sed segfaults on L command with long address lengths

Bug #1400575 reported by Jodie Cunningham on 2014-12-09
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sed (Ubuntu)
Medium
Unassigned

Bug Description

To reproduce, run:
sed 'L222222' <<<d

These do not segfault:
sed 'L22222' <<<d
sed 'L2222222222222222222222222' <<<d

I do not have any expected behavior for this as it was just found by the fuzzer AFL.

System is AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

sed:
  Installed: 4.2.2-4ubuntu1
  Candidate: 4.2.2-4ubuntu1
  Version table:
 *** 4.2.2-4ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Jodie Cunningham, thank you for reporting this bug and helping make Ubuntu better. This is reproducible as per https://bugs.launchpad.net/ubuntu/+source/sed/+bug/1400611 . Hence, the issue you are reporting is an upstream one. Could you please report this problem to them by e-mailing <email address hidden> CC <email address hidden> as per the man page?

Thank you for your understanding.

Changed in sed (Ubuntu):
importance: Undecided → Medium
status: New → Triaged

Bug report sent upstream as requested.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers