Skip to content

fix: bounds-check hexdiff() offset-skip loop to prevent IndexError#5036

Open
citizen204 wants to merge 1 commit into
secdev:masterfrom
citizen204:fix-5034-hexdiff-indexerror
Open

fix: bounds-check hexdiff() offset-skip loop to prevent IndexError#5036
citizen204 wants to merge 1 commit into
secdev:masterfrom
citizen204:fix-5034-hexdiff-indexerror

Conversation

@citizen204

Copy link
Copy Markdown

Summary

hexdiff() raises IndexError: list index out of range when the difflib alignment (algo='difflib') produces a 16-byte display row that is entirely a "gap" on one side (a run of >=16 aligned insertions/deletions). The loop that skips leading empty cells to compute the row's starting offset had no bounds check and walked off the end of the row.

Fixes #5034

Changes

  • scapy/utils.py: added j < len(linex) / j < len(liney) bounds checks to the two offset-skip while loops in hexdiff(), so the loop stops once it reaches the end of a fully-gapped row instead of indexing past it.
  • test/regression.uts: added a regression test using the minimal reproduction from the issue (hexdiff(b"B"*9 + b"\x08", b"A" + b"\x08" + b"A"*23, algo="difflib")), which previously raised IndexError and now completes without crashing.

AI-Assisted: yes (Claude Sonnet 5)

hexdiff() raised IndexError when the difflib alignment produced a
16-byte display row that was entirely a gap on one side. The loop
that skips leading empty cells to compute the row offset had no
bounds check and walked off the end of the row.

Fixes secdev#5034

AI-Assisted: yes (Claude Sonnet 5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

hexdiff() raises IndexError on unequal-length inputs (difflib algorithm)

1 participant