From 807a8338a3be8127dd23c69971668b7b0c6b79a2 Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@zsh.org>
Date: Thu, 1 Oct 2015 16:21:18 +0100
Subject: 36737: Ensure we don't dreference unterminated zero-length string

---
 ChangeLog     |  3 +++
 Src/pattern.c | 10 +++++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a51dc4795..14749d9ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2015-10-01  Peter Stephenson  <p.stephenson@samsung.com>
 
+	* 36737: Src/pattern.c: Ensure we are not dereferencing
+	zero-length unterminated string.
+
 	* 36735: Doc/Zsh/contrib.yo, Functions/Misc/zcalc: ~/.zcalcrc.
 
 	* Andrew Janke: 36729: MACHINES, NEWS, README: fix some typos.
diff --git a/Src/pattern.c b/Src/pattern.c
index 68a340919..04d3e3dfb 100644
--- a/Src/pattern.c
+++ b/Src/pattern.c
@@ -2224,8 +2224,10 @@ pattryrefs(Patprog prog, char *string, int stringlen, int unmetalenin,
 	maxnpos = *nump;
 	*nump = 0;
     }
-    /* inherited from domatch, but why, exactly? */
-    if (*string == Nularg) {
+    /*
+     * Special signalling of empty tokenised string.
+     */
+    if ((!patstralloc || stringlen > 0) && *string == Nularg) {
 	string++;
 	if (unmetalenin > 0)
 	    unmetalenin--;
@@ -2233,8 +2235,10 @@ pattryrefs(Patprog prog, char *string, int stringlen, int unmetalenin,
 	    stringlen--;
     }
 
-    if (stringlen < 0)
+    if (stringlen < 0) {
+	DPUTS(patstralloc != NULL, "length needed with patstralloc");
 	stringlen = strlen(string);
+    }
     origlen = stringlen;
 
     if (patstralloc) {
-- 
cgit 1.4.1