From 7b674c2618cc5bc6ba79f4cbd001fb480483fedb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sun, 11 May 2025 10:26:17 +0200
Subject: [PATCH] core: add extra checks in function eval_string_range_chars

This is done in addition to changes made in commit
d475c1667142f6e4cb5dec8f3c75fb01d151fa83 to fix the buffer overflow, caused by
the call to function utf8_next_char.
---
 src/core/core-eval.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/core/core-eval.c b/src/core/core-eval.c
index 3a37ce064..4adf2c54f 100644
--- a/src/core/core-eval.c
+++ b/src/core/core-eval.c
@@ -302,6 +302,9 @@ eval_string_range_chars (const char *range)
     string = NULL;
     result = NULL;
 
+    if (!range || !range[0])
+        goto end;
+
     for (i = 0; eval_range_chars[i][0]; i++)
     {
         if (strcmp (range, eval_range_chars[i][0]) == 0)
@@ -311,11 +314,15 @@ eval_string_range_chars (const char *range)
     char1 = utf8_char_int (range);
 
     /* next char must be '-' */
+    if (!range[0])
+        goto end;
     ptr_char = utf8_next_char (range);
     if (!ptr_char || !ptr_char[0] || (ptr_char[0] != '-'))
         goto end;
 
     /* next char is the char2 */
+    if (!range[0])
+        goto end;
     ptr_char = utf8_next_char (ptr_char);
     if (!ptr_char || !ptr_char[0])
         goto end;