On Wed, Dec 10, 2014 at 10:39:37AM +0100, Sébastien Marie wrote:
>
> Hi,
>
> Fuzzing sed with afl, I found a crash due to use of uninitialized
> variable.
>
> In process.c oldpsl variable need to be initialized:
>
> $ echo | sed -e 'g;P'
> Segmentation fault (core dumped)
>
> The following patch correct this.
>
> I also include the initialization of p, as it is reported by compiler
> warning too (with -Wall -O2).
Perhaps the following instead to rework the code to seperate out
the path that needs the pointer swap?
Index: process.c
===================================================================
RCS file: /cvs/src/usr.bin/sed/process.c,v
retrieving revision 1.20
diff -u -p -r1.20 process.c
--- process.c 1 Dec 2014 06:37:25 -0000 1.20
+++ process.c 10 Dec 2014 11:01:23 -0000
@@ -184,10 +184,11 @@ redirect:
(p = memchr(ps, '\n', psl - 1)) != NULL) {
oldpsl = psl;
psl = (p + 1) - ps;
- }
- OUT(ps);
- if (p != NULL)
+ OUT(ps);
psl = oldpsl;
+ } else {
+ OUT(ps);
+ }
break;
case 'q':
if (!nflag && !pd)
