Hi Paolo, This patch fixes the bug raised at Debian project at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=256725 To reappear the bug: $ LANG=C sed --version GNU sed version 4.1.1 Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, to the extent permitted by law. $ LANG=C sed m sed: -e expression #1, char 1: unknown command: `m' $ LANG=en_US sed m Segmentation fault This is caused by the insufficient buffer size at compile.c:bad_command(). It allocates only 20 bytes for the above message, but the string size are also 20 bytes. There's no "NULL" space, so it causes buffer overflow. Attached patch expands the buffer size to allow putting extra one NULL byte. After applying the patch, I got: $ env LANG=en_US ./sed m ./sed: -e expression #1, char 1: unknown command: `m' Please apply it. Thanks for your usual great works. Regards, -- gotom 2004-08-06 GOTO Masanori <[EMAIL PROTECTED]> * sed/compile.c: Fix insufficient message buffer size when hitting unknown command. --- sed-4.1.1.orig/sed/compile.c 2004-06-30 03:05:21.000000000 +0900 +++ sed-4.1.1/sed/compile.c 2004-08-06 10:52:06.000000000 +0900 @@ -1,5 +1,5 @@ /* GNU SED, a batch stream editor. - Copyright (C) 1989,90,91,92,93,94,95,98,99,2002,2003 + Copyright (C) 1989,90,91,92,93,94,95,98,99,2002,2003,2004 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify @@ -195,7 +195,7 @@ char ch; { const char *msg = _(UNKNOWN_CMD); - char *unknown_cmd = xmalloc(strlen(msg) - 1); + char *unknown_cmd = xmalloc(strlen(msg)); sprintf(unknown_cmd, msg, ch); bad_prog(unknown_cmd); } Regards, -- gotom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]