From 966e7a98f5bc6d17de2076fb064e5a81f8977769 Mon Sep 17 00:00:00 2001 From: OrbisAI Security Date: Sun, 14 Jun 2026 20:46:02 +0530 Subject: [PATCH] fix(xxd): buffer overread #40236 Problem Buffer overflow if lines exceed the expected buffer size. Solution: Use snprintf instead of strcpy. --- src/xxd/xxd.c | 2 +- test/functional/editor/xxd_spec.lua | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/xxd/xxd.c b/src/xxd/xxd.c index 024fde06b2..b919176a7c 100644 --- a/src/xxd/xxd.c +++ b/src/xxd/xxd.c @@ -573,7 +573,7 @@ static void xxdline(FILE *fp, char *l, char *colors, int nz) static signed char zero_seen = 0; if (!nz && zero_seen == 1) { - strcpy(z, l); + snprintf(z, sizeof(z), "%s", l); if (colors) { memcpy(z_colors, colors, strlen(z)); } diff --git a/test/functional/editor/xxd_spec.lua b/test/functional/editor/xxd_spec.lua index a42b93f801..8e67dd9870 100644 --- a/test/functional/editor/xxd_spec.lua +++ b/test/functional/editor/xxd_spec.lua @@ -2,6 +2,7 @@ local t = require('test.testutil') local n = require('test.functional.testnvim')() local eq = t.eq +local eval = n.eval local clear = n.clear local fn = n.fn local testprg = n.testprg @@ -17,4 +18,11 @@ describe('xxd', function() local decoded = fn.system({ testprg('xxd'), '-r' }, encoded) eq(input, decoded) end) + + it('handles long lines in revert mode', function() + t.skip(t.is_arch('s390x'), 'FIXME: xxd not built correctly on s390x with QEMU?') + local long_line = ('4'):rep(512) .. '\n' + fn.system({ testprg('xxd'), '-r' }, long_line) + eq(0, eval('v:shell_error')) + end) end)