Date: Sun, 02 Nov 2003 14:36:01 +1100 From: Tim Robbins <tjr@freebsd.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: Eugene Grosbein <eugen@grosbein.pp.ru> Subject: Re: bin/58813: Incorrect behavour of sed(1) Message-ID: <3FA47BA1.9010700@freebsd.org> In-Reply-To: <200311020058.hA20w3rM082485@freefall.freebsd.org> References: <200311020058.hA20w3rM082485@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------080802000204060704000602 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Kris Kennaway wrote: >Synopsis: Incorrect behavour of sed(1) > >Responsible-Changed-From-To: freebsd-bugs->tjr >Responsible-Changed-By: kris >Responsible-Changed-When: Sat Nov 1 16:57:45 PST 2003 >Responsible-Changed-Why: >tjr has done a lot of work on sed, perhaps he will be interested >in fixing this. > >http://www.freebsd.org/cgi/query-pr.cgi?pr=58813 > > Please try the attached patch. It fixes a buffer management bug that was causing heap corruption. The patch is against -current, but it should apply cleanly to 4.9. (http://perforce.freebsd.org/chv.cgi?CH=41082) Tim --------------080802000204060704000602 Content-Type: text/plain; name="sed.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="sed.diff" --- process.c.old Sun Nov 2 14:27:26 2003 +++ process.c Sun Nov 2 14:24:28 2003 @@ -557,7 +557,8 @@ char c, *dst; #define NEEDSP(reqlen) \ - if (sp->len >= sp->blen - (reqlen) - 1) { \ + /* XXX What is the +1 for? */ \ + if (sp->len + (reqlen) + 1 >= sp->blen) { \ sp->blen += (reqlen) + 1024; \ if ((sp->space = sp->back = realloc(sp->back, sp->blen)) \ == NULL) \ --------------080802000204060704000602--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA47BA1.9010700>