From fc04dce05911dc5a6ababdcbc1ce0eeb726705a1 Mon Sep 17 00:00:00 2001
From: "Pedro F. Giffuni" <pfg@FreeBSD.org>
Date: Tue, 27 Jan 2015 18:58:24 +0000
Subject: [PATCH] Fix resource leak and dereference after NULL.

process.c:
Protect access against NULL.

main.c:
Prevent outfile overwrite resource leak.

CID:	271181
CID:	1006930

Obtained from:	NetBSD
MFC after:	3 days
---
 usr.bin/sed/main.c    | 2 ++
 usr.bin/sed/process.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c
index 029a79fdeec..dafb0bd845e 100644
--- a/usr.bin/sed/main.c
+++ b/usr.bin/sed/main.c
@@ -411,6 +411,8 @@ mf_fgets(SPACE *sp, enum e_spflag spflag)
 			unlink(tmpfname);
 			if ((outfile = fopen(tmpfname, "w")) == NULL)
 				err(1, "%s", fname);
+			if (outfile != NULL && outfile != stdout)
+				fclose(outfile);
 			fchown(fileno(outfile), sb.st_uid, sb.st_gid);
 			fchmod(fileno(outfile), sb.st_mode & ALLPERMS);
 			outfname = tmpfname;
diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c
index cdfba811ce1..daabfd8bc7f 100644
--- a/usr.bin/sed/process.c
+++ b/usr.bin/sed/process.c
@@ -324,7 +324,7 @@ applies(struct s_command *cp)
                                 } else
                                         r = 1;
                         }
-		} else if (MATCH(cp->a1)) {
+		} else if (cp->a1 && MATCH(cp->a1)) {
 			/*
 			 * If the second address is a number less than or
 			 * equal to the line number first selected, only