hexdump hang when reading format file with --format-file #2805
Comments
Merged
|
From the gdb backtrack, it seems hexdump is waiting for data. Can you share the command line used for the reproducer? Anyway, I'm able to reproduce something that looks like a hang-up, but it's because the format unit used for output contains a huge number of repeats for each input byte. The man page describes the counters as integers, so I'm not sure if I want to restrict it to smaller numbers. For this use case, the behavior is technically correct. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details
Malcrafted format files can cause the hexdump tool to hang when passed to the -f or --format-file parameters. The issue occurs inside the while (TRUE) loop in function get() in hexdump-display.c
Known affected versions
hexdump from util-linux 2.39.3 to 2.40-rc1-126-7ca98
gdb backtrack Output
(gdb) bt
#0 0x00007ffff7e7da5d in __GI___libc_read (fd=0, buf=0x7ffff3ec9010, nbytes=62087168) at ../sysdeps/unix/sysv/linux/read.c:26
#1 0x00007ffff7e05e10 in __GI__IO_file_xsgetn (fp=0x7ffff7f59aa0 <IO_2_1_stdin>, data=, n=62087168) at ./libio/libioP.h:946
#2 0x00007ffff7dfa4bb in __GI__IO_fread (buf=0x7ffff3ec9010, size=size@entry=1, count=62087168, fp=0x7ffff7f59aa0 <IO_2_1_stdin>)
at ./libio/iofread.c:38
#3 0x00005555555582c7 in get (hex=0x5555555632a0) at text-utils/hexdump-display.c:369
#4 display (hex=hex@entry=0x5555555632a0) at text-utils/hexdump-display.c:252
#5 0x0000555555557657 in main (argc=, argv=0x7fffffffdb40) at text-utils/hexdump.c:229
PoC
See attached file hang-01.txt
Credits
These findings come from a research effort on software quality and security based on a Human Error-Driven Framework for software defect prediction.
--
Carlos Andres Ramirez
Researcher
The text was updated successfully, but these errors were encountered: