From c5f103984ae7e54de0616cf48d37af4295c95bdc Mon Sep 17 00:00:00 2001
From: Christophe CURIS <christophe.curis@free.fr>
Date: Sun, 18 May 2014 00:56:44 +0200
Subject: [PATCH] WUtil: fix undefined behaviour with $VARS in wexpandpath
 (Coverity #50244)

As reported by coverity, calling 'wexpandpath' with a path that contains
either '$()', '$(\0' or '$\0' would cause an undefined behaviour because
the 'buffer2' would be uninitialised.

Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
---
 WINGs/findfile.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/WINGs/findfile.c b/WINGs/findfile.c
index 6d0593cf..21ed7e22 100644
--- a/WINGs/findfile.c
+++ b/WINGs/findfile.c
@@ -138,17 +138,19 @@ char *wexpandpath(const char *path)
 		char *tmp;
 
 		if (*path == '$') {
-			int j = 0;
+			int j;
+
 			path++;
 			/* expand $(HOME) or $HOME style environment variables */
 			if (*path == '(') {
 				path++;
+				j = 0;
 				while (*path != 0 && *path != ')') {
 					if (j > PATH_MAX)
 						goto error;
 					buffer2[j++] = *(path++);
-					buffer2[j] = 0;
 				}
+				buffer2[j] = 0;
 				if (*path == ')') {
 					path++;
 					tmp = getenv(buffer2);
@@ -173,12 +175,13 @@ char *wexpandpath(const char *path)
 						goto error;
 				}
 			} else {
+				j = 0;
 				while (*path != 0 && *path != '/') {
 					if (j > PATH_MAX)
 						goto error;
 					buffer2[j++] = *(path++);
-					buffer2[j] = 0;
 				}
+				buffer2[j] = 0;
 				tmp = getenv(buffer2);
 				if (!tmp) {
 					if ((i += strlen(buffer2) + 1) > PATH_MAX ||