Fix a case where we could go off the end of the buffer.

Crash found by Sergey Bronnikov using afl-fuzz.
Based on a diff from and OK by espie@

diff --git a/usr.bin/make/for.c b/usr.bin/make/for.c
index 64887d5..e285d2a 100644 (file)
--- a/usr.bin/make/for.c
+++ b/usr.bin/make/for.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: for.c,v 1.46 2015/01/23 13:18:40 espie Exp $  */
+/*     $OpenBSD: for.c,v 1.47 2017/12/05 17:47:09 millert Exp $        */
 /*     $NetBSD: for.c,v 1.4 1996/11/06 17:59:05 christos Exp $ */
 
 /*
@@ -155,9 +155,12 @@ For_Eval(const char *line)
                        Parse_Error(PARSE_FATAL, "Syntax error in for");
                        return 0;
                }
-               endVar = ptr++;
-               while (ISSPACE(*ptr))
+               endVar = ptr;
+               if (*ptr) {
                        ptr++;
+                       while (ISSPACE(*ptr))
+                               ptr++;
+               }
                /* End of variable list ? */
                if (endVar - wrd == 2 && wrd[0] == 'i' && wrd[1] == 'n')
                        break;