From 807a8338a3be8127dd23c69971668b7b0c6b79a2 Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@zsh.org>
Date: Thu, 1 Oct 2015 16:21:18 +0100
Subject: 36737: Ensure we don't dreference unterminated zero-length string

---
 Src/pattern.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'Src/pattern.c')

diff --git a/Src/pattern.c b/Src/pattern.c
index 68a340919..04d3e3dfb 100644
--- a/Src/pattern.c
+++ b/Src/pattern.c
@@ -2224,8 +2224,10 @@ pattryrefs(Patprog prog, char *string, int stringlen, int unmetalenin,
 	maxnpos = *nump;
 	*nump = 0;
     }
-    /* inherited from domatch, but why, exactly? */
-    if (*string == Nularg) {
+    /*
+     * Special signalling of empty tokenised string.
+     */
+    if ((!patstralloc || stringlen > 0) && *string == Nularg) {
 	string++;
 	if (unmetalenin > 0)
 	    unmetalenin--;
@@ -2233,8 +2235,10 @@ pattryrefs(Patprog prog, char *string, int stringlen, int unmetalenin,
 	    stringlen--;
     }
 
-    if (stringlen < 0)
+    if (stringlen < 0) {
+	DPUTS(patstralloc != NULL, "length needed with patstralloc");
 	stringlen = strlen(string);
+    }
     origlen = stringlen;
 
     if (patstralloc) {
-- 
cgit v1.2.3