
view src/testdir/test_channel_pipe.py @ 35150:42f061099b39 v9.1.0404
patch 9.1.0404: [security] xxd: buffer-overflow with specific flags
Commit: https://github.com/vim/vim/commit/67797191e039196128c69ba1538ccaf2a4711323
Author: Lennard Hofmann <lennard.hofmann@web.de>
Date: Fri May 10 14:17:26 2024 +0200
patch 9.1.0404: [security] xxd: buffer-overflow with specific flags
Problem: [security] xxd: buffer-overflow with specific flags
Solution: Correctly calculate the required buffer space
(Lennard Hofmann)
xxd writes each output line into a global buffer before printing.
The maximum size of that buffer was not calculated correctly.
This command was crashing in AddressSanitizer:
$ xxd -Ralways -g1 -c256 -d -o 9223372036854775808 /etc/passwd
This prints a line of 6680 bytes but the buffer only had room for 6549 bytes.
If the output from "-b" was colored, the line could be even longer.
closes: #14738
Co-authored-by: K.Takata <kentkt@csc.jp>
Signed-off-by: Lennard Hofmann <lennard.hofmann@web.de>
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Fri, 10 May 2024 14:45:03 +0200 |
parents | 06e3c6bac36d |
children |
line wrap: on
line source
#!/usr/bin/python # # Server that will communicate over stdin/stderr # # This requires Python 2.6 or later. from __future__ import print_function import os import sys import time if __name__ == "__main__": if len(sys.argv) > 1: if sys.argv[1].startswith("err"): print(sys.argv[1], file=sys.stderr) sys.stderr.flush() elif sys.argv[1].startswith("incomplete"): print(sys.argv[1], end='') sys.stdout.flush() sys.exit(0) elif sys.argv[1].startswith("busy"): time.sleep(100) sys.exit(0) else: print(sys.argv[1]) sys.stdout.flush() if sys.argv[1].startswith("quit"): sys.exit(0) if os.getenv('CI'): try: import thread_util thread_util.set_high_priority() except Exception: pass while True: typed = sys.stdin.readline() if typed == "": # EOF -- stop break if typed.startswith("quit"): print("Goodbye!") sys.stdout.flush() break if typed.startswith("echo "): print(typed[5:-1]) sys.stdout.flush() if typed.startswith("echosplit "): for part in typed[10:-1].split('|'): sys.stdout.write(part) sys.stdout.flush() time.sleep(0.05) if typed.startswith("double "): print(typed[7:-1] + "\nAND " + typed[7:-1]) sys.stdout.flush() if typed.startswith("split "): print(typed[6:-1], end='') sys.stdout.flush() time.sleep(0.05) print(typed[6:-1], end='') sys.stdout.flush() time.sleep(0.05) print(typed[6:-1]) sys.stdout.flush() if typed.startswith("echoerr "): print(typed[8:-1], file=sys.stderr) sys.stderr.flush() if typed.startswith("doubleerr "): print(typed[10:-1] + "\nAND " + typed[10:-1], file=sys.stderr) sys.stderr.flush() if typed.startswith("XXX"): print(typed, end='') sys.stderr.flush() break