From nobody@FreeBSD.org  Wed Aug 20 14:05:11 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 59C0E1065675
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Aug 2008 14:05:11 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 43B898FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Aug 2008 14:05:11 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m7KE5AWv026475
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Aug 2008 14:05:10 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m7KE5Ak3026473;
	Wed, 20 Aug 2008 14:05:10 GMT
	(envelope-from nobody)
Message-Id: <200808201405.m7KE5Ak3026473@www.freebsd.org>
Date: Wed, 20 Aug 2008 14:05:10 GMT
From: Derek Tattersall <dlt@mebtel.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Sed segfaults on error rather than error message
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         126682
>Category:       bin
>Synopsis:       [patch] sed(1) segfaults on error rather than error message
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 20 14:10:00 UTC 2008
>Closed-Date:    Fri Feb 12 04:36:04 UTC 2010
>Last-Modified:  Fri Feb 12 04:36:04 UTC 2010
>Originator:     Derek Tattersall
>Release:        8.0 CURRENT
>Organization:
>Environment:
FreeBSD oriental.arm.org 8.0-CURRENT FreeBSD 8.0-CURRENT #16: Sun Aug 17 11:41:53 EDT 2008     root@oriental.arm.org:/usr/obj/usr/src/sys/ORIENTAL  amd64
>Description:
echo test | sed 's/test/\1/' segfaults rather than issuing a message regarding the nonexistence of what "\1" refers to.
>How-To-Repeat:
echo test | sed 's/test/\1/'
>Fix:


Patch attached with submission follows:

diff -u /usr/src/usr.bin/sed/compile.c ./compile.c
--- /usr/src/usr.bin/sed/compile.c	2008-02-09 04:12:02.000000000 -0500
+++ ./compile.c	2008-08-20 09:47:27.000000000 -0400
@@ -324,13 +324,13 @@
 			if (p == NULL)
 				errx(1,
 				"%lu: %s: unterminated substitute pattern", linenum, fname);
-			--p;
-			p = compile_subst(p, cmd->u.s);
-			p = compile_flags(p, cmd->u.s);
 			if (*re == '\0')
 				cmd->u.s->re = NULL;
 			else
 				cmd->u.s->re = compile_re(re, cmd->u.s->icase);
+			--p;
+			p = compile_subst(p, cmd->u.s);
+			p = compile_flags(p, cmd->u.s);
 			EATSPACE();
 			if (*p == ';') {
 				p++;


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Wed Aug 20 16:02:03 UTC 2008 
Responsible-Changed-Why:  
Delphij: could you take a look at this please?  The segfault seems to be 
caused by your change (SVN r171284), which the patch in this PR mostly 
reverts.  It also affects RELENG_7 as the change was made before the 
fork.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126682 
State-Changed-From-To: open->analyzed 
State-Changed-By: delphij 
State-Changed-When: Mon Sep 29 07:44:31 UTC 2008 
State-Changed-Why:  
Dear submitter, 

I have confirmed that this is a new bug but unfortunately your fix is 
not correct as it breaks I flag, which does not seems to be easily 
fixable as it needs some interactions with the workflow.  Will keep 
you updated when I got some right solution. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126682 
State-Changed-From-To: analyzed->patched 
State-Changed-By: hrs 
State-Changed-When: Wed Nov 19 18:08:47 UTC 2008 
State-Changed-Why:  
Patched on -CURRENT and RELENG_7.  Please let us know if the 
problem is fixed on your environment. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126682 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Fri Feb 12 04:33:42 UTC 2010 
State-Changed-Why:  
Patched in all supported affected branches (revision 184777 
in -HEAD) by hrs@. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=126682 
>Unformatted:
