util-linux/backport-hexdump-check-blocksize-when-display-data.patch

From dfa1ad272528a92384adac523cf2f2949b767d8d Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 27 Feb 2024 18:38:02 +0100
Subject: [PATCH] hexdump: check blocksize when display data

hexdump(1) stores input to buffer and apply format unit when prints
the output. The unit can move pointer which points to the buffer, but
code does not check for limits.

Fixes: https://github.com/util-linux/util-linux/issues/2806
Signed-off-by: Karel Zak <kzak@redhat.com>
Reference:https://github.com/util-linux/util-linux/commit/dfa1ad272528a92384adac523cf2f2949b767d8d
Conflict:NA
---
 text-utils/hexdump-display.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/text-utils/hexdump-display.c b/text-utils/hexdump-display.c
index bc92bd0ca..c865127c8 100644
--- a/text-utils/hexdump-display.c
+++ b/text-utils/hexdump-display.c
@@ -250,6 +250,8 @@ void display(struct hexdump *hex)
 	struct list_head *p, *q, *r;
 
 	while ((bp = get(hex)) != NULL) {
+		ssize_t rem = hex->blocksize;
+
 		fs = &hex->fshead; savebp = bp; saveaddress = address;
 
 		list_for_each(p, fs) {
@@ -263,7 +265,7 @@ void display(struct hexdump *hex)
 
 				cnt = fu->reps;
 
-				while (cnt) {
+				while (cnt && rem >= 0) {
 					list_for_each(r, &fu->prlist) {
 						pr = list_entry(r, struct hexdump_pr, prlist);
 
@@ -280,12 +282,18 @@ void display(struct hexdump *hex)
 							print(pr, bp);
 
 						address += pr->bcnt;
+
+						rem -= pr->bcnt;
+						if (rem < 0)
+							break;
+
 						bp += pr->bcnt;
 					}
 					--cnt;
 				}
 			}
 			bp = savebp;
+			rem = hex->blocksize;
 			address = saveaddress;
 		}
 	}
-- 
2.33.0
sync patches from the old version 2024-12-16 02:37:59 +00:00			`From dfa1ad272528a92384adac523cf2f2949b767d8d Mon Sep 17 00:00:00 2001`
			`From: Karel Zak <kzak@redhat.com>`
			`Date: Tue, 27 Feb 2024 18:38:02 +0100`
			`Subject: [PATCH] hexdump: check blocksize when display data`

			`hexdump(1) stores input to buffer and apply format unit when prints`
			`the output. The unit can move pointer which points to the buffer, but`
			`code does not check for limits.`

			`Fixes: https://github.com/util-linux/util-linux/issues/2806`
			`Signed-off-by: Karel Zak <kzak@redhat.com>`
			`Reference:https://github.com/util-linux/util-linux/commit/dfa1ad272528a92384adac523cf2f2949b767d8d`
			`Conflict:NA`
			`---`
			`text-utils/hexdump-display.c \| 10 +++++++++-`
			`1 file changed, 9 insertions(+), 1 deletion(-)`

			`diff --git a/text-utils/hexdump-display.c b/text-utils/hexdump-display.c`
			`index bc92bd0ca..c865127c8 100644`
			`--- a/text-utils/hexdump-display.c`
			`+++ b/text-utils/hexdump-display.c`
			`@@ -250,6 +250,8 @@ void display(struct hexdump *hex)`
			`struct list_head p, q, *r;`

			`while ((bp = get(hex)) != NULL) {`
			`+ ssize_t rem = hex->blocksize;`
			`+`
			`fs = &hex->fshead; savebp = bp; saveaddress = address;`

			`list_for_each(p, fs) {`
			`@@ -263,7 +265,7 @@ void display(struct hexdump *hex)`

			`cnt = fu->reps;`

			`- while (cnt) {`
			`+ while (cnt && rem >= 0) {`
			`list_for_each(r, &fu->prlist) {`
			`pr = list_entry(r, struct hexdump_pr, prlist);`

			`@@ -280,12 +282,18 @@ void display(struct hexdump *hex)`
			`print(pr, bp);`

			`address += pr->bcnt;`
			`+`
			`+ rem -= pr->bcnt;`
			`+ if (rem < 0)`
			`+ break;`
			`+`
			`bp += pr->bcnt;`
			`}`
			`--cnt;`
			`}`
			`}`
			`bp = savebp;`
			`+ rem = hex->blocksize;`
			`address = saveaddress;`
			`}`
			`}`
			`--`
			`2.33.0`