patch 9.1.0404: [security] xxd: buffer-overflow with specific flags Commit: https://github.com/vim/vim/commit/67797191e039196128c69ba1538ccaf2a4711323 Author: Lennard Hofmann <lennard.hofmann@web.de> Date: Fri May 10 14:17:26 2024 +0200 patch 9.1.0404: [security] xxd: buffer-overflow with specific flags Problem: [security] xxd: buffer-overflow with specific flags Solution: Correctly calculate the required buffer space (Lennard Hofmann) xxd writes each output line into a global buffer before printing. The maximum size of that buffer was not calculated correctly. This command was crashing in AddressSanitizer: $ xxd -Ralways -g1 -c256 -d -o 9223372036854775808 /etc/passwd This prints a line of 6680 bytes but the buffer only had room for 6549 bytes. If the output from "-b" was colored, the line could be even longer. closes: #14738 Co-authored-by: K.Takata <kentkt@csc.jp> Signed-off-by: Lennard Hofmann <lennard.hofmann@web.de> Signed-off-by: Christian Brabandt <cb@256bit.org>

" Tests for large files
" This is only executed manually: "make test_largefile".
" This is not run as part of "make test".

func Test_largefile()
  let fname = 'Xlarge.txt'

  call delete(fname)
  exe "e" fname
  " Make sure that a line break is 1 byte (LF).
  set ff=unix
  set undolevels=-1
  " Input 99 'A's. The line becomes 100 bytes including a line break.
  exe "normal 99iA\<Esc>"
  yank
  " Put 39,999,999 times. The file becomes 4,000,000,000 bytes.
  normal 39999999p
  " Moving around in the file randomly.
  normal G
  normal 10%
  normal 90%
  normal 50%
  normal gg
  w
  " Check if the file size is 4,000,000,000 bytes.
  let fsize=getfsize(fname)
  call assert_true(fsize == 4000000000)
  call delete(fname)
endfunc

" vim: shiftwidth=2 sts=2 expandtab