From 20552d4d83960955e1b7d3636b29302210bc7686 Mon Sep 17 00:00:00 2001
From: green <green@FreeBSD.org>
Date: Sat, 1 Jun 2002 13:25:47 +0000
Subject: Fix a bug in sed(1)'s "s" command wherein if an escape ("\"
 character) was initiated at the last character of the line buffer, the Wrong
 Thing was done and sed barfed by interpreting the following NUL byte as a
 digit.  Instead, pull up the next buffer and record that the "\" was last
 seen.

---
 usr.bin/sed/compile.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

(limited to 'usr.bin/sed')

diff --git a/usr.bin/sed/compile.c b/usr.bin/sed/compile.c
index 2076297..8265ff8 100644
--- a/usr.bin/sed/compile.c
+++ b/usr.bin/sed/compile.c
@@ -467,7 +467,7 @@ compile_subst(p, s)
 	int asize, size;
 	u_char ref;
 	char c, *text, *op, *sp;
-	int more = 1;
+	int more = 1, sawesc = 0;
 
 	c = *p++;			/* Terminator character */
 	if (c == '\0')
@@ -482,9 +482,29 @@ compile_subst(p, s)
 	do {
 		op = sp = text + size;
 		for (; *p; p++) {
-			if (*p == '\\') {
-				p++;
-				if (strchr("123456789", *p) != NULL) {
+			if (*p == '\\' || sawesc) {
+				/*
+				 * If this is a continuation from the last
+				 * buffer, we won't have a character to
+				 * skip over.
+				 */
+				if (sawesc)
+					sawesc = 0;
+				else
+					p++;
+
+				if (*p == '\0') {
+					/*
+					 * This escaped character is continued
+					 * in the next part of the line.  Note
+					 * this fact, then cause the loop to
+					 * exit w/ normal EOL case and reenter
+					 * above with the new buffer.
+					 */
+					sawesc = 1;
+					p--;
+					continue;
+				} else if (strchr("123456789", *p) != NULL) {
 					*sp++ = '\\';
 					ref = *p - '0';
 					if (s->re != NULL &&
-- 
cgit v1.1