Fixed some "buffer overflow" alerts when playing with buggy /EVAL values.

git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2984 dbcabf3a-b0e7-0310-adc4-f8d773084564
author: Timo Sirainen <cras@irssi.org> 2002-11-05 13:10:58 +0000
committer: cras <cras@dbcabf3a-b0e7-0310-adc4-f8d773084564> 2002-11-05 13:10:58 +0000
commit: 71442509d092e900c46997b6f4d2fcddfc876251 (patch)
tree: 587ff0de68060d1f1f396a2b39ccd8aa06c9ea09 /src
parent: da439fdbe4d66357e0836de87a2e38171e83248c (diff)
download: irssi-71442509d092e900c46997b6f4d2fcddfc876251.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/core/special-vars.c b/src/core/special-vars.c
index f7d69728..69066642 100644
--- a/src/core/special-vars.c
+++ b/src/core/special-vars.c
@@ -391,7 +391,7 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 	}
 
 	nest_free = FALSE; nest_value = NULL;
-	if (**cmd == '(') {
+	if (**cmd == '(' && (*cmd)[1] != '\0') {
 		/* subvariable */
 		int toplevel = nested_orig_cmd == NULL;
 
@@ -407,6 +407,9 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 						   flags);
 		}
 
+		if (nest_value == NULL || *nest_value == '\0')
+			return NULL;
+
 		while ((*nested_orig_cmd)[1] != '\0') {
 			(*nested_orig_cmd)++;
 			if (**nested_orig_cmd == ')')
@@ -421,6 +424,8 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 		brackets = FALSE;
 	else {
 		/* special value is inside {...} (foo${test}bar -> fooXXXbar) */
+		if ((*cmd)[1] == '\0')
+			return NULL;
 		(*cmd)++;
 		brackets = TRUE;
 	}
author	Timo Sirainen <cras@irssi.org>	2002-11-05 13:10:58 +0000
committer	cras <cras@dbcabf3a-b0e7-0310-adc4-f8d773084564>	2002-11-05 13:10:58 +0000
commit	71442509d092e900c46997b6f4d2fcddfc876251 (patch)
tree	587ff0de68060d1f1f396a2b39ccd8aa06c9ea09 /src
parent	da439fdbe4d66357e0836de87a2e38171e83248c (diff)
download	irssi-71442509d092e900c46997b6f4d2fcddfc876251.zip