In --traditional mode, od accepts an explicit pseudo-address label. A label near u64::MAX makes the offset accumulator overflow: InputOffset::increase_position adds the bytes-read n to the running position/label with unchecked u64 arithmetic (self.byte_pos += n, self.label = Some(l + n)). With a label of 0xffffffffffffffff, the very first read overflows that add.
It panics only under overflow-checks (debug builds, or a release build compiled with -C overflow-checks=on).
$ printf '0123456789ABCDEF' | ./target/debug/od --traditional - 0 0xffffffffffffffff
thread 'main' panicked at src/uu/od/src/input_offset.rs:40:31:
attempt to add with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
$ echo $?
101
Root cause
// src/uu/od/src/input_offset.rs
/// Increase `byte_pos` and `label` if a label is used.
pub fn increase_position(&mut self, n: u64) {
self.byte_pos += n; // unchecked
if let Some(l) = self.label {
self.label = Some(l + n); // <- input_offset.rs:40:31, overflows when l ≈ u64::MAX
}
}label comes directly from the --traditional pseudo-address argument (0xffffffffffffffff here = u64::MAX), and byte_pos from the (also user-influenceable) starting offset. Adding the per-read byte count n with plain +/+= overflows.
In
--traditionalmode,odaccepts an explicit pseudo-address label. A label nearu64::MAXmakes the offset accumulator overflow:InputOffset::increase_positionadds the bytes-readnto the running position/label with uncheckedu64arithmetic (self.byte_pos += n,self.label = Some(l + n)). With a label of0xffffffffffffffff, the very first read overflows that add.It panics only under overflow-checks (debug builds, or a release build compiled with
-C overflow-checks=on).Root cause
labelcomes directly from the--traditionalpseudo-address argument (0xffffffffffffffffhere =u64::MAX), andbyte_posfrom the (also user-influenceable) starting offset. Adding the per-read byte countnwith plain+/+=overflows.