Date: Sun, 02 Nov 2003 14:36:01 +1100 From: Tim Robbins <tjr@freebsd.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: Eugene Grosbein <eugen@grosbein.pp.ru> Subject: Re: bin/58813: Incorrect behavour of sed(1) Message-ID: <3FA47BA1.9010700@freebsd.org> In-Reply-To: <200311020058.hA20w3rM082485@freefall.freebsd.org> References: <200311020058.hA20w3rM082485@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Kris Kennaway wrote: >Synopsis: Incorrect behavour of sed(1) > >Responsible-Changed-From-To: freebsd-bugs->tjr >Responsible-Changed-By: kris >Responsible-Changed-When: Sat Nov 1 16:57:45 PST 2003 >Responsible-Changed-Why: >tjr has done a lot of work on sed, perhaps he will be interested >in fixing this. > >http://www.freebsd.org/cgi/query-pr.cgi?pr=58813 > > Please try the attached patch. It fixes a buffer management bug that was causing heap corruption. The patch is against -current, but it should apply cleanly to 4.9. (http://perforce.freebsd.org/chv.cgi?CH=41082) Tim [-- Attachment #2 --] --- process.c.old Sun Nov 2 14:27:26 2003 +++ process.c Sun Nov 2 14:24:28 2003 @@ -557,7 +557,8 @@ char c, *dst; #define NEEDSP(reqlen) \ - if (sp->len >= sp->blen - (reqlen) - 1) { \ + /* XXX What is the +1 for? */ \ + if (sp->len + (reqlen) + 1 >= sp->blen) { \ sp->blen += (reqlen) + 1024; \ if ((sp->space = sp->back = realloc(sp->back, sp->blen)) \ == NULL) \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FA47BA1.9010700>