command-name: Avoid read past end of input buffer in find_word().

When the input substring S is not null-terminated, find_word() could read
past its end looking for a non-digit.  This fixes the problem.

diff --git a/src/language/lexer/command-name.c b/src/language/lexer/command-name.c
index 8ef64d9f25754bfe9a5ddd846e632dc545fcc5bf..24443a0995b814c7d30e60c123b8924d14a7e5b8 100644 (file)
--- a/src/language/lexer/command-name.c
+++ b/src/language/lexer/command-name.c
@@ -60,7 +60,7 @@ find_word (struct substring *s, struct substring *word)
     }
   else if (c_isdigit (c))
     {
-      while (c_isdigit (s->string[ofs]))
+      while (ofs < s->length && c_isdigit (s->string[ofs]))
         ofs++;
     }
   ss_get_bytes (s, ofs, word);