From 2c23705ab0e3038f0b5bfd3af742d07a3383ed54 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Sat, 13 Dec 2014 18:35:11 -0600
Subject: Fix bug in sed y/// where bytes in target but not in source were
 replaced by zeroes (nul terminator overwritten).

---
 toys/pending/sed.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'toys/pending/sed.c')

diff --git a/toys/pending/sed.c b/toys/pending/sed.c
index 0b8c272a..6c025f0d 100644
--- a/toys/pending/sed.c
+++ b/toys/pending/sed.c
@@ -254,7 +254,7 @@ static char *extend_string(char **old, char *new, int oldlen, int newlen)
   memcpy(s+oldlen, new, newlen);
   s[oldlen+newlen] = 0;
 
-  return s+oldlen+newlen;
+  return s+oldlen+newlen+1;
 }
 
 // An empty regex repeats the previous one
@@ -504,13 +504,11 @@ static void walk_pattern(char **pline, long plen)
         // place because backrefs may refer to text after it's overwritten.)
         len += newlen-mlen;
         swap = xmalloc(len+1);
-        rswap = swap+(rline-line);
+        rswap = swap+(rline-line)+match[0].rm_so;
         memcpy(swap, line, (rline-line)+match[0].rm_so);
-        memcpy(rswap+match[0].rm_so+newlen, rline+match[0].rm_eo,
-               (rlen -= match[0].rm_eo)+1);
+        memcpy(rswap+newlen, rline+match[0].rm_eo, (rlen -= match[0].rm_eo)+1);
 
         // copy in new replacement text
-        rswap += match[0].rm_so;
         for (off = mlen = 0; new[off]; off++) {
           int cc = 0, ll;
 
-- 
cgit v1.2.3