fix(xxd): buffer overread #40236

Problem Buffer overflow if lines exceed the expected buffer size. Solution: Use snprintf instead of strcpy. (cherry picked from commit 966e7a98f5)
2026-06-15 16:23:48 +00:00 · 2026-06-14 20:46:02 +05:30
parent 5c75abf790
commit c58e5b73f1
2 changed files with 9 additions and 1 deletions
--- a/src/xxd/xxd.c
+++ b/src/xxd/xxd.c
@@ -575,7 +575,7 @@ static void xxdline(FILE *fp, char *l, char *colors, int nz)
  static signed char zero_seen = 0;

  if (!nz && zero_seen == 1) {
-    strcpy(z, l);
+    snprintf(z, sizeof(z), "%s", l);
    if (colors) {
      memcpy(z_colors, colors, strlen(z));
    }
--- a/test/functional/editor/xxd_spec.lua
+++ b/test/functional/editor/xxd_spec.lua
@@ -2,6 +2,7 @@ local t = require('test.testutil')
 local n = require('test.functional.testnvim')()

 local eq = t.eq
+local eval = n.eval
 local clear = n.clear
 local fn = n.fn
 local testprg = n.testprg
@@ -17,4 +18,11 @@ describe('xxd', function()
    local decoded = fn.system({ testprg('xxd'), '-r' }, encoded)
    eq(input, decoded)
  end)
+
+  it('handles long lines in revert mode', function()
+    t.skip(t.is_arch('s390x'), 'FIXME: xxd not built correctly on s390x with QEMU?')
+    local long_line = ('4'):rep(512) .. '\n'
+    fn.system({ testprg('xxd'), '-r' }, long_line)
+    eq(0, eval('v:shell_error'))
+  end)
 end)