When performing an inverted search in less, make sure to invalidate the match

bounds prior calling regexec(). In this inverted scenario a match is found when
regexec() returns false causing the bounds to not be updated. This is
problematic since the bounds will then refer to a previous match and future
pointer arithmetic will eventually be off which is manifested in a SIGSEGV.

Issue reported by Larry Hynes on tech@
ok martijn@ tb@

2 files changed, 5 insertions, 2 deletions

diff --git a/usr.bin/less/pattern.c b/usr.bin/less/pattern.c
index 36f61c73663..6e98ff28b0e 100644
--- a/usr.bin/less/pattern.c
+++ b/usr.bin/less/pattern.c
@@ -122,6 +122,8 @@ match_pattern(void *pattern, char *tpattern, char *line, int line_len,
 		rm.rm_so = 0;
 		rm.rm_eo = line_len;
 #endif
+		*sp = NULL;
+		*ep = NULL;
 		matched = !regexec(spattern, line, 1, &rm, flags);
 		if (matched) {
 			*sp = line + rm.rm_so;
diff --git a/usr.bin/less/search.c b/usr.bin/less/search.c
index 54013e9ff26..48e5314cbf5 100644
--- a/usr.bin/less/search.c
+++ b/usr.bin/less/search.c
@@ -477,8 +477,6 @@ hilite_line(off_t linepos, char *line, int line_len, int *chpos,
 	char *searchp;
 	char *line_end = line + line_len;
 
-	if (sp == NULL || ep == NULL)
-		return;
 	/*
 	 * sp and ep delimit the first match in the line.
 	 * Mark the corresponding file positions, then
@@ -491,6 +489,9 @@ hilite_line(off_t linepos, char *line, int line_len, int *chpos,
 	 */
 	searchp = line;
 	do {
+		if (sp == NULL || ep == NULL)
+			return;
+
 		create_hilites(linepos, (intptr_t)sp - (intptr_t)line,
 		    (intptr_t)ep - (intptr_t)line, chpos);
 		/*