On Thu, Dec 11, 2014 at 04:38:50PM +1100, Jonathan Gray wrote:
>
> Yes, I agree. I plan to commit this version:
>
It is ok for me.
Thanks.
Sébastien Marie
> Index: compile.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/sed/compile.c,v
> retrieving revision 1.36
> diff -u -p -r1.36 compile.c
> --- compile.c 8 Oct 2014 04:19:08 -0000 1.36
> +++ compile.c 11 Dec 2014 05:32:42 -0000
> @@ -538,7 +538,7 @@ compile_flags(char *p, struct s_subst *s
> {
> int gn; /* True if we have seen g or n */
> long l;
> - char wfile[PATH_MAX], *q;
> + char wfile[PATH_MAX], *q, *eq;
>
> s->n = 1; /* Default */
> s->p = 0;
> @@ -584,9 +584,12 @@ compile_flags(char *p, struct s_subst *s
> #endif
> EATSPACE();
> q = wfile;
> + eq = wfile + sizeof(wfile) - 1;
> while (*p) {
> if (*p == '\n')
> break;
> + if (q >= eq)
> + err(COMPILE, "wfile too long");
> *q++ = *p++;
> }
> *q = '\0';
