1 /*	$OpenBSD: ex.c,v 1.16 2009/10/27 23:59:47 deraadt Exp $	*/
2 
3 /*-
4  * Copyright (c) 1992, 1993, 1994
5  *	The Regents of the University of California.  All rights reserved.
6  * Copyright (c) 1992, 1993, 1994, 1995, 1996
7  *	Keith Bostic.  All rights reserved.
8  *
9  * See the LICENSE file for redistribution information.
10  */
11 
12 #include "config.h"
13 
14 #include <sys/types.h>
15 #include <sys/queue.h>
16 #include <sys/stat.h>
17 #include <sys/time.h>
18 
19 #include <bitstring.h>
20 #include <ctype.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <limits.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <unistd.h>
28 
29 #include "../common/common.h"
30 #include "../vi/vi.h"
31 
32 #if defined(DEBUG) && defined(COMLOG)
33 static void	ex_comlog(SCR *, EXCMD *);
34 #endif
35 static EXCMDLIST const *
36 		ex_comm_search(char *, size_t);
37 static int	ex_discard(SCR *);
38 static int	ex_line(SCR *, EXCMD *, MARK *, int *, int *);
39 static int	ex_load(SCR *);
40 static void	ex_unknown(SCR *, char *, size_t);
41 
42 /*
43  * ex --
44  *	Main ex loop.
45  *
46  * PUBLIC: int ex(SCR **);
47  */
48 int
ex(spp)49 ex(spp)
50 	SCR **spp;
51 {
52 	GS *gp;
53 	MSGS *mp;
54 	SCR *sp;
55 	TEXT *tp;
56 	u_int32_t flags;
57 
58 	sp = *spp;
59 	gp = sp->gp;
60 
61 	/* Start the ex screen. */
62 	if (ex_init(sp))
63 		return (1);
64 
65 	/* Flush any saved messages. */
66 	while ((mp = LIST_FIRST(&gp->msgq)) != NULL) {
67 		gp->scr_msg(sp, mp->mtype, mp->buf, mp->len);
68 		LIST_REMOVE(mp, q);
69 		free(mp->buf);
70 		free(mp);
71 	}
72 
73 	/* If reading from a file, errors should have name and line info. */
74 	if (F_ISSET(gp, G_SCRIPTED)) {
75 		gp->excmd.if_lno = 1;
76 		gp->excmd.if_name = "script";
77 	}
78 
79 	/*
80 	 * !!!
81 	 * Initialize the text flags.  The beautify edit option historically
82 	 * applied to ex command input read from a file.  In addition, the
83 	 * first time a ^H was discarded from the input, there was a message,
84 	 * "^H discarded", that was displayed.  We don't bother.
85 	 */
86 	LF_INIT(TXT_BACKSLASH | TXT_CNTRLD | TXT_CR);
87 	for (;; ++gp->excmd.if_lno) {
88 		/* Display status line and flush. */
89 		if (F_ISSET(sp, SC_STATUS)) {
90 			if (!F_ISSET(sp, SC_EX_SILENT))
91 				msgq_status(sp, sp->lno, 0);
92 			F_CLR(sp, SC_STATUS);
93 		}
94 		(void)ex_fflush(sp);
95 
96 		/* Set the flags the user can reset. */
97 		if (O_ISSET(sp, O_BEAUTIFY))
98 			LF_SET(TXT_BEAUTIFY);
99 		if (O_ISSET(sp, O_PROMPT))
100 			LF_SET(TXT_PROMPT);
101 
102 		/* Clear any current interrupts, and get a command. */
103 		CLR_INTERRUPT(sp);
104 		if (ex_txt(sp, &sp->tiq, ':', flags))
105 			return (1);
106 		if (INTERRUPTED(sp)) {
107 			(void)ex_puts(sp, "\n");
108 			(void)ex_fflush(sp);
109 			continue;
110 		}
111 
112 		/* Initialize the command structure. */
113 		CLEAR_EX_PARSER(&gp->excmd);
114 
115 		/*
116 		 * If the user entered a single carriage return, send
117 		 * ex_cmd() a separator -- it discards single newlines.
118 		 */
119 		tp = CIRCLEQ_FIRST(&sp->tiq);
120 		if (tp->len == 0) {
121 			gp->excmd.cp = " ";	/* __TK__ why not |? */
122 			gp->excmd.clen = 1;
123 		} else {
124 			gp->excmd.cp = tp->lb;
125 			gp->excmd.clen = tp->len;
126 		}
127 		F_INIT(&gp->excmd, E_NRSEP);
128 
129 		if (ex_cmd(sp) && F_ISSET(gp, G_SCRIPTED))
130 			return (1);
131 
132 		if (INTERRUPTED(sp)) {
133 			CLR_INTERRUPT(sp);
134 			msgq(sp, M_ERR, "170|Interrupted");
135 		}
136 
137 		/*
138 		 * If the last command caused a restart, or switched screens
139 		 * or into vi, return.
140 		 */
141 		if (F_ISSET(gp, G_SRESTART) || F_ISSET(sp, SC_SSWITCH | SC_VI)) {
142 			*spp = sp;
143 			break;
144 		}
145 
146 		/* If the last command switched files, we don't care. */
147 		F_CLR(sp, SC_FSWITCH);
148 
149 		/*
150 		 * If we're exiting this screen, move to the next one.  By
151 		 * definition, this means returning into vi, so return to the
152 		 * main editor loop.  The ordering is careful, don't discard
153 		 * the contents of sp until the end.
154 		 */
155 		if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE)) {
156 			if (file_end(sp, NULL, F_ISSET(sp, SC_EXIT_FORCE)))
157 				return (1);
158 			*spp = screen_next(sp);
159 			return (screen_end(sp));
160 		}
161 	}
162 	return (0);
163 }
164 
165 /*
166  * ex_cmd --
167  *	The guts of the ex parser: parse and execute a string containing
168  *	ex commands.
169  *
170  * !!!
171  * This code MODIFIES the string that gets passed in, to delete quoting
172  * characters, etc.  The string cannot be readonly/text space, nor should
173  * you expect to use it again after ex_cmd() returns.
174  *
175  * !!!
176  * For the fun of it, if you want to see if a vi clone got the ex argument
177  * parsing right, try:
178  *
179  *	echo 'foo|bar' > file1; echo 'foo/bar' > file2;
180  *	vi
181  *	:edit +1|s/|/PIPE/|w file1| e file2|1 | s/\//SLASH/|wq
182  *
183  * or:	vi
184  *	:set|file|append|set|file
185  *
186  * For extra credit, try them in a startup .exrc file.
187  *
188  * PUBLIC: int ex_cmd(SCR *);
189  */
190 int
ex_cmd(sp)191 ex_cmd(sp)
192 	SCR *sp;
193 {
194 	enum nresult nret;
195 	EX_PRIVATE *exp;
196 	EXCMD *ecp;
197 	GS *gp;
198 	MARK cur;
199 	recno_t lno;
200 	size_t arg1_len, discard, len;
201 	u_int32_t flags;
202 	long ltmp;
203 	int at_found, gv_found;
204 	int ch, cnt, delim, isaddr, namelen;
205 	int newscreen, notempty, tmp, vi_address;
206 	char *arg1, *p, *s, *t;
207 
208 	gp = sp->gp;
209 	exp = EXP(sp);
210 
211 	/*
212 	 * We always start running the command on the top of the stack.
213 	 * This means that *everything* must be resolved when we leave
214 	 * this function for any reason.
215 	 */
216 loop:	ecp = LIST_FIRST(&gp->ecq);
217 
218 	/* If we're reading a command from a file, set up error information. */
219 	if (ecp->if_name != NULL) {
220 		gp->if_lno = ecp->if_lno;
221 		gp->if_name = ecp->if_name;
222 	}
223 
224 	/*
225 	 * If a move to the end of the file is scheduled for this command,
226 	 * do it now.
227 	 */
228 	if (F_ISSET(ecp, E_MOVETOEND)) {
229 		if (db_last(sp, &sp->lno))
230 			goto rfail;
231 		sp->cno = 0;
232 		F_CLR(ecp, E_MOVETOEND);
233 	}
234 
235 	/* If we found a newline, increment the count now. */
236 	if (F_ISSET(ecp, E_NEWLINE)) {
237 		++gp->if_lno;
238 		++ecp->if_lno;
239 		F_CLR(ecp, E_NEWLINE);
240 	}
241 
242 	/* (Re)initialize the EXCMD structure, preserving some flags. */
243 	CLEAR_EX_CMD(ecp);
244 
245 	/* Initialize the argument structures. */
246 	if (argv_init(sp, ecp))
247 		goto err;
248 
249 	/* Initialize +cmd, saved command information. */
250 	arg1 = NULL;
251 	ecp->save_cmdlen = 0;
252 
253 	/* Skip <blank>s, empty lines.  */
254 	for (notempty = 0; ecp->clen > 0; ++ecp->cp, --ecp->clen)
255 		if ((ch = *ecp->cp) == '\n') {
256 			++gp->if_lno;
257 			++ecp->if_lno;
258 		} else if (isblank(ch))
259 			notempty = 1;
260 		else
261 			break;
262 
263 	/*
264 	 * !!!
265 	 * Permit extra colons at the start of the line.  Historically,
266 	 * ex/vi allowed a single extra one.  It's simpler not to count.
267 	 * The stripping is done here because, historically, any command
268 	 * could have preceding colons, e.g. ":g/pattern/:p" worked.
269 	 */
270 	if (ecp->clen != 0 && ch == ':') {
271 		notempty = 1;
272 		while (--ecp->clen > 0 && (ch = *++ecp->cp) == ':');
273 	}
274 
275 	/*
276 	 * Command lines that start with a double-quote are comments.
277 	 *
278 	 * !!!
279 	 * Historically, there was no escape or delimiter for a comment, e.g.
280 	 * :"foo|set was a single comment and nothing was output.  Since nvi
281 	 * permits users to escape <newline> characters into command lines, we
282 	 * have to check for that case.
283 	 */
284 	if (ecp->clen != 0 && ch == '"') {
285 		while (--ecp->clen > 0 && *++ecp->cp != '\n');
286 		if (*ecp->cp == '\n') {
287 			F_SET(ecp, E_NEWLINE);
288 			++ecp->cp;
289 			--ecp->clen;
290 		}
291 		goto loop;
292 	}
293 
294 	/* Skip whitespace. */
295 	for (; ecp->clen > 0; ++ecp->cp, --ecp->clen) {
296 		ch = *ecp->cp;
297 		if (!isblank(ch))
298 			break;
299 	}
300 
301 	/*
302 	 * The last point at which an empty line can mean do nothing.
303 	 *
304 	 * !!!
305 	 * Historically, in ex mode, lines containing only <blank> characters
306 	 * were the same as a single <carriage-return>, i.e. a default command.
307 	 * In vi mode, they were ignored.  In .exrc files this was a serious
308 	 * annoyance, as vi kept trying to treat them as print commands.  We
309 	 * ignore backward compatibility in this case, discarding lines that
310 	 * contain only <blank> characters from .exrc files.
311 	 *
312 	 * !!!
313 	 * This is where you end up when you're done a command, i.e. clen has
314 	 * gone to zero.  Continue if there are more commands to run.
315 	 */
316 	if (ecp->clen == 0 &&
317 	    (!notempty || F_ISSET(sp, SC_VI) || F_ISSET(ecp, E_BLIGNORE))) {
318 		if (ex_load(sp))
319 			goto rfail;
320 		ecp = LIST_FIRST(&gp->ecq);
321 		if (ecp->clen == 0)
322 			goto rsuccess;
323 		goto loop;
324 	}
325 
326 	/*
327 	 * Check to see if this is a command for which we may want to move
328 	 * the cursor back up to the previous line.  (The command :1<CR>
329 	 * wants a <newline> separator, but the command :<CR> wants to erase
330 	 * the command line.)  If the line is empty except for <blank>s,
331 	 * <carriage-return> or <eof>, we'll probably want to move up.  I
332 	 * don't think there's any way to get <blank> characters *after* the
333 	 * command character, but this is the ex parser, and I've been wrong
334 	 * before.
335 	 */
336 	if (F_ISSET(ecp, E_NRSEP) &&
337 	    ecp->clen != 0 && (ecp->clen != 1 || ecp->cp[0] != '\004'))
338 		F_CLR(ecp, E_NRSEP);
339 
340 	/* Parse command addresses. */
341 	if (ex_range(sp, ecp, &tmp))
342 		goto rfail;
343 	if (tmp)
344 		goto err;
345 
346 	/*
347 	 * Skip <blank>s and any more colons (the command :3,5:print
348 	 * worked, historically).
349 	 */
350 	for (; ecp->clen > 0; ++ecp->cp, --ecp->clen) {
351 		ch = *ecp->cp;
352 		if (!isblank(ch) && ch != ':')
353 			break;
354 	}
355 
356 	/*
357 	 * If no command, ex does the last specified of p, l, or #, and vi
358 	 * moves to the line.  Otherwise, determine the length of the command
359 	 * name by looking for the first non-alphabetic character.  (There
360 	 * are a few non-alphabetic characters in command names, but they're
361 	 * all single character commands.)  This isn't a great test, because
362 	 * it means that, for the command ":e +cut.c file", we'll report that
363 	 * the command "cut" wasn't known.  However, it makes ":e+35 file" work
364 	 * correctly.
365 	 *
366 	 * !!!
367 	 * Historically, lines with multiple adjacent (or <blank> separated)
368 	 * command separators were very strange.  For example, the command
369 	 * |||<carriage-return>, when the cursor was on line 1, displayed
370 	 * lines 2, 3 and 5 of the file.  In addition, the command "   |  "
371 	 * would only display the line after the next line, instead of the
372 	 * next two lines.  No ideas why.  It worked reasonably when executed
373 	 * from vi mode, and displayed lines 2, 3, and 4, so we do a default
374 	 * command for each separator.
375 	 */
376 #define	SINGLE_CHAR_COMMANDS	"\004!#&*<=>@~"
377 	newscreen = 0;
378 	if (ecp->clen != 0 && ecp->cp[0] != '|' && ecp->cp[0] != '\n') {
379 		if (strchr(SINGLE_CHAR_COMMANDS, *ecp->cp)) {
380 			p = ecp->cp;
381 			++ecp->cp;
382 			--ecp->clen;
383 			namelen = 1;
384 		} else {
385 			for (p = ecp->cp;
386 			    ecp->clen > 0; --ecp->clen, ++ecp->cp)
387 				if (!isalpha(*ecp->cp))
388 					break;
389 			if ((namelen = ecp->cp - p) == 0) {
390 				msgq(sp, M_ERR, "080|Unknown command name");
391 				goto err;
392 			}
393 		}
394 
395 		/*
396 		 * !!!
397 		 * Historic vi permitted flags to immediately follow any
398 		 * subset of the 'delete' command, but then did not permit
399 		 * further arguments (flag, buffer, count).  Make it work.
400 		 * Permit further arguments for the few shreds of dignity
401 		 * it offers.
402 		 *
403 		 * Adding commands that start with 'd', and match "delete"
404 		 * up to a l, p, +, - or # character can break this code.
405 		 *
406 		 * !!!
407 		 * Capital letters beginning the command names ex, edit,
408 		 * next, previous, tag and visual (in vi mode) indicate the
409 		 * command should happen in a new screen.
410 		 */
411 		switch (p[0]) {
412 		case 'd':
413 			for (s = p,
414 			    t = cmds[C_DELETE].name; *s == *t; ++s, ++t);
415 			if (s[0] == 'l' || s[0] == 'p' || s[0] == '+' ||
416 			    s[0] == '-' || s[0] == '^' || s[0] == '#') {
417 				len = (ecp->cp - p) - (s - p);
418 				ecp->cp -= len;
419 				ecp->clen += len;
420 				ecp->rcmd = cmds[C_DELETE];
421 				ecp->rcmd.syntax = "1bca1";
422 				ecp->cmd = &ecp->rcmd;
423 				goto skip_srch;
424 			}
425 			break;
426 		case 'E': case 'F': case 'N': case 'P': case 'T': case 'V':
427 			newscreen = 1;
428 			p[0] = tolower(p[0]);
429 			break;
430 		}
431 
432 		/*
433 		 * Search the table for the command.
434 		 *
435 		 * !!!
436 		 * Historic vi permitted the mark to immediately follow the
437 		 * 'k' in the 'k' command.  Make it work.
438 		 *
439 		 * !!!
440 		 * Historic vi permitted any flag to follow the s command, e.g.
441 		 * "s/e/E/|s|sgc3p" was legal.  Make the command "sgc" work.
442 		 * Since the following characters all have to be flags, i.e.
443 		 * alphabetics, we can let the s command routine return errors
444 		 * if it was some illegal command string.  This code will break
445 		 * if an "sg" or similar command is ever added.  The substitute
446 		 * code doesn't care if it's a "cgr" flag or a "#lp" flag that
447 		 * follows the 's', but we limit the choices here to "cgr" so
448 		 * that we get unknown command messages for wrong combinations.
449 		 */
450 		if ((ecp->cmd = ex_comm_search(p, namelen)) == NULL)
451 			switch (p[0]) {
452 			case 'k':
453 				if (namelen == 2) {
454 					ecp->cp -= namelen - 1;
455 					ecp->clen += namelen - 1;
456 					ecp->cmd = &cmds[C_K];
457 					break;
458 				}
459 				goto unknown;
460 			case 's':
461 				for (s = p + 1, cnt = namelen; --cnt; ++s)
462 					if (s[0] != 'c' &&
463 					    s[0] != 'g' && s[0] != 'r')
464 						break;
465 				if (cnt == 0) {
466 					ecp->cp -= namelen - 1;
467 					ecp->clen += namelen - 1;
468 					ecp->rcmd = cmds[C_SUBSTITUTE];
469 					ecp->rcmd.fn = ex_subagain;
470 					ecp->cmd = &ecp->rcmd;
471 					break;
472 				}
473 				/* FALLTHROUGH */
474 			default:
475 unknown:			if (newscreen)
476 					p[0] = toupper(p[0]);
477 				ex_unknown(sp, p, namelen);
478 				goto err;
479 			}
480 
481 		/*
482 		 * The visual command has a different syntax when called
483 		 * from ex than when called from a vi colon command.  FMH.
484 		 * Make the change now, before we test for the newscreen
485 		 * semantic, so that we're testing the right one.
486 		 */
487 skip_srch:	if (ecp->cmd == &cmds[C_VISUAL_EX] && F_ISSET(sp, SC_VI))
488 			ecp->cmd = &cmds[C_VISUAL_VI];
489 
490 		/*
491 		 * !!!
492 		 * Historic vi permitted a capital 'P' at the beginning of
493 		 * any command that started with 'p'.  Probably wanted the
494 		 * P[rint] command for backward compatibility, and the code
495 		 * just made Preserve and Put work by accident.  Nvi uses
496 		 * Previous to mean previous-in-a-new-screen, so be careful.
497 		 */
498 		if (newscreen && !F_ISSET(ecp->cmd, E_NEWSCREEN) &&
499 		    (ecp->cmd == &cmds[C_PRINT] ||
500 		    ecp->cmd == &cmds[C_PRESERVE]))
501 			newscreen = 0;
502 
503 		/* Test for a newscreen associated with this command. */
504 		if (newscreen && !F_ISSET(ecp->cmd, E_NEWSCREEN))
505 			goto unknown;
506 
507 		/* Secure means no shell access. */
508 		if (F_ISSET(ecp->cmd, E_SECURE) && O_ISSET(sp, O_SECURE)) {
509 			ex_emsg(sp, ecp->cmd->name, EXM_SECURE);
510 			goto err;
511 		}
512 
513 		/*
514 		 * Multiple < and > characters; another "feature".  Note,
515 		 * The string passed to the underlying function may not be
516 		 * nul terminated in this case.
517 		 */
518 		if ((ecp->cmd == &cmds[C_SHIFTL] && *p == '<') ||
519 		    (ecp->cmd == &cmds[C_SHIFTR] && *p == '>')) {
520 			for (ch = *p;
521 			    ecp->clen > 0; --ecp->clen, ++ecp->cp)
522 				if (*ecp->cp != ch)
523 					break;
524 			if (argv_exp0(sp, ecp, p, ecp->cp - p))
525 				goto err;
526 		}
527 
528 		/* Set the format style flags for the next command. */
529 		if (ecp->cmd == &cmds[C_HASH])
530 			exp->fdef = E_C_HASH;
531 		else if (ecp->cmd == &cmds[C_LIST])
532 			exp->fdef = E_C_LIST;
533 		else if (ecp->cmd == &cmds[C_PRINT])
534 			exp->fdef = E_C_PRINT;
535 		F_CLR(ecp, E_USELASTCMD);
536 	} else {
537 		/* Print is the default command. */
538 		ecp->cmd = &cmds[C_PRINT];
539 
540 		/* Set the saved format flags. */
541 		F_SET(ecp, exp->fdef);
542 
543 		/*
544 		 * !!!
545 		 * If no address was specified, and it's not a global command,
546 		 * we up the address by one.  (I have no idea why globals are
547 		 * exempted, but it's (ahem) historic practice.)
548 		 */
549 		if (ecp->addrcnt == 0 && !F_ISSET(sp, SC_EX_GLOBAL)) {
550 			ecp->addrcnt = 1;
551 			ecp->addr1.lno = sp->lno + 1;
552 			ecp->addr1.cno = sp->cno;
553 		}
554 
555 		F_SET(ecp, E_USELASTCMD);
556 	}
557 
558 	/*
559 	 * !!!
560 	 * Historically, the number option applied to both ex and vi.  One
561 	 * strangeness was that ex didn't switch display formats until a
562 	 * command was entered, e.g. <CR>'s after the set didn't change to
563 	 * the new format, but :1p would.
564 	 */
565 	if (O_ISSET(sp, O_NUMBER)) {
566 		F_SET(ecp, E_OPTNUM);
567 		FL_SET(ecp->iflags, E_C_HASH);
568 	} else
569 		F_CLR(ecp, E_OPTNUM);
570 
571 	/* Check for ex mode legality. */
572 	if (F_ISSET(sp, SC_EX) && (F_ISSET(ecp->cmd, E_VIONLY) || newscreen)) {
573 		msgq(sp, M_ERR,
574 		    "082|%s: command not available in ex mode", ecp->cmd->name);
575 		goto err;
576 	}
577 
578 	/* Add standard command flags. */
579 	F_SET(ecp, ecp->cmd->flags);
580 	if (!newscreen)
581 		F_CLR(ecp, E_NEWSCREEN);
582 
583 	/*
584 	 * There are three normal termination cases for an ex command.  They
585 	 * are the end of the string (ecp->clen), or unescaped (by <literal
586 	 * next> characters) <newline> or '|' characters.  As we're now past
587 	 * possible addresses, we can determine how long the command is, so we
588 	 * don't have to look for all the possible terminations.  Naturally,
589 	 * there are some exciting special cases:
590 	 *
591 	 * 1: The bang, global, v and the filter versions of the read and
592 	 *    write commands are delimited by <newline>s (they can contain
593 	 *    shell pipes).
594 	 * 2: The ex, edit, next and visual in vi mode commands all take ex
595 	 *    commands as their first arguments.
596 	 * 3: The s command takes an RE as its first argument, and wants it
597 	 *    to be specially delimited.
598 	 *
599 	 * Historically, '|' characters in the first argument of the ex, edit,
600 	 * next, vi visual, and s commands didn't delimit the command.  And,
601 	 * in the filter cases for read and write, and the bang, global and v
602 	 * commands, they did not delimit the command at all.
603 	 *
604 	 * For example, the following commands were legal:
605 	 *
606 	 *	:edit +25|s/abc/ABC/ file.c
607 	 *	:s/|/PIPE/
608 	 *	:read !spell % | columnate
609 	 *	:global/pattern/p|l
610 	 *
611 	 * It's not quite as simple as it sounds, however.  The command:
612 	 *
613 	 *	:s/a/b/|s/c/d|set
614 	 *
615 	 * was also legal, i.e. the historic ex parser (using the word loosely,
616 	 * since "parser" implies some regularity of syntax) delimited the RE's
617 	 * based on its delimiter and not anything so irretrievably vulgar as a
618 	 * command syntax.
619 	 *
620 	 * Anyhow, the following code makes this all work.  First, for the
621 	 * special cases we move past their special argument(s).  Then, we
622 	 * do normal command processing on whatever is left.  Barf-O-Rama.
623 	 */
624 	discard = 0;		/* Characters discarded from the command. */
625 	arg1_len = 0;
626 	ecp->save_cmd = ecp->cp;
627 	if (ecp->cmd == &cmds[C_EDIT] || ecp->cmd == &cmds[C_EX] ||
628 	    ecp->cmd == &cmds[C_NEXT] || ecp->cmd == &cmds[C_VISUAL_VI]) {
629 		/*
630 		 * Move to the next non-whitespace character.  A '!'
631 		 * immediately following the command is eaten as a
632 		 * force flag.
633 		 */
634 		if (ecp->clen > 0 && *ecp->cp == '!') {
635 			++ecp->cp;
636 			--ecp->clen;
637 			FL_SET(ecp->iflags, E_C_FORCE);
638 
639 			/* Reset, don't reparse. */
640 			ecp->save_cmd = ecp->cp;
641 		}
642 		for (; ecp->clen > 0; --ecp->clen, ++ecp->cp)
643 			if (!isblank(*ecp->cp))
644 				break;
645 		/*
646 		 * QUOTING NOTE:
647 		 *
648 		 * The historic implementation ignored all escape characters
649 		 * so there was no way to put a space or newline into the +cmd
650 		 * field.  We do a simplistic job of fixing it by moving to the
651 		 * first whitespace character that isn't escaped.  The escaping
652 		 * characters are stripped as no longer useful.
653 		 */
654 		if (ecp->clen > 0 && *ecp->cp == '+') {
655 			++ecp->cp;
656 			--ecp->clen;
657 			for (arg1 = p = ecp->cp;
658 			    ecp->clen > 0; --ecp->clen, ++ecp->cp) {
659 				ch = *ecp->cp;
660 				if (IS_ESCAPE(sp, ecp, ch) &&
661 				    ecp->clen > 1) {
662 					++discard;
663 					--ecp->clen;
664 					ch = *++ecp->cp;
665 				} else if (isblank(ch))
666 					break;
667 				*p++ = ch;
668 			}
669 			arg1_len = ecp->cp - arg1;
670 
671 			/* Reset, so the first argument isn't reparsed. */
672 			ecp->save_cmd = ecp->cp;
673 		}
674 	} else if (ecp->cmd == &cmds[C_BANG] ||
675 	    ecp->cmd == &cmds[C_GLOBAL] || ecp->cmd == &cmds[C_V]) {
676 		/*
677 		 * QUOTING NOTE:
678 		 *
679 		 * We use backslashes to escape <newline> characters, although
680 		 * this wasn't historic practice for the bang command.  It was
681 		 * for the global and v commands, and it's common usage when
682 		 * doing text insert during the command.  Escaping characters
683 		 * are stripped as no longer useful.
684 		 */
685 		for (p = ecp->cp; ecp->clen > 0; --ecp->clen, ++ecp->cp) {
686 			ch = *ecp->cp;
687 			if (ch == '\\' && ecp->clen > 1 && ecp->cp[1] == '\n') {
688 				++discard;
689 				--ecp->clen;
690 				ch = *++ecp->cp;
691 
692 				++gp->if_lno;
693 				++ecp->if_lno;
694 			} else if (ch == '\n')
695 				break;
696 			*p++ = ch;
697 		}
698 	} else if (ecp->cmd == &cmds[C_READ] || ecp->cmd == &cmds[C_WRITE]) {
699 		/*
700 		 * For write commands, if the next character is a <blank>, and
701 		 * the next non-blank character is a '!', it's a filter command
702 		 * and we want to eat everything up to the <newline>.  For read
703 		 * commands, if the next non-blank character is a '!', it's a
704 		 * filter command and we want to eat everything up to the next
705 		 * <newline>.  Otherwise, we're done.
706 		 */
707 		for (tmp = 0; ecp->clen > 0; --ecp->clen, ++ecp->cp) {
708 			ch = *ecp->cp;
709 			if (isblank(ch))
710 				tmp = 1;
711 			else
712 				break;
713 		}
714 		if (ecp->clen > 0 && ch == '!' &&
715 		    (ecp->cmd == &cmds[C_READ] || tmp))
716 			for (; ecp->clen > 0; --ecp->clen, ++ecp->cp)
717 				if (ecp->cp[0] == '\n')
718 					break;
719 	} else if (ecp->cmd == &cmds[C_SUBSTITUTE]) {
720 		/*
721 		 * Move to the next non-whitespace character, we'll use it as
722 		 * the delimiter.  If the character isn't an alphanumeric or
723 		 * a '|', it's the delimiter, so parse it.  Otherwise, we're
724 		 * into something like ":s g", so use the special s command.
725 		 */
726 		for (; ecp->clen > 0; --ecp->clen, ++ecp->cp)
727 			if (!isblank(ecp->cp[0]))
728 				break;
729 
730 		if (isalnum(ecp->cp[0]) || ecp->cp[0] == '|') {
731 			ecp->rcmd = cmds[C_SUBSTITUTE];
732 			ecp->rcmd.fn = ex_subagain;
733 			ecp->cmd = &ecp->rcmd;
734 		} else if (ecp->clen > 0) {
735 			/*
736 			 * QUOTING NOTE:
737 			 *
738 			 * Backslashes quote delimiter characters for RE's.
739 			 * The backslashes are NOT removed since they'll be
740 			 * used by the RE code.  Move to the third delimiter
741 			 * that's not escaped (or the end of the command).
742 			 */
743 			delim = *ecp->cp;
744 			++ecp->cp;
745 			--ecp->clen;
746 			for (cnt = 2; ecp->clen > 0 &&
747 			    cnt != 0; --ecp->clen, ++ecp->cp)
748 				if (ecp->cp[0] == '\\' &&
749 				    ecp->clen > 1) {
750 					++ecp->cp;
751 					--ecp->clen;
752 				} else if (ecp->cp[0] == delim)
753 					--cnt;
754 		}
755 	}
756 
757 	/*
758 	 * Use normal quoting and termination rules to find the end of this
759 	 * command.
760 	 *
761 	 * QUOTING NOTE:
762 	 *
763 	 * Historically, vi permitted ^V's to escape <newline>'s in the .exrc
764 	 * file.  It was almost certainly a bug, but that's what bug-for-bug
765 	 * compatibility means, Grasshopper.  Also, ^V's escape the command
766 	 * delimiters.  Literal next quote characters in front of the newlines,
767 	 * '|' characters or literal next characters are stripped as they're
768 	 * no longer useful.
769 	 */
770 	vi_address = ecp->clen != 0 && ecp->cp[0] != '\n';
771 	for (p = ecp->cp; ecp->clen > 0; --ecp->clen, ++ecp->cp) {
772 		ch = ecp->cp[0];
773 		if (IS_ESCAPE(sp, ecp, ch) && ecp->clen > 1) {
774 			tmp = ecp->cp[1];
775 			if (tmp == '\n' || tmp == '|') {
776 				if (tmp == '\n') {
777 					++gp->if_lno;
778 					++ecp->if_lno;
779 				}
780 				++discard;
781 				--ecp->clen;
782 				++ecp->cp;
783 				ch = tmp;
784 			}
785 		} else if (ch == '\n' || ch == '|') {
786 			if (ch == '\n')
787 				F_SET(ecp, E_NEWLINE);
788 			--ecp->clen;
789 			break;
790 		}
791 		*p++ = ch;
792 	}
793 
794 	/*
795 	 * Save off the next command information, go back to the
796 	 * original start of the command.
797 	 */
798 	p = ecp->cp + 1;
799 	ecp->cp = ecp->save_cmd;
800 	ecp->save_cmd = p;
801 	ecp->save_cmdlen = ecp->clen;
802 	ecp->clen = ((ecp->save_cmd - ecp->cp) - 1) - discard;
803 
804 	/*
805 	 * QUOTING NOTE:
806 	 *
807 	 * The "set tags" command historically used a backslash, not the
808 	 * user's literal next character, to escape whitespace.  Handle
809 	 * it here instead of complicating the argv_exp3() code.  Note,
810 	 * this isn't a particularly complex trap, and if backslashes were
811 	 * legal in set commands, this would have to be much more complicated.
812 	 */
813 	if (ecp->cmd == &cmds[C_SET])
814 		for (p = ecp->cp, len = ecp->clen; len > 0; --len, ++p)
815 			if (*p == '\\')
816 				*p = CH_LITERAL;
817 
818 	/*
819 	 * Set the default addresses.  It's an error to specify an address for
820 	 * a command that doesn't take them.  If two addresses are specified
821 	 * for a command that only takes one, lose the first one.  Two special
822 	 * cases here, some commands take 0 or 2 addresses.  For most of them
823 	 * (the E_ADDR2_ALL flag), 0 defaults to the entire file.  For one
824 	 * (the `!' command, the E_ADDR2_NONE flag), 0 defaults to no lines.
825 	 *
826 	 * Also, if the file is empty, some commands want to use an address of
827 	 * 0, i.e. the entire file is 0 to 0, and the default first address is
828 	 * 0.  Otherwise, an entire file is 1 to N and the default line is 1.
829 	 * Note, we also add the E_ADDR_ZERO flag to the command flags, for the
830 	 * case where the 0 address is only valid if it's a default address.
831 	 *
832 	 * Also, set a flag if we set the default addresses.  Some commands
833 	 * (ex: z) care if the user specified an address or if we just used
834 	 * the current cursor.
835 	 */
836 	switch (F_ISSET(ecp, E_ADDR1 | E_ADDR2 | E_ADDR2_ALL | E_ADDR2_NONE)) {
837 	case E_ADDR1:				/* One address: */
838 		switch (ecp->addrcnt) {
839 		case 0:				/* Default cursor/empty file. */
840 			ecp->addrcnt = 1;
841 			F_SET(ecp, E_ADDR_DEF);
842 			if (F_ISSET(ecp, E_ADDR_ZERODEF)) {
843 				if (db_last(sp, &lno))
844 					goto err;
845 				if (lno == 0) {
846 					ecp->addr1.lno = 0;
847 					F_SET(ecp, E_ADDR_ZERO);
848 				} else
849 					ecp->addr1.lno = sp->lno;
850 			} else
851 				ecp->addr1.lno = sp->lno;
852 			ecp->addr1.cno = sp->cno;
853 			break;
854 		case 1:
855 			break;
856 		case 2:				/* Lose the first address. */
857 			ecp->addrcnt = 1;
858 			ecp->addr1 = ecp->addr2;
859 		}
860 		break;
861 	case E_ADDR2_NONE:			/* Zero/two addresses: */
862 		if (ecp->addrcnt == 0)		/* Default to nothing. */
863 			break;
864 		goto two_addr;
865 	case E_ADDR2_ALL:			/* Zero/two addresses: */
866 		if (ecp->addrcnt == 0) {	/* Default entire/empty file. */
867 			F_SET(ecp, E_ADDR_DEF);
868 			ecp->addrcnt = 2;
869 			if (sp->ep == NULL)
870 				ecp->addr2.lno = 0;
871 			else if (db_last(sp, &ecp->addr2.lno))
872 				goto err;
873 			if (F_ISSET(ecp, E_ADDR_ZERODEF) &&
874 			    ecp->addr2.lno == 0) {
875 				ecp->addr1.lno = 0;
876 				F_SET(ecp, E_ADDR_ZERO);
877 			} else
878 				ecp->addr1.lno = 1;
879 			ecp->addr1.cno = ecp->addr2.cno = 0;
880 			F_SET(ecp, E_ADDR2_ALL);
881 			break;
882 		}
883 		/* FALLTHROUGH */
884 	case E_ADDR2:				/* Two addresses: */
885 two_addr:	switch (ecp->addrcnt) {
886 		case 0:				/* Default cursor/empty file. */
887 			ecp->addrcnt = 2;
888 			F_SET(ecp, E_ADDR_DEF);
889 			if (sp->lno == 1 &&
890 			    F_ISSET(ecp, E_ADDR_ZERODEF)) {
891 				if (db_last(sp, &lno))
892 					goto err;
893 				if (lno == 0) {
894 					ecp->addr1.lno = ecp->addr2.lno = 0;
895 					F_SET(ecp, E_ADDR_ZERO);
896 				} else
897 					ecp->addr1.lno =
898 					    ecp->addr2.lno = sp->lno;
899 			} else
900 				ecp->addr1.lno = ecp->addr2.lno = sp->lno;
901 			ecp->addr1.cno = ecp->addr2.cno = sp->cno;
902 			break;
903 		case 1:				/* Default to first address. */
904 			ecp->addrcnt = 2;
905 			ecp->addr2 = ecp->addr1;
906 			break;
907 		case 2:
908 			break;
909 		}
910 		break;
911 	default:
912 		if (ecp->addrcnt)		/* Error. */
913 			goto usage;
914 	}
915 
916 	/*
917 	 * !!!
918 	 * The ^D scroll command historically scrolled the value of the scroll
919 	 * option or to EOF.  It was an error if the cursor was already at EOF.
920 	 * (Leading addresses were permitted, but were then ignored.)
921 	 */
922 	if (ecp->cmd == &cmds[C_SCROLL]) {
923 		ecp->addrcnt = 2;
924 		ecp->addr1.lno = sp->lno + 1;
925 		ecp->addr2.lno = sp->lno + O_VAL(sp, O_SCROLL);
926 		ecp->addr1.cno = ecp->addr2.cno = sp->cno;
927 		if (db_last(sp, &lno))
928 			goto err;
929 		if (lno != 0 && lno > sp->lno && ecp->addr2.lno > lno)
930 			ecp->addr2.lno = lno;
931 	}
932 
933 	ecp->flagoff = 0;
934 	for (p = ecp->cmd->syntax; *p != '\0'; ++p) {
935 		/*
936 		 * The force flag is sensitive to leading whitespace, i.e.
937 		 * "next !" is different from "next!".  Handle it before
938 		 * skipping leading <blank>s.
939 		 */
940 		if (*p == '!') {
941 			if (ecp->clen > 0 && *ecp->cp == '!') {
942 				++ecp->cp;
943 				--ecp->clen;
944 				FL_SET(ecp->iflags, E_C_FORCE);
945 			}
946 			continue;
947 		}
948 
949 		/* Skip leading <blank>s. */
950 		for (; ecp->clen > 0; --ecp->clen, ++ecp->cp)
951 			if (!isblank(*ecp->cp))
952 				break;
953 		if (ecp->clen == 0)
954 			break;
955 
956 		switch (*p) {
957 		case '1':				/* +, -, #, l, p */
958 			/*
959 			 * !!!
960 			 * Historically, some flags were ignored depending
961 			 * on where they occurred in the command line.  For
962 			 * example, in the command, ":3+++p--#", historic vi
963 			 * acted on the '#' flag, but ignored the '-' flags.
964 			 * It's unambiguous what the flags mean, so we just
965 			 * handle them regardless of the stupidity of their
966 			 * location.
967 			 */
968 			for (; ecp->clen; --ecp->clen, ++ecp->cp)
969 				switch (*ecp->cp) {
970 				case '+':
971 					++ecp->flagoff;
972 					break;
973 				case '-':
974 				case '^':
975 					--ecp->flagoff;
976 					break;
977 				case '#':
978 					F_CLR(ecp, E_OPTNUM);
979 					FL_SET(ecp->iflags, E_C_HASH);
980 					exp->fdef |= E_C_HASH;
981 					break;
982 				case 'l':
983 					FL_SET(ecp->iflags, E_C_LIST);
984 					exp->fdef |= E_C_LIST;
985 					break;
986 				case 'p':
987 					FL_SET(ecp->iflags, E_C_PRINT);
988 					exp->fdef |= E_C_PRINT;
989 					break;
990 				default:
991 					goto end_case1;
992 				}
993 end_case1:		break;
994 		case '2':				/* -, ., +, ^ */
995 		case '3':				/* -, ., +, ^, = */
996 			for (; ecp->clen; --ecp->clen, ++ecp->cp)
997 				switch (*ecp->cp) {
998 				case '-':
999 					FL_SET(ecp->iflags, E_C_DASH);
1000 					break;
1001 				case '.':
1002 					FL_SET(ecp->iflags, E_C_DOT);
1003 					break;
1004 				case '+':
1005 					FL_SET(ecp->iflags, E_C_PLUS);
1006 					break;
1007 				case '^':
1008 					FL_SET(ecp->iflags, E_C_CARAT);
1009 					break;
1010 				case '=':
1011 					if (*p == '3') {
1012 						FL_SET(ecp->iflags, E_C_EQUAL);
1013 						break;
1014 					}
1015 					/* FALLTHROUGH */
1016 				default:
1017 					goto end_case23;
1018 				}
1019 end_case23:		break;
1020 		case 'b':				/* buffer */
1021 			/*
1022 			 * !!!
1023 			 * Historically, "d #" was a delete with a flag, not a
1024 			 * delete into the '#' buffer.  If the current command
1025 			 * permits a flag, don't use one as a buffer.  However,
1026 			 * the 'l' and 'p' flags were legal buffer names in the
1027 			 * historic ex, and were used as buffers, not flags.
1028 			 */
1029 			if ((ecp->cp[0] == '+' || ecp->cp[0] == '-' ||
1030 			    ecp->cp[0] == '^' || ecp->cp[0] == '#') &&
1031 			    strchr(p, '1') != NULL)
1032 				break;
1033 			/*
1034 			 * !!!
1035 			 * Digits can't be buffer names in ex commands, or the
1036 			 * command "d2" would be a delete into buffer '2', and
1037 			 * not a two-line deletion.
1038 			 */
1039 			if (!isdigit(ecp->cp[0])) {
1040 				ecp->buffer = *ecp->cp;
1041 				++ecp->cp;
1042 				--ecp->clen;
1043 				FL_SET(ecp->iflags, E_C_BUFFER);
1044 			}
1045 			break;
1046 		case 'c':				/* count [01+a] */
1047 			++p;
1048 			/* Validate any signed value. */
1049 			if (!isdigit(*ecp->cp) && (*p != '+' ||
1050 			    (*ecp->cp != '+' && *ecp->cp != '-')))
1051 				break;
1052 			/* If a signed value, set appropriate flags. */
1053 			if (*ecp->cp == '-')
1054 				FL_SET(ecp->iflags, E_C_COUNT_NEG);
1055 			else if (*ecp->cp == '+')
1056 				FL_SET(ecp->iflags, E_C_COUNT_POS);
1057 			if ((nret =
1058 			    nget_slong(&ltmp, ecp->cp, &t, 10)) != NUM_OK) {
1059 				ex_badaddr(sp, NULL, A_NOTSET, nret);
1060 				goto err;
1061 			}
1062 			if (ltmp == 0 && *p != '0') {
1063 				msgq(sp, M_ERR, "083|Count may not be zero");
1064 				goto err;
1065 			}
1066 			ecp->clen -= (t - ecp->cp);
1067 			ecp->cp = t;
1068 
1069 			/*
1070 			 * Counts as address offsets occur in commands taking
1071 			 * two addresses.  Historic vi practice was to use
1072 			 * the count as an offset from the *second* address.
1073 			 *
1074 			 * Set a count flag; some underlying commands (see
1075 			 * join) do different things with counts than with
1076 			 * line addresses.
1077 			 */
1078 			if (*p == 'a') {
1079 				ecp->addr1 = ecp->addr2;
1080 				ecp->addr2.lno = ecp->addr1.lno + ltmp - 1;
1081 			} else
1082 				ecp->count = ltmp;
1083 			FL_SET(ecp->iflags, E_C_COUNT);
1084 			break;
1085 		case 'f':				/* file */
1086 			if (argv_exp2(sp, ecp, ecp->cp, ecp->clen))
1087 				goto err;
1088 			goto arg_cnt_chk;
1089 		case 'l':				/* line */
1090 			/*
1091 			 * Get a line specification.
1092 			 *
1093 			 * If the line was a search expression, we may have
1094 			 * changed state during the call, and we're now
1095 			 * searching the file.  Push ourselves onto the state
1096 			 * stack.
1097 			 */
1098 			if (ex_line(sp, ecp, &cur, &isaddr, &tmp))
1099 				goto rfail;
1100 			if (tmp)
1101 				goto err;
1102 
1103 			/* Line specifications are always required. */
1104 			if (!isaddr) {
1105 				msgq_str(sp, M_ERR, ecp->cp,
1106 				     "084|%s: bad line specification");
1107 				goto err;
1108 			}
1109 			/*
1110 			 * The target line should exist for these commands,
1111 			 * but 0 is legal for them as well.
1112 			 */
1113 			if (cur.lno != 0 && !db_exist(sp, cur.lno)) {
1114 				ex_badaddr(sp, NULL, A_EOF, NUM_OK);
1115 				goto err;
1116 			}
1117 			ecp->lineno = cur.lno;
1118 			break;
1119 		case 'S':				/* string, file exp. */
1120 			if (ecp->clen != 0) {
1121 				if (argv_exp1(sp, ecp, ecp->cp,
1122 				    ecp->clen, ecp->cmd == &cmds[C_BANG]))
1123 					goto err;
1124 				goto addr_verify;
1125 			}
1126 			/* FALLTHROUGH */
1127 		case 's':				/* string */
1128 			if (argv_exp0(sp, ecp, ecp->cp, ecp->clen))
1129 				goto err;
1130 			goto addr_verify;
1131 		case 'W':				/* word string */
1132 			/*
1133 			 * QUOTING NOTE:
1134 			 *
1135 			 * Literal next characters escape the following
1136 			 * character.  Quoting characters are stripped here
1137 			 * since they are no longer useful.
1138 			 *
1139 			 * First there was the word.
1140 			 */
1141 			for (p = t = ecp->cp;
1142 			    ecp->clen > 0; --ecp->clen, ++ecp->cp) {
1143 				ch = *ecp->cp;
1144 				if (IS_ESCAPE(sp,
1145 				    ecp, ch) && ecp->clen > 1) {
1146 					--ecp->clen;
1147 					*p++ = *++ecp->cp;
1148 				} else if (isblank(ch)) {
1149 					++ecp->cp;
1150 					--ecp->clen;
1151 					break;
1152 				} else
1153 					*p++ = ch;
1154 			}
1155 			if (argv_exp0(sp, ecp, t, p - t))
1156 				goto err;
1157 
1158 			/* Delete intervening whitespace. */
1159 			for (; ecp->clen > 0;
1160 			    --ecp->clen, ++ecp->cp) {
1161 				ch = *ecp->cp;
1162 				if (!isblank(ch))
1163 					break;
1164 			}
1165 			if (ecp->clen == 0)
1166 				goto usage;
1167 
1168 			/* Followed by the string. */
1169 			for (p = t = ecp->cp; ecp->clen > 0;
1170 			    --ecp->clen, ++ecp->cp, ++p) {
1171 				ch = *ecp->cp;
1172 				if (IS_ESCAPE(sp,
1173 				    ecp, ch) && ecp->clen > 1) {
1174 					--ecp->clen;
1175 					*p = *++ecp->cp;
1176 				} else
1177 					*p = ch;
1178 			}
1179 			if (argv_exp0(sp, ecp, t, p - t))
1180 				goto err;
1181 			goto addr_verify;
1182 		case 'w':				/* word */
1183 			if (argv_exp3(sp, ecp, ecp->cp, ecp->clen))
1184 				goto err;
1185 arg_cnt_chk:		if (*++p != 'N') {		/* N */
1186 				/*
1187 				 * If a number is specified, must either be
1188 				 * 0 or that number, if optional, and that
1189 				 * number, if required.
1190 				 */
1191 				tmp = *p - '0';
1192 				if ((*++p != 'o' || exp->argsoff != 0) &&
1193 				    exp->argsoff != tmp)
1194 					goto usage;
1195 			}
1196 			goto addr_verify;
1197 		default:
1198 			msgq(sp, M_ERR,
1199 			    "085|Internal syntax table error (%s: %s)",
1200 			    ecp->cmd->name, KEY_NAME(sp, *p));
1201 		}
1202 	}
1203 
1204 	/* Skip trailing whitespace. */
1205 	for (; ecp->clen > 0; --ecp->clen) {
1206 		ch = *ecp->cp++;
1207 		if (!isblank(ch))
1208 			break;
1209 	}
1210 
1211 	/*
1212 	 * There shouldn't be anything left, and no more required fields,
1213 	 * i.e neither 'l' or 'r' in the syntax string.
1214 	 */
1215 	if (ecp->clen != 0 || strpbrk(p, "lr")) {
1216 usage:		msgq(sp, M_ERR, "086|Usage: %s", ecp->cmd->usage);
1217 		goto err;
1218 	}
1219 
1220 	/*
1221 	 * Verify that the addresses are legal.  Check the addresses here,
1222 	 * because this is a place where all ex addresses pass through.
1223 	 * (They don't all pass through ex_line(), for instance.)  We're
1224 	 * assuming that any non-existent line doesn't exist because it's
1225 	 * past the end-of-file.  That's a pretty good guess.
1226 	 *
1227 	 * If it's a "default vi command", an address of zero is okay.
1228 	 */
1229 addr_verify:
1230 	switch (ecp->addrcnt) {
1231 	case 2:
1232 		/*
1233 		 * Historic ex/vi permitted commands with counts to go past
1234 		 * EOF.  So, for example, if the file only had 5 lines, the
1235 		 * ex command "1,6>" would fail, but the command ">300"
1236 		 * would succeed.  Since we don't want to have to make all
1237 		 * of the underlying commands handle random line numbers,
1238 		 * fix it here.
1239 		 */
1240 		if (ecp->addr2.lno == 0) {
1241 			if (!F_ISSET(ecp, E_ADDR_ZERO) &&
1242 			    (F_ISSET(sp, SC_EX) ||
1243 			    !F_ISSET(ecp, E_USELASTCMD))) {
1244 				ex_badaddr(sp, ecp->cmd, A_ZERO, NUM_OK);
1245 				goto err;
1246 			}
1247 		} else if (!db_exist(sp, ecp->addr2.lno)) {
1248 			if (FL_ISSET(ecp->iflags, E_C_COUNT)) {
1249 				if (db_last(sp, &lno))
1250 					goto err;
1251 				ecp->addr2.lno = lno;
1252 			} else {
1253 				ex_badaddr(sp, NULL, A_EOF, NUM_OK);
1254 				goto err;
1255 			}
1256 		}
1257 		/* FALLTHROUGH */
1258 	case 1:
1259 		if (ecp->addr1.lno == 0) {
1260 			if (!F_ISSET(ecp, E_ADDR_ZERO) &&
1261 			    (F_ISSET(sp, SC_EX) ||
1262 			    !F_ISSET(ecp, E_USELASTCMD))) {
1263 				ex_badaddr(sp, ecp->cmd, A_ZERO, NUM_OK);
1264 				goto err;
1265 			}
1266 		} else if (!db_exist(sp, ecp->addr1.lno)) {
1267 			ex_badaddr(sp, NULL, A_EOF, NUM_OK);
1268 			goto err;
1269 		}
1270 		break;
1271 	}
1272 
1273 	/*
1274 	 * If doing a default command and there's nothing left on the line,
1275 	 * vi just moves to the line.  For example, ":3" and ":'a,'b" just
1276 	 * move to line 3 and line 'b, respectively, but ":3|" prints line 3.
1277 	 *
1278 	 * !!!
1279 	 * In addition, IF THE LINE CHANGES, move to the first nonblank of
1280 	 * the line.
1281 	 *
1282 	 * !!!
1283 	 * This is done before the absolute mark gets set; historically,
1284 	 * "/a/,/b/" did NOT set vi's absolute mark, but "/a/,/b/d" did.
1285 	 */
1286 	if ((F_ISSET(sp, SC_VI) || F_ISSET(ecp, E_NOPRDEF)) &&
1287 	    F_ISSET(ecp, E_USELASTCMD) && vi_address == 0) {
1288 		switch (ecp->addrcnt) {
1289 		case 2:
1290 			if (sp->lno !=
1291 			    (ecp->addr2.lno ? ecp->addr2.lno : 1)) {
1292 				sp->lno =
1293 				    ecp->addr2.lno ? ecp->addr2.lno : 1;
1294 				sp->cno = 0;
1295 				(void)nonblank(sp, sp->lno, &sp->cno);
1296 			}
1297 			break;
1298 		case 1:
1299 			if (sp->lno !=
1300 			    (ecp->addr1.lno ? ecp->addr1.lno : 1)) {
1301 				sp->lno =
1302 				    ecp->addr1.lno ? ecp->addr1.lno : 1;
1303 				sp->cno = 0;
1304 				(void)nonblank(sp, sp->lno, &sp->cno);
1305 			}
1306 			break;
1307 		}
1308 		ecp->cp = ecp->save_cmd;
1309 		ecp->clen = ecp->save_cmdlen;
1310 		goto loop;
1311 	}
1312 
1313 	/*
1314 	 * Set the absolute mark -- we have to set it for vi here, in case
1315 	 * it's a compound command, e.g. ":5p|6" should set the absolute
1316 	 * mark for vi.
1317 	 */
1318 	if (F_ISSET(ecp, E_ABSMARK)) {
1319 		cur.lno = sp->lno;
1320 		cur.cno = sp->cno;
1321 		F_CLR(ecp, E_ABSMARK);
1322 		if (mark_set(sp, ABSMARK1, &cur, 1))
1323 			goto err;
1324 	}
1325 
1326 #if defined(DEBUG) && defined(COMLOG)
1327 	ex_comlog(sp, ecp);
1328 #endif
1329 	/* Increment the command count if not called from vi. */
1330 	if (F_ISSET(sp, SC_EX))
1331 		++sp->ccnt;
1332 
1333 	/*
1334 	 * If file state available, and not doing a global command,
1335 	 * log the start of an action.
1336 	 */
1337 	if (sp->ep != NULL && !F_ISSET(sp, SC_EX_GLOBAL))
1338 		(void)log_cursor(sp);
1339 
1340 	/*
1341 	 * !!!
1342 	 * There are two special commands for the purposes of this code: the
1343 	 * default command (<carriage-return>) or the scrolling commands (^D
1344 	 * and <EOF>) as the first non-<blank> characters  in the line.
1345 	 *
1346 	 * If this is the first command in the command line, we received the
1347 	 * command from the ex command loop and we're talking to a tty, and
1348 	 * and there's nothing else on the command line, and it's one of the
1349 	 * special commands, we move back up to the previous line, and erase
1350 	 * the prompt character with the output.  Since ex runs in canonical
1351 	 * mode, we don't have to do anything else, a <newline> has already
1352 	 * been echoed by the tty driver.  It's OK if vi calls us -- we won't
1353 	 * be in ex mode so we'll do nothing.
1354 	 */
1355 	if (F_ISSET(ecp, E_NRSEP)) {
1356 		if (sp->ep != NULL &&
1357 		    F_ISSET(sp, SC_EX) && !F_ISSET(gp, G_SCRIPTED) &&
1358 		    (F_ISSET(ecp, E_USELASTCMD) || ecp->cmd == &cmds[C_SCROLL]))
1359 			gp->scr_ex_adjust(sp, EX_TERM_SCROLL);
1360 		F_CLR(ecp, E_NRSEP);
1361 	}
1362 
1363 	/*
1364 	 * Call the underlying function for the ex command.
1365 	 *
1366 	 * XXX
1367 	 * Interrupts behave like errors, for now.
1368 	 */
1369 	if (ecp->cmd->fn(sp, ecp) || INTERRUPTED(sp)) {
1370 		if (F_ISSET(gp, G_SCRIPTED))
1371 			F_SET(sp, SC_EXIT_FORCE);
1372 		goto err;
1373 	}
1374 
1375 #ifdef DEBUG
1376 	/* Make sure no function left global temporary space locked. */
1377 	if (F_ISSET(gp, G_TMP_INUSE)) {
1378 		F_CLR(gp, G_TMP_INUSE);
1379 		msgq(sp, M_ERR, "087|%s: temporary buffer not released",
1380 		    ecp->cmd->name);
1381 	}
1382 #endif
1383 	/*
1384 	 * Ex displayed the number of lines modified immediately after each
1385 	 * command, so the command "1,10d|1,10d" would display:
1386 	 *
1387 	 *	10 lines deleted
1388 	 *	10 lines deleted
1389 	 *	<autoprint line>
1390 	 *
1391 	 * Executing ex commands from vi only reported the final modified
1392 	 * lines message -- that's wrong enough that we don't match it.
1393 	 */
1394 	if (F_ISSET(sp, SC_EX))
1395 		mod_rpt(sp);
1396 
1397 	/*
1398 	 * Integrate any offset parsed by the underlying command, and make
1399 	 * sure the referenced line exists.
1400 	 *
1401 	 * XXX
1402 	 * May not match historic practice (which I've never been able to
1403 	 * completely figure out.)  For example, the '=' command from vi
1404 	 * mode often got the offset wrong, and complained it was too large,
1405 	 * but didn't seem to have a problem with the cursor.  If anyone
1406 	 * complains, ask them how it's supposed to work, they might know.
1407 	 */
1408 	if (sp->ep != NULL && ecp->flagoff) {
1409 		if (ecp->flagoff < 0) {
1410 			if (sp->lno <= -ecp->flagoff) {
1411 				msgq(sp, M_ERR,
1412 				    "088|Flag offset to before line 1");
1413 				goto err;
1414 			}
1415 		} else {
1416 			if (!NPFITS(MAX_REC_NUMBER, sp->lno, ecp->flagoff)) {
1417 				ex_badaddr(sp, NULL, A_NOTSET, NUM_OVER);
1418 				goto err;
1419 			}
1420 			if (!db_exist(sp, sp->lno + ecp->flagoff)) {
1421 				msgq(sp, M_ERR,
1422 				    "089|Flag offset past end-of-file");
1423 				goto err;
1424 			}
1425 		}
1426 		sp->lno += ecp->flagoff;
1427 	}
1428 
1429 	/*
1430 	 * If the command executed successfully, we may want to display a line
1431 	 * based on the autoprint option or an explicit print flag.  (Make sure
1432 	 * that there's a line to display.)  Also, the autoprint edit option is
1433 	 * turned off for the duration of global commands.
1434 	 */
1435 	if (F_ISSET(sp, SC_EX) && sp->ep != NULL && sp->lno != 0) {
1436 		/*
1437 		 * The print commands have already handled the `print' flags.
1438 		 * If so, clear them.
1439 		 */
1440 		if (FL_ISSET(ecp->iflags, E_CLRFLAG))
1441 			FL_CLR(ecp->iflags, E_C_HASH | E_C_LIST | E_C_PRINT);
1442 
1443 		/* If hash set only because of the number option, discard it. */
1444 		if (F_ISSET(ecp, E_OPTNUM))
1445 			FL_CLR(ecp->iflags, E_C_HASH);
1446 
1447 		/*
1448 		 * If there was an explicit flag to display the new cursor line,
1449 		 * or autoprint is set and a change was made, display the line.
1450 		 * If any print flags were set use them, else default to print.
1451 		 */
1452 		LF_INIT(FL_ISSET(ecp->iflags, E_C_HASH | E_C_LIST | E_C_PRINT));
1453 		if (!LF_ISSET(E_C_HASH | E_C_LIST | E_C_PRINT | E_NOAUTO) &&
1454 		    !F_ISSET(sp, SC_EX_GLOBAL) &&
1455 		    O_ISSET(sp, O_AUTOPRINT) && F_ISSET(ecp, E_AUTOPRINT))
1456 			LF_INIT(E_C_PRINT);
1457 
1458 		if (LF_ISSET(E_C_HASH | E_C_LIST | E_C_PRINT)) {
1459 			cur.lno = sp->lno;
1460 			cur.cno = 0;
1461 			(void)ex_print(sp, ecp, &cur, &cur, flags);
1462 		}
1463 	}
1464 
1465 	/*
1466 	 * If the command had an associated "+cmd", it has to be executed
1467 	 * before we finish executing any more of this ex command.  For
1468 	 * example, consider a .exrc file that contains the following lines:
1469 	 *
1470 	 *	:set all
1471 	 *	:edit +25 file.c|s/abc/ABC/|1
1472 	 *	:3,5 print
1473 	 *
1474 	 * This can happen more than once -- the historic vi simply hung or
1475 	 * dropped core, of course.  Prepend the + command back into the
1476 	 * current command and continue.  We may have to add an additional
1477 	 * <literal next> character.  We know that it will fit because we
1478 	 * discarded at least one space and the + character.
1479 	 */
1480 	if (arg1_len != 0) {
1481 		/*
1482 		 * If the last character of the + command was a <literal next>
1483 		 * character, it would be treated differently because of the
1484 		 * append.  Quote it, if necessary.
1485 		 */
1486 		if (IS_ESCAPE(sp, ecp, arg1[arg1_len - 1])) {
1487 			*--ecp->save_cmd = CH_LITERAL;
1488 			++ecp->save_cmdlen;
1489 		}
1490 
1491 		ecp->save_cmd -= arg1_len;
1492 		ecp->save_cmdlen += arg1_len;
1493 		memcpy(ecp->save_cmd, arg1, arg1_len);
1494 
1495 		/*
1496 		 * Any commands executed from a +cmd are executed starting at
1497 		 * the first column of the last line of the file -- NOT the
1498 		 * first nonblank.)  The main file startup code doesn't know
1499 		 * that a +cmd was set, however, so it may have put us at the
1500 		 * top of the file.  (Note, this is safe because we must have
1501 		 * switched files to get here.)
1502 		 */
1503 		F_SET(ecp, E_MOVETOEND);
1504 	}
1505 
1506 	/* Update the current command. */
1507 	ecp->cp = ecp->save_cmd;
1508 	ecp->clen = ecp->save_cmdlen;
1509 
1510 	/*
1511 	 * !!!
1512 	 * If we've changed screens or underlying files, any pending global or
1513 	 * v command, or @ buffer that has associated addresses, has to be
1514 	 * discarded.  This is historic practice for globals, and necessary for
1515 	 * @ buffers that had associated addresses.
1516 	 *
1517 	 * Otherwise, if we've changed underlying files, it's not a problem,
1518 	 * we continue with the rest of the ex command(s), operating on the
1519 	 * new file.  However, if we switch screens (either by exiting or by
1520 	 * an explicit command), we have no way of knowing where to put output
1521 	 * messages, and, since we don't control screens here, we could screw
1522 	 * up the upper layers, (e.g. we could exit/reenter a screen multiple
1523 	 * times).  So, return and continue after we've got a new screen.
1524 	 */
1525 	if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE | SC_FSWITCH | SC_SSWITCH)) {
1526 		at_found = gv_found = 0;
1527 		LIST_FOREACH(ecp, &sp->gp->ecq, q)
1528 			switch (ecp->agv_flags) {
1529 			case 0:
1530 			case AGV_AT_NORANGE:
1531 				break;
1532 			case AGV_AT:
1533 				if (!at_found) {
1534 					at_found = 1;
1535 					msgq(sp, M_ERR,
1536 		"090|@ with range running when the file/screen changed");
1537 				}
1538 				break;
1539 			case AGV_GLOBAL:
1540 			case AGV_V:
1541 				if (!gv_found) {
1542 					gv_found = 1;
1543 					msgq(sp, M_ERR,
1544 		"091|Global/v command running when the file/screen changed");
1545 				}
1546 				break;
1547 			default:
1548 				abort();
1549 			}
1550 		if (at_found || gv_found)
1551 			goto discard;
1552 		if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE | SC_SSWITCH))
1553 			goto rsuccess;
1554 	}
1555 
1556 	goto loop;
1557 	/* NOTREACHED */
1558 
1559 err:	/*
1560 	 * On command failure, we discard keys and pending commands remaining,
1561 	 * as well as any keys that were mapped and waiting.  The save_cmdlen
1562 	 * test is not necessarily correct.  If we fail early enough we don't
1563 	 * know if the entire string was a single command or not.  Guess, as
1564 	 * it's useful to know if commands other than the current one are being
1565 	 * discarded.
1566 	 */
1567 	if (ecp->save_cmdlen == 0)
1568 		for (; ecp->clen; --ecp->clen) {
1569 			ch = *ecp->cp++;
1570 			if (IS_ESCAPE(sp, ecp, ch) && ecp->clen > 1) {
1571 				--ecp->clen;
1572 				++ecp->cp;
1573 			} else if (ch == '\n' || ch == '|') {
1574 				if (ecp->clen > 1)
1575 					ecp->save_cmdlen = 1;
1576 				break;
1577 			}
1578 		}
1579 	if (ecp->save_cmdlen != 0 || LIST_FIRST(&gp->ecq) != &gp->excmd) {
1580 discard:	msgq(sp, M_BERR,
1581 		    "092|Ex command failed: pending commands discarded");
1582 		ex_discard(sp);
1583 	}
1584 	if (v_event_flush(sp, CH_MAPPED))
1585 		msgq(sp, M_BERR,
1586 		    "093|Ex command failed: mapped keys discarded");
1587 
1588 rfail:	tmp = 1;
1589 	if (0)
1590 rsuccess:	tmp = 0;
1591 
1592 	/* Turn off any file name error information. */
1593 	gp->if_name = NULL;
1594 
1595 	/* Turn off the global bit. */
1596 	F_CLR(sp, SC_EX_GLOBAL);
1597 
1598 	return (tmp);
1599 }
1600 
1601 /*
1602  * ex_range --
1603  *	Get a line range for ex commands, or perform a vi ex address search.
1604  *
1605  * PUBLIC: int ex_range(SCR *, EXCMD *, int *);
1606  */
1607 int
ex_range(sp,ecp,errp)1608 ex_range(sp, ecp, errp)
1609 	SCR *sp;
1610 	EXCMD *ecp;
1611 	int *errp;
1612 {
1613 	enum { ADDR_FOUND, ADDR_NEED, ADDR_NONE } addr;
1614 	MARK m;
1615 	int isaddr;
1616 
1617 	*errp = 0;
1618 
1619 	/*
1620 	 * Parse comma or semi-colon delimited line specs.
1621 	 *
1622 	 * Semi-colon delimiters update the current address to be the last
1623 	 * address.  For example, the command
1624 	 *
1625 	 *	:3;/pattern/ecp->cp
1626 	 *
1627 	 * will search for pattern from line 3.  In addition, if ecp->cp
1628 	 * is not a valid command, the current line will be left at 3, not
1629 	 * at the original address.
1630 	 *
1631 	 * Extra addresses are discarded, starting with the first.
1632 	 *
1633 	 * !!!
1634 	 * If any addresses are missing, they default to the current line.
1635 	 * This was historically true for both leading and trailing comma
1636 	 * delimited addresses as well as for trailing semicolon delimited
1637 	 * addresses.  For consistency, we make it true for leading semicolon
1638 	 * addresses as well.
1639 	 */
1640 	for (addr = ADDR_NONE, ecp->addrcnt = 0; ecp->clen > 0;)
1641 		switch (*ecp->cp) {
1642 		case '%':		/* Entire file. */
1643 			/* Vi ex address searches didn't permit % signs. */
1644 			if (F_ISSET(ecp, E_VISEARCH))
1645 				goto ret;
1646 
1647 			/* It's an error if the file is empty. */
1648 			if (sp->ep == NULL) {
1649 				ex_badaddr(sp, NULL, A_EMPTY, NUM_OK);
1650 				*errp = 1;
1651 				return (0);
1652 			}
1653 			/*
1654 			 * !!!
1655 			 * A percent character addresses all of the lines in
1656 			 * the file.  Historically, it couldn't be followed by
1657 			 * any other address.  We do it as a text substitution
1658 			 * for simplicity.  POSIX 1003.2 is expected to follow
1659 			 * this practice.
1660 			 *
1661 			 * If it's an empty file, the first line is 0, not 1.
1662 			 */
1663 			if (addr == ADDR_FOUND) {
1664 				ex_badaddr(sp, NULL, A_COMBO, NUM_OK);
1665 				*errp = 1;
1666 				return (0);
1667 			}
1668 			if (db_last(sp, &ecp->addr2.lno))
1669 				return (1);
1670 			ecp->addr1.lno = ecp->addr2.lno == 0 ? 0 : 1;
1671 			ecp->addr1.cno = ecp->addr2.cno = 0;
1672 			ecp->addrcnt = 2;
1673 			addr = ADDR_FOUND;
1674 			++ecp->cp;
1675 			--ecp->clen;
1676 			break;
1677 		case ',':               /* Comma delimiter. */
1678 			/* Vi ex address searches didn't permit commas. */
1679 			if (F_ISSET(ecp, E_VISEARCH))
1680 				goto ret;
1681 			/* FALLTHROUGH */
1682 		case ';':               /* Semi-colon delimiter. */
1683 			if (sp->ep == NULL) {
1684 				ex_badaddr(sp, NULL, A_EMPTY, NUM_OK);
1685 				*errp = 1;
1686 				return (0);
1687 			}
1688 			if (addr != ADDR_FOUND)
1689 				switch (ecp->addrcnt) {
1690 				case 0:
1691 					ecp->addr1.lno = sp->lno;
1692 					ecp->addr1.cno = sp->cno;
1693 					ecp->addrcnt = 1;
1694 					break;
1695 				case 2:
1696 					ecp->addr1 = ecp->addr2;
1697 					/* FALLTHROUGH */
1698 				case 1:
1699 					ecp->addr2.lno = sp->lno;
1700 					ecp->addr2.cno = sp->cno;
1701 					ecp->addrcnt = 2;
1702 					break;
1703 				}
1704 			if (*ecp->cp == ';')
1705 				switch (ecp->addrcnt) {
1706 				case 0:
1707 					abort();
1708 					/* NOTREACHED */
1709 				case 1:
1710 					sp->lno = ecp->addr1.lno;
1711 					sp->cno = ecp->addr1.cno;
1712 					break;
1713 				case 2:
1714 					sp->lno = ecp->addr2.lno;
1715 					sp->cno = ecp->addr2.cno;
1716 					break;
1717 				}
1718 			addr = ADDR_NEED;
1719 			/* FALLTHROUGH */
1720 		case ' ':		/* Whitespace. */
1721 		case '\t':		/* Whitespace. */
1722 			++ecp->cp;
1723 			--ecp->clen;
1724 			break;
1725 		default:
1726 			/* Get a line specification. */
1727 			if (ex_line(sp, ecp, &m, &isaddr, errp))
1728 				return (1);
1729 			if (*errp)
1730 				return (0);
1731 			if (!isaddr)
1732 				goto ret;
1733 			if (addr == ADDR_FOUND) {
1734 				ex_badaddr(sp, NULL, A_COMBO, NUM_OK);
1735 				*errp = 1;
1736 				return (0);
1737 			}
1738 			switch (ecp->addrcnt) {
1739 			case 0:
1740 				ecp->addr1 = m;
1741 				ecp->addrcnt = 1;
1742 				break;
1743 			case 1:
1744 				ecp->addr2 = m;
1745 				ecp->addrcnt = 2;
1746 				break;
1747 			case 2:
1748 				ecp->addr1 = ecp->addr2;
1749 				ecp->addr2 = m;
1750 				break;
1751 			}
1752 			addr = ADDR_FOUND;
1753 			break;
1754 		}
1755 
1756 	/*
1757 	 * !!!
1758 	 * Vi ex address searches are indifferent to order or trailing
1759 	 * semi-colons.
1760 	 */
1761 ret:	if (F_ISSET(ecp, E_VISEARCH))
1762 		return (0);
1763 
1764 	if (addr == ADDR_NEED)
1765 		switch (ecp->addrcnt) {
1766 		case 0:
1767 			ecp->addr1.lno = sp->lno;
1768 			ecp->addr1.cno = sp->cno;
1769 			ecp->addrcnt = 1;
1770 			break;
1771 		case 2:
1772 			ecp->addr1 = ecp->addr2;
1773 			/* FALLTHROUGH */
1774 		case 1:
1775 			ecp->addr2.lno = sp->lno;
1776 			ecp->addr2.cno = sp->cno;
1777 			ecp->addrcnt = 2;
1778 			break;
1779 		}
1780 
1781 	if (ecp->addrcnt == 2 && ecp->addr2.lno < ecp->addr1.lno) {
1782 		msgq(sp, M_ERR,
1783 		    "094|The second address is smaller than the first");
1784 		*errp = 1;
1785 	}
1786 	return (0);
1787 }
1788 
1789 /*
1790  * ex_line --
1791  *	Get a single line address specifier.
1792  *
1793  * The way the "previous context" mark worked was that any "non-relative"
1794  * motion set it.  While ex/vi wasn't totally consistent about this, ANY
1795  * numeric address, search pattern, '$', or mark reference in an address
1796  * was considered non-relative, and set the value.  Which should explain
1797  * why we're hacking marks down here.  The problem was that the mark was
1798  * only set if the command was called, i.e. we have to set a flag and test
1799  * it later.
1800  *
1801  * XXX
1802  * This is probably still not exactly historic practice, although I think
1803  * it's fairly close.
1804  */
1805 static int
ex_line(sp,ecp,mp,isaddrp,errp)1806 ex_line(sp, ecp, mp, isaddrp, errp)
1807 	SCR *sp;
1808 	EXCMD *ecp;
1809 	MARK *mp;
1810 	int *isaddrp, *errp;
1811 {
1812 	enum nresult nret;
1813 	long total, val;
1814 	int isneg;
1815 	int (*sf)(SCR *, MARK *, MARK *, char *, size_t, char **, u_int);
1816 	char *endp;
1817 
1818 	*isaddrp = *errp = 0;
1819 	F_CLR(ecp, E_DELTA);
1820 
1821 	/* No addresses permitted until a file has been read in. */
1822 	if (sp->ep == NULL && strchr("$0123456789'\\/?.+-^", *ecp->cp)) {
1823 		ex_badaddr(sp, NULL, A_EMPTY, NUM_OK);
1824 		*errp = 1;
1825 		return (0);
1826 	}
1827 
1828 	switch (*ecp->cp) {
1829 	case '$':				/* Last line in the file. */
1830 		*isaddrp = 1;
1831 		F_SET(ecp, E_ABSMARK);
1832 
1833 		mp->cno = 0;
1834 		if (db_last(sp, &mp->lno))
1835 			return (1);
1836 		++ecp->cp;
1837 		--ecp->clen;
1838 		break;				/* Absolute line number. */
1839 	case '0': case '1': case '2': case '3': case '4':
1840 	case '5': case '6': case '7': case '8': case '9':
1841 		*isaddrp = 1;
1842 		F_SET(ecp, E_ABSMARK);
1843 
1844 		if ((nret = nget_slong(&val, ecp->cp, &endp, 10)) != NUM_OK) {
1845 			ex_badaddr(sp, NULL, A_NOTSET, nret);
1846 			*errp = 1;
1847 			return (0);
1848 		}
1849 		if (!NPFITS(MAX_REC_NUMBER, 0, val)) {
1850 			ex_badaddr(sp, NULL, A_NOTSET, NUM_OVER);
1851 			*errp = 1;
1852 			return (0);
1853 		}
1854 		mp->lno = val;
1855 		mp->cno = 0;
1856 		ecp->clen -= (endp - ecp->cp);
1857 		ecp->cp = endp;
1858 		break;
1859 	case '\'':				/* Use a mark. */
1860 		*isaddrp = 1;
1861 		F_SET(ecp, E_ABSMARK);
1862 
1863 		if (ecp->clen == 1) {
1864 			msgq(sp, M_ERR, "095|No mark name supplied");
1865 			*errp = 1;
1866 			return (0);
1867 		}
1868 		if (mark_get(sp, ecp->cp[1], mp, M_ERR)) {
1869 			*errp = 1;
1870 			return (0);
1871 		}
1872 		ecp->cp += 2;
1873 		ecp->clen -= 2;
1874 		break;
1875 	case '\\':				/* Search: forward/backward. */
1876 		/*
1877 		 * !!!
1878 		 * I can't find any difference between // and \/ or between
1879 		 * ?? and \?.  Mark Horton doesn't remember there being any
1880 		 * difference.  C'est la vie.
1881 		 */
1882 		if (ecp->clen < 2 ||
1883 		    (ecp->cp[1] != '/' && ecp->cp[1] != '?')) {
1884 			msgq(sp, M_ERR, "096|\\ not followed by / or ?");
1885 			*errp = 1;
1886 			return (0);
1887 		}
1888 		++ecp->cp;
1889 		--ecp->clen;
1890 		sf = ecp->cp[0] == '/' ? f_search : b_search;
1891 		goto search;
1892 	case '/':				/* Search forward. */
1893 		sf = f_search;
1894 		goto search;
1895 	case '?':				/* Search backward. */
1896 		sf = b_search;
1897 
1898 search:		mp->lno = sp->lno;
1899 		mp->cno = sp->cno;
1900 		if (sf(sp, mp, mp, ecp->cp, ecp->clen, &endp,
1901 		    SEARCH_MSG | SEARCH_PARSE | SEARCH_SET |
1902 		    (F_ISSET(ecp, E_SEARCH_WMSG) ? SEARCH_WMSG : 0))) {
1903 			*errp = 1;
1904 			return (0);
1905 		}
1906 
1907 		/* Fix up the command pointers. */
1908 		ecp->clen -= (endp - ecp->cp);
1909 		ecp->cp = endp;
1910 
1911 		*isaddrp = 1;
1912 		F_SET(ecp, E_ABSMARK);
1913 		break;
1914 	case '.':				/* Current position. */
1915 		*isaddrp = 1;
1916 		mp->cno = sp->cno;
1917 
1918 		/* If an empty file, then '.' is 0, not 1. */
1919 		if (sp->lno == 1) {
1920 			if (db_last(sp, &mp->lno))
1921 				return (1);
1922 			if (mp->lno != 0)
1923 				mp->lno = 1;
1924 		} else
1925 			mp->lno = sp->lno;
1926 
1927 		/*
1928 		 * !!!
1929 		 * Historically, .<number> was the same as .+<number>, i.e.
1930 		 * the '+' could be omitted.  (This feature is found in ed
1931 		 * as well.)
1932 		 */
1933 		if (ecp->clen > 1 && isdigit(ecp->cp[1]))
1934 			*ecp->cp = '+';
1935 		else {
1936 			++ecp->cp;
1937 			--ecp->clen;
1938 		}
1939 		break;
1940 	}
1941 
1942 	/* Skip trailing <blank>s. */
1943 	for (; ecp->clen > 0 &&
1944 	    isblank(ecp->cp[0]); ++ecp->cp, --ecp->clen);
1945 
1946 	/*
1947 	 * Evaluate any offset.  If no address yet found, the offset
1948 	 * is relative to ".".
1949 	 */
1950 	total = 0;
1951 	if (ecp->clen != 0 && (isdigit(ecp->cp[0]) ||
1952 	    ecp->cp[0] == '+' || ecp->cp[0] == '-' ||
1953 	    ecp->cp[0] == '^')) {
1954 		if (!*isaddrp) {
1955 			*isaddrp = 1;
1956 			mp->lno = sp->lno;
1957 			mp->cno = sp->cno;
1958 		}
1959 		/*
1960 		 * Evaluate an offset, defined as:
1961 		 *
1962 		 *		[+-^<blank>]*[<blank>]*[0-9]*
1963 		 *
1964 		 * The rough translation is any number of signs, optionally
1965 		 * followed by numbers, or a number by itself, all <blank>
1966 		 * separated.
1967 		 *
1968 		 * !!!
1969 		 * All address offsets were additive, e.g. "2 2 3p" was the
1970 		 * same as "7p", or, "/ZZZ/ 2" was the same as "/ZZZ/+2".
1971 		 * Note, however, "2 /ZZZ/" was an error.  It was also legal
1972 		 * to insert signs without numbers, so "3 - 2" was legal, and
1973 		 * equal to 4.
1974 		 *
1975 		 * !!!
1976 		 * Offsets were historically permitted for any line address,
1977 		 * e.g. the command "1,2 copy 2 2 2 2" copied lines 1,2 after
1978 		 * line 8.
1979 		 *
1980 		 * !!!
1981 		 * Offsets were historically permitted for search commands,
1982 		 * and handled as addresses: "/pattern/2 2 2" was legal, and
1983 		 * referenced the 6th line after pattern.
1984 		 */
1985 		F_SET(ecp, E_DELTA);
1986 		for (;;) {
1987 			for (; ecp->clen > 0 && isblank(ecp->cp[0]);
1988 			    ++ecp->cp, --ecp->clen);
1989 			if (ecp->clen == 0 || (!isdigit(ecp->cp[0]) &&
1990 			    ecp->cp[0] != '+' && ecp->cp[0] != '-' &&
1991 			    ecp->cp[0] != '^'))
1992 				break;
1993 			if (!isdigit(ecp->cp[0]) &&
1994 			    !isdigit(ecp->cp[1])) {
1995 				total += ecp->cp[0] == '+' ? 1 : -1;
1996 				--ecp->clen;
1997 				++ecp->cp;
1998 			} else {
1999 				if (ecp->cp[0] == '-' ||
2000 				    ecp->cp[0] == '^') {
2001 					++ecp->cp;
2002 					--ecp->clen;
2003 					isneg = 1;
2004 				} else
2005 					isneg = 0;
2006 
2007 				/* Get a signed long, add it to the total. */
2008 				if ((nret = nget_slong(&val,
2009 				    ecp->cp, &endp, 10)) != NUM_OK ||
2010 				    (nret = NADD_SLONG(total, val)) != NUM_OK) {
2011 					ex_badaddr(sp, NULL, A_NOTSET, nret);
2012 					*errp = 1;
2013 					return (0);
2014 				}
2015 				total += isneg ? -val : val;
2016 				ecp->clen -= (endp - ecp->cp);
2017 				ecp->cp = endp;
2018 			}
2019 		}
2020 	}
2021 
2022 	/*
2023 	 * Any value less than 0 is an error.  Make sure that the new value
2024 	 * will fit into a recno_t.
2025 	 */
2026 	if (*isaddrp && total != 0) {
2027 		if (total < 0) {
2028 			if (-total > mp->lno) {
2029 				msgq(sp, M_ERR,
2030 			    "097|Reference to a line number less than 0");
2031 				*errp = 1;
2032 				return (0);
2033 			}
2034 		} else
2035 			if (!NPFITS(MAX_REC_NUMBER, mp->lno, total)) {
2036 				ex_badaddr(sp, NULL, A_NOTSET, NUM_OVER);
2037 				*errp = 1;
2038 				return (0);
2039 			}
2040 		mp->lno += total;
2041 	}
2042 	return (0);
2043 }
2044 
2045 
2046 /*
2047  * ex_load --
2048  *	Load up the next command, which may be an @ buffer or global command.
2049  */
2050 static int
ex_load(sp)2051 ex_load(sp)
2052 	SCR *sp;
2053 {
2054 	GS *gp;
2055 	EXCMD *ecp;
2056 	RANGE *rp;
2057 
2058 	F_CLR(sp, SC_EX_GLOBAL);
2059 
2060 	/*
2061 	 * Lose any exhausted commands.  We know that the first command
2062 	 * can't be an AGV command, which makes things a bit easier.
2063 	 */
2064 	for (gp = sp->gp;;) {
2065 		/*
2066 		 * If we're back to the original structure, leave it around,
2067 		 * but discard any allocated source name, we've returned to
2068 		 * the beginning of the command stack.
2069 		 */
2070 		if ((ecp = LIST_FIRST(&gp->ecq)) == &gp->excmd) {
2071 			if (F_ISSET(ecp, E_NAMEDISCARD)) {
2072 				free(ecp->if_name);
2073 				ecp->if_name = NULL;
2074 			}
2075 			return (0);
2076 		}
2077 
2078 		/*
2079 		 * ecp->clen will be 0 for the first discarded command, but
2080 		 * may not be 0 for subsequent ones, e.g. if the original
2081 		 * command was ":g/xx/@a|s/b/c/", then when we discard the
2082 		 * command pushed on the stack by the @a, we have to resume
2083 		 * the global command which included the substitute command.
2084 		 */
2085 		if (ecp->clen != 0)
2086 			return (0);
2087 
2088 		/*
2089 		 * If it's an @, global or v command, we may need to continue
2090 		 * the command on a different line.
2091 		 */
2092 		if (FL_ISSET(ecp->agv_flags, AGV_ALL)) {
2093 			/* Discard any exhausted ranges. */
2094 			while ((rp = CIRCLEQ_FIRST(&ecp->rq)) != (void *)&ecp->rq)
2095 				if (rp->start > rp->stop) {
2096 					CIRCLEQ_REMOVE(&ecp->rq, rp, q);
2097 					free(rp);
2098 				} else
2099 					break;
2100 
2101 			/* If there's another range, continue with it. */
2102 			if (rp != (void *)&ecp->rq)
2103 				break;
2104 
2105 			/* If it's a global/v command, fix up the last line. */
2106 			if (FL_ISSET(ecp->agv_flags,
2107 			    AGV_GLOBAL | AGV_V) && ecp->range_lno != OOBLNO) {
2108 				if (db_exist(sp, ecp->range_lno))
2109 					sp->lno = ecp->range_lno;
2110 				else {
2111 					if (db_last(sp, &sp->lno))
2112 						return (1);
2113 					if (sp->lno == 0)
2114 						sp->lno = 1;
2115 				}
2116 			}
2117 			free(ecp->o_cp);
2118 		}
2119 
2120 		/* Discard the EXCMD. */
2121 		LIST_REMOVE(ecp, q);
2122 		free(ecp);
2123 	}
2124 
2125 	/*
2126 	 * We only get here if it's an active @, global or v command.  Set
2127 	 * the current line number, and get a new copy of the command for
2128 	 * the parser.  Note, the original pointer almost certainly moved,
2129 	 * so we have play games.
2130 	 */
2131 	ecp->cp = ecp->o_cp;
2132 	memcpy(ecp->cp, ecp->cp + ecp->o_clen, ecp->o_clen);
2133 	ecp->clen = ecp->o_clen;
2134 	ecp->range_lno = sp->lno = rp->start++;
2135 
2136 	if (FL_ISSET(ecp->agv_flags, AGV_GLOBAL | AGV_V))
2137 		F_SET(sp, SC_EX_GLOBAL);
2138 	return (0);
2139 }
2140 
2141 /*
2142  * ex_discard --
2143  *	Discard any pending ex commands.
2144  */
2145 static int
ex_discard(sp)2146 ex_discard(sp)
2147 	SCR *sp;
2148 {
2149 	GS *gp;
2150 	EXCMD *ecp;
2151 	RANGE *rp;
2152 
2153 	/*
2154 	 * We know the first command can't be an AGV command, so we don't
2155 	 * process it specially.  We do, however, nail the command itself.
2156 	 */
2157 	for (gp = sp->gp; (ecp = LIST_FIRST(&gp->ecq)) != &gp->excmd;) {
2158 		if (FL_ISSET(ecp->agv_flags, AGV_ALL)) {
2159 			while ((rp = CIRCLEQ_FIRST(&ecp->rq)) != CIRCLEQ_END(&ecp->rq)) {
2160 				CIRCLEQ_REMOVE(&ecp->rq, rp, q);
2161 				free(rp);
2162 			}
2163 			free(ecp->o_cp);
2164 		}
2165 		LIST_REMOVE(ecp, q);
2166 		free(ecp);
2167 	}
2168 	LIST_FIRST(&gp->ecq)->clen = 0;
2169 	return (0);
2170 }
2171 
2172 /*
2173  * ex_unknown --
2174  *	Display an unknown command name.
2175  */
2176 static void
ex_unknown(sp,cmd,len)2177 ex_unknown(sp, cmd, len)
2178 	SCR *sp;
2179 	char *cmd;
2180 	size_t len;
2181 {
2182 	size_t blen;
2183 	char *bp;
2184 
2185 	GET_SPACE_GOTO(sp, bp, blen, len + 1);
2186 	bp[len] = '\0';
2187 	memcpy(bp, cmd, len);
2188 	msgq_str(sp, M_ERR, bp, "098|The %s command is unknown");
2189 	FREE_SPACE(sp, bp, blen);
2190 
2191 alloc_err:
2192 	return;
2193 }
2194 
2195 /*
2196  * ex_is_abbrev -
2197  *	The vi text input routine needs to know if ex thinks this is an
2198  *	[un]abbreviate command, so it can turn off abbreviations.  See
2199  *	the usual ranting in the vi/v_txt_ev.c:txt_abbrev() routine.
2200  *
2201  * PUBLIC: int ex_is_abbrev(char *, size_t);
2202  */
2203 int
ex_is_abbrev(name,len)2204 ex_is_abbrev(name, len)
2205 	char *name;
2206 	size_t len;
2207 {
2208 	EXCMDLIST const *cp;
2209 
2210 	return ((cp = ex_comm_search(name, len)) != NULL &&
2211 	    (cp == &cmds[C_ABBR] || cp == &cmds[C_UNABBREVIATE]));
2212 }
2213 
2214 /*
2215  * ex_is_unmap -
2216  *	The vi text input routine needs to know if ex thinks this is an
2217  *	unmap command, so it can turn off input mapping.  See the usual
2218  *	ranting in the vi/v_txt_ev.c:txt_unmap() routine.
2219  *
2220  * PUBLIC: int ex_is_unmap(char *, size_t);
2221  */
2222 int
ex_is_unmap(name,len)2223 ex_is_unmap(name, len)
2224 	char *name;
2225 	size_t len;
2226 {
2227 	EXCMDLIST const *cp;
2228 
2229 	/*
2230 	 * The command the vi input routines are really interested in
2231 	 * is "unmap!", not just unmap.
2232 	 */
2233 	if (name[len - 1] != '!')
2234 		return (0);
2235 	--len;
2236 	return ((cp = ex_comm_search(name, len)) != NULL &&
2237 	    cp == &cmds[C_UNMAP]);
2238 }
2239 
2240 /*
2241  * ex_comm_search --
2242  *	Search for a command name.
2243  */
2244 static EXCMDLIST const *
ex_comm_search(name,len)2245 ex_comm_search(name, len)
2246 	char *name;
2247 	size_t len;
2248 {
2249 	EXCMDLIST const *cp;
2250 
2251 	for (cp = cmds; cp->name != NULL; ++cp) {
2252 		if (cp->name[0] > name[0])
2253 			return (NULL);
2254 		if (cp->name[0] != name[0])
2255 			continue;
2256 		if (!memcmp(name, cp->name, len))
2257 			return (cp);
2258 	}
2259 	return (NULL);
2260 }
2261 
2262 /*
2263  * ex_badaddr --
2264  *	Display a bad address message.
2265  *
2266  * PUBLIC: void ex_badaddr
2267  * PUBLIC:(SCR *, EXCMDLIST const *, enum badaddr, enum nresult);
2268  */
2269 void
ex_badaddr(sp,cp,ba,nret)2270 ex_badaddr(sp, cp, ba, nret)
2271 	SCR *sp;
2272 	EXCMDLIST const *cp;
2273 	enum badaddr ba;
2274 	enum nresult nret;
2275 {
2276 	recno_t lno;
2277 
2278 	switch (nret) {
2279 	case NUM_OK:
2280 		break;
2281 	case NUM_ERR:
2282 		msgq(sp, M_SYSERR, NULL);
2283 		return;
2284 	case NUM_OVER:
2285 		msgq(sp, M_ERR, "099|Address value overflow");
2286 		return;
2287 	case NUM_UNDER:
2288 		msgq(sp, M_ERR, "100|Address value underflow");
2289 		return;
2290 	}
2291 
2292 	/*
2293 	 * When encountering an address error, tell the user if there's no
2294 	 * underlying file, that's the real problem.
2295 	 */
2296 	if (sp->ep == NULL) {
2297 		ex_emsg(sp, cp != NULL ? cp->name : NULL, EXM_NOFILEYET);
2298 		return;
2299 	}
2300 
2301 	switch (ba) {
2302 	case A_COMBO:
2303 		msgq(sp, M_ERR, "101|Illegal address combination");
2304 		break;
2305 	case A_EOF:
2306 		if (db_last(sp, &lno))
2307 			return;
2308 		if (lno != 0) {
2309 			msgq(sp, M_ERR,
2310 			    "102|Illegal address: only %lu lines in the file",
2311 			    lno);
2312 			break;
2313 		}
2314 		/* FALLTHROUGH */
2315 	case A_EMPTY:
2316 		msgq(sp, M_ERR, "103|Illegal address: the file is empty");
2317 		break;
2318 	case A_NOTSET:
2319 		abort();
2320 		/* NOTREACHED */
2321 	case A_ZERO:
2322 		msgq(sp, M_ERR,
2323 		    "104|The %s command doesn't permit an address of 0",
2324 		    cp->name);
2325 		break;
2326 	}
2327 	return;
2328 }
2329 
2330 #if defined(DEBUG) && defined(COMLOG)
2331 /*
2332  * ex_comlog --
2333  *	Log ex commands.
2334  */
2335 static void
ex_comlog(sp,ecp)2336 ex_comlog(sp, ecp)
2337 	SCR *sp;
2338 	EXCMD *ecp;
2339 {
2340 	TRACE(sp, "ecmd: %s", ecp->cmd->name);
2341 	if (ecp->addrcnt > 0) {
2342 		TRACE(sp, " a1 %d", ecp->addr1.lno);
2343 		if (ecp->addrcnt > 1)
2344 			TRACE(sp, " a2: %d", ecp->addr2.lno);
2345 	}
2346 	if (ecp->lineno)
2347 		TRACE(sp, " line %d", ecp->lineno);
2348 	if (ecp->flags)
2349 		TRACE(sp, " flags 0x%x", ecp->flags);
2350 	if (F_ISSET(&exc, E_BUFFER))
2351 		TRACE(sp, " buffer %c", ecp->buffer);
2352 	if (ecp->argc)
2353 		for (cnt = 0; cnt < ecp->argc; ++cnt)
2354 			TRACE(sp, " arg %d: {%s}", cnt, ecp->argv[cnt]->bp);
2355 	TRACE(sp, "\n");
2356 }
2357 #endif
2358