Fixes bugged #var $(expression).

bug #1: It was possible to create variables with illegal names.
bug #2: Expressions like "-30" or "+5" were incorrectly interpretted 
        as named variables which were then completely inaccessible.
bug #3: Deletion of existing named variable via #var $(expression)= 
        caused crash. (pointer to var-node was not set)

(Elestir)

1 files changed, 27 insertions, 9 deletions

diff --git a/cmd.c b/cmd.c
index 678d626..47fa38a 100644
--- a/cmd.c
+++ b/cmd.c
@@ -1619,17 +1619,35 @@ static void cmd_var __P1 (char *,arg)
 	    }
 	    if (pbuf)
 		buf = ptrdata(pbuf);
-	    else
-		buf = "";
-	    if (isdigit(*buf)) {
-		idx = atoi(buf);
-		if (idx < -NUMVAR || idx >= NUMPARAM) {
-		    print_error(error=OUT_RANGE_ERROR);
-		    ptrdel(pbuf);
-		    return;
+	    else {
+		print_error(error=INVALID_NAME_ERROR);
+		return;
+	    }
+	    char err_det;
+	    if (isdigit(*buf) || *buf=='-' || *buf=='+') {
+		if (sscanf(buf, "%d%c", &idx, &err_det)==1) {
+		    if (idx < -NUMVAR || idx >= NUMPARAM) {
+			print_error(error=OUT_RANGE_ERROR);
+			ptrdel(pbuf);
+			return;
+		    }
+		} else {
+		    print_error(error=INVALID_NAME_ERROR);
+		    return;		
 		}
 	    } else {
-		if (!(named_var = *lookup_varnode(buf, kind))) {
+		if (!isalpha(*buf) && *buf!='_') {
+		    print_error(error=INVALID_NAME_ERROR);
+		    return;
+		}
+		tmp = buf + 1;
+	        while (*tmp && (isalnum(*tmp) || *tmp=='_'))
+		    tmp++;		
+		if (*tmp) {
+		    print_error(error=INVALID_NAME_ERROR);
+		    return;
+		}
+		if (!(named_var = *(p_named_var = lookup_varnode(buf, kind)))) {
 		    if (!deleting) {
 			named_var = add_varnode(buf, kind);
 			if (REAL_ERROR) {