xzgrep: Make the fix for ZDI-CAN-16587 more robust.

I don't know if this can make a difference in the real world
but it looked kind of suspicious (what happens with sed
implementations that cannot process very long lines?).
At least this commit shouldn't make it worse.

1 files changed, 4 insertions, 1 deletions

diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in
index dd0643d6..78f5bd31 100644
--- a/src/scripts/xzgrep.in
+++ b/src/scripts/xzgrep.in
@@ -223,7 +223,10 @@ for i; do
       case $i in
       (*'
 '* | *'&'* | *'\'* | *'|'*)
-        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/');;
+        # If sed fails, set i to a known safe string to ensure that
+        # failing sed didn't create a half-escaped dangerous string.
+        i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&\|]/\\&/g; $!s/$/\\/') ||
+            i='(unknown filename):';;
       esac
 
       # $i already ends with a colon so don't add it here.