From 71442509d092e900c46997b6f4d2fcddfc876251 Mon Sep 17 00:00:00 2001
From: Timo Sirainen <cras@irssi.org>
Date: Tue, 5 Nov 2002 13:10:58 +0000
Subject: [PATCH] Fixed some "buffer overflow" alerts when playing with buggy
 /EVAL values.

git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2984 dbcabf3a-b0e7-0310-adc4-f8d773084564
---
 src/core/special-vars.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/core/special-vars.c b/src/core/special-vars.c
index f7d69728..69066642 100644
--- a/src/core/special-vars.c
+++ b/src/core/special-vars.c
@@ -391,7 +391,7 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 	}
 
 	nest_free = FALSE; nest_value = NULL;
-	if (**cmd == '(') {
+	if (**cmd == '(' && (*cmd)[1] != '\0') {
 		/* subvariable */
 		int toplevel = nested_orig_cmd == NULL;
 
@@ -407,6 +407,9 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 						   flags);
 		}
 
+		if (nest_value == NULL || *nest_value == '\0')
+			return NULL;
+
 		while ((*nested_orig_cmd)[1] != '\0') {
 			(*nested_orig_cmd)++;
 			if (**nested_orig_cmd == ')')
@@ -421,6 +424,8 @@ char *parse_special(char **cmd, SERVER_REC *server, void *item,
 		brackets = FALSE;
 	else {
 		/* special value is inside {...} (foo${test}bar -> fooXXXbar) */
+		if ((*cmd)[1] == '\0')
+			return NULL;
 		(*cmd)++;
 		brackets = TRUE;
 	}