bin/96052: sed "P" command broken on empty pattern space

Wed Apr 19 16:10:18 UTC 2006

>Number:         96052
>Category:       bin
>Synopsis:       sed "P" command broken on empty pattern space
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 19 16:10:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Zholos
>Release:        FreeBSD 6.1-PRERELEASE
>Organization:
>Environment:
FreeBSD sigma 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #5: Fri Mar 24 21:54:25 EET 2006     root at sigma:/usr/obj/usr/src/sys/SIGMA  i386

>Description:
If the "P" command is used once on a non-empty pattern space and then again on
an empty pattern space, the second usage restores the pattern space length to
the length that it had when the first "P" was used.


# echo 111 | sed -ne 'G;P;s/.*//;l;P;l'
111
$

\000\000\000\000$


Here, when the first "P" is used, there are 4 characters in the pattern space
("111\n"). The "s" clears the pattern space, but after the second "P" there are
4 characters there again.

>How-To-Repeat:
See above.
>Fix:

--- /usr/src/usr.bin/sed/process.c.orig	Sat Apr  9 17:31:41 2005
+++ /usr/src/usr.bin/sed/process.c	Wed Apr 19 17:54:18 2006
@@ -188,12 +188,11 @@
 			case 'P':
 				if (pd)
 					break;
-				if (psl != 0 &&
-				    (p = memchr(ps, '\n', psl)) != NULL) {
+				if ((p = memchr(ps, '\n', psl)) != NULL) {
 					oldpsl = psl;
 					psl = p - ps;
 				}
 				OUT(ps)
 				if (p != NULL)
 					psl = oldpsl;
 				break;


When psl == 0, p is not reset to NULL and oldpsl is not set, so "psl = oldpsl"
restores psl to whatever it was on a previous "P" command. So, one possible
fix is to drop the test for psl != 0.

>Release-Note:
>Audit-Trail:
>Unformatted:
