On Thu, 2001-09-27 at 05:35, Andrew Brown wrote:
> 
> Module Name:	basesrc
> Committed By:	atatat
> Date:		Thu Sep 27 05:35:44 UTC 2001
> 
> Modified Files:
> 	basesrc/usr.bin/sed: process.c
> 
> Log Message:
> Don't attempt to memmove() if psl (pattern space length) is zero.
> Fixes PR bin/14074: Simple expression core dumps sed.

This is the wrong answer, and I'm not even convinced it really fixes the
bug.  If psl==0, the memchr() above this code snippet will get a -1
length.  And being a size_t, it should be unsigned and cause a buffer
overrun.