diff options
| author | Andy Chu <andychup@gmail.com> | 2016-03-06 09:49:50 -0800 |
|---|---|---|
| committer | Rob Landley <rob@landley.net> | 2016-03-10 13:59:32 -0600 |
| commit | 96a5ed118ce8ad1aaf7889b9eff599bb4517aa49 (patch) | |
| tree | bc3c58c9f62aed2fdaf9aaaa6747016cfd415b62 | |
| parent | 1fd80657b06e016217efb7068b08fa9e4aa5650d (diff) | |
| download | toybox-96a5ed118ce8ad1aaf7889b9eff599bb4517aa49.tar.gz | |
Fix segfault in sed -e 'c\'.
Found by afl-fuzz.
| -rwxr-xr-x | tests/sed.test | 3 | ||||
| -rw-r--r-- | toys/posix/sed.c | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/tests/sed.test b/tests/sed.test index 280b466a..ec06baae 100755 --- a/tests/sed.test +++ b/tests/sed.test @@ -77,6 +77,9 @@ testing "c {range}" "sed -e '2,4{c blah' -e '}'" \ "" "one\ntwo\nthree\nfour\nfive\nsix" testing "c multiple continuation" \ "sed -e 'c\\' -e 'two\\' -e ''" "two\n\n" "" "hello" +# NOTE: will print 'unfinished c' to stderr and exit 1 +testing "c empty continuation" \ + "sed -e 'c\\'" "" "" "hello" testing "D further processing depends on whether line is blank" \ "sed -e '/one/,/three/{' -e 'i meep' -e'N;2D;}'" \ "meep\nmeep\ntwo\nthree\n" "" "one\ntwo\nthree\n" diff --git a/toys/posix/sed.c b/toys/posix/sed.c index 9b5e6664..3def9d40 100644 --- a/toys/posix/sed.c +++ b/toys/posix/sed.c @@ -764,7 +764,7 @@ static void jewel_of_judgement(char **pline, long len) // Append additional line to pattern argument string? // We temporarily repurpose "hit" to indicate line continuations if (corwin && corwin->prev->hit) { - if (!*pline) error_exit("unfinished %c", corwin->prev->c);; + if (!pline || !*pline) error_exit("unfinished %c", corwin->prev->c);; // Remove half-finished entry from list so remalloc() doesn't confuse it TT.pattern = TT.pattern->prev; corwin = dlist_pop(&TT.pattern); |