From 915da0ad475ec73ceba555ad9e36aea4ddb026a9 Mon Sep 17 00:00:00 2001
From: Duane Griffin <duaneg@dghda.com>
Date: Tue, 13 Sep 2016 18:34:42 +1200
Subject: [PATCH] Issue #27482: handle nul characters while reading input

A couple of places in the code are assuming that \0 characters are not
at the start of the buffer. If they are they read before the start into
uninitialised memory.
---
 Parser/tokenizer.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Parser/tokenizer.c b/Parser/tokenizer.c
index a29ba47..f0cb42c 100644
--- a/Parser/tokenizer.c
+++ b/Parser/tokenizer.c
@@ -1023,7 +1023,7 @@ tok_nextc(struct tok_state *tok)
                 else {
                     tok->done = E_OK;
                     tok->inp = strchr(tok->buf, '\0');
-                    done = tok->inp[-1] == '\n';
+                    done = tok->inp != tok->buf && tok->inp[-1] == '\n';
                 }
             }
             else {
@@ -1069,8 +1069,10 @@ tok_nextc(struct tok_state *tok)
                        fake one */
                     strcpy(tok->inp, "\n");
                 }
-                tok->inp = strchr(tok->inp, '\0');
-                done = tok->inp[-1] == '\n';
+                if (*tok->inp) {
+                    tok->inp = strchr(tok->inp, '\0');
+                    done = tok->inp[-1] == '\n';
+                }
             }
             if (tok->buf != NULL) {
                 tok->cur = tok->buf + cur;
-- 
2.10.0