Created attachment 203645 [details] hexdump patch fixing missing conversion char crashes Hexdump can segfault if format contains a '%' at the end, without a conversion specifier. Examples: hexdump -e '"%"' hexdump -e '4/2 "%"' hexdump -e '"%53"' I believe this happens because the behavior of "strchr" on '\0' is not handled when a conversion specifier is scanned: "The terminating null byte is considered part of the string, so that if c is specified as '\0', these functions return a pointer to the terminator." I've attached a possible fix (with a test) which treats missing conversion characters as a format errors.
Thanks, Bojan!
A commit references this bug: Author: cem Date: Sat Apr 13 16:51:49 UTC 2019 New revision: 346187 URL: https://svnweb.freebsd.org/changeset/base/346187 Log: hexdump(1): Exit gracefully on format strings missing conversion PR: 237263 Submitted by: Bojan Petrovic <bojan_petrovic AT fastmail.fm> Changes: head/usr.bin/hexdump/hexdump.h head/usr.bin/hexdump/parse.c head/usr.bin/hexdump/tests/hexdump_test.sh