Hi,
Fuzzing sed with afl, I found a crash due to use of uninitialized
variable.
In process.c oldpsl variable need to be initialized:
$ echo | sed -e 'g;P'
Segmentation fault (core dumped)
The following patch correct this.
I also include the initialization of p, as it is reported by compiler
warning too (with -Wall -O2).
Thanks.
--
Sébastien Marie
Index: process.c
===================================================================
RCS file: /cvs/src/usr.bin/sed/process.c,v
retrieving revision 1.20
diff -u -p -r1.20 process.c
--- process.c 1 Dec 2014 06:37:25 -0000 1.20
+++ process.c 10 Dec 2014 09:15:15 -0000
@@ -83,8 +83,8 @@ process(void)
{
struct s_command *cp;
SPACE tspace;
- size_t len, oldpsl;
- char *p;
+ size_t len, oldpsl = 0;
+ char *p = NULL;
for (linenum = 0; mf_fgets(&PS, REPLACE);) {
