From owner-svn-src-head@FreeBSD.ORG  Wed Jan 28 08:41:57 2015
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 76885758;
 Wed, 28 Jan 2015 08:41:57 +0000 (UTC)
Received: from mail104.syd.optusnet.com.au (mail104.syd.optusnet.com.au
 [211.29.132.246])
 by mx1.freebsd.org (Postfix) with ESMTP id 3A850F80;
 Wed, 28 Jan 2015 08:41:56 +0000 (UTC)
Received: from c122-106-147-133.carlnfd1.nsw.optusnet.com.au
 (c122-106-147-133.carlnfd1.nsw.optusnet.com.au [122.106.147.133])
 by mail104.syd.optusnet.com.au (Postfix) with ESMTPS id AA6A1426B1B;
 Wed, 28 Jan 2015 19:41:48 +1100 (AEDT)
Date: Wed, 28 Jan 2015 19:41:47 +1100 (EST)
From: Bruce Evans <brde@optusnet.com.au>
X-X-Sender: bde@besplex.bde.org
To: "Pedro F. Giffuni" <pfg@freebsd.org>
Subject: Re: svn commit: r277802 - head/usr.bin/sed
In-Reply-To: <201501271858.t0RIwO3n096590@svn.freebsd.org>
Message-ID: <20150128190500.T1832@besplex.bde.org>
References: <201501271858.t0RIwO3n096590@svn.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Optus-CM-Score: 0
X-Optus-CM-Analysis: v=2.1 cv=R8o6R7hX c=1 sm=1 tr=0
 a=7NqvjVvQucbO2RlWB8PEog==:117 a=PO7r1zJSAAAA:8 a=kj9zAlcOel0A:10
 a=JzwRw_2MAAAA:8 a=rnIuNxJbw6BcAcpqypMA:9 a=CjuIK1q_8ugA:10
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
 src-committers@freebsd.org
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jan 2015 08:41:57 -0000

On Tue, 27 Jan 2015, Pedro F. Giffuni wrote:

> Log:
>  Fix resource leak and dereference after NULL.
>
>  process.c:
>  Protect access against NULL.
>
>  main.c:
>  Prevent outfile overwrite resource leak.
> ...
> Modified: head/usr.bin/sed/main.c
> ==============================================================================
> --- head/usr.bin/sed/main.c	Tue Jan 27 18:56:46 2015	(r277801)
> +++ head/usr.bin/sed/main.c	Tue Jan 27 18:58:24 2015	(r277802)
> @@ -411,6 +411,8 @@ mf_fgets(SPACE *sp, enum e_spflag spflag
> 			unlink(tmpfname);
> 			if ((outfile = fopen(tmpfname, "w")) == NULL)
> 				err(1, "%s", fname);
> +			if (outfile != NULL && outfile != stdout)
> +				fclose(outfile);
> 			fchown(fileno(outfile), sb.st_uid, sb.st_gid);
> 			fchmod(fileno(outfile), sb.st_mode & ALLPERMS);
> 			outfname = tmpfname;

This is mismerged at best.  It just breaks the new outfile by closing it.
The check in it makes no sense in this contents, since the freshly-opened
outfile cannot be NULL (since the open succeeded) or stdout (fopen()
cannot return a pointer to an already-open stream, so it can only return
stdout if the stdout pointer is garbage, but then it is not really stdout).

Bruce