#15 Null pointer dereference in macro_subst() function

[chiba taiki]

Hi,
I found a Null pointer dereference in the function, in symbol.c

Version
version ATasm 1.09

reproducible:

make 
atasm  null_pointer_dereference_01 

OS :
Ubuntu 20.04.2 LTS x86_64
gcc version 9.3.0

── source:symbol.c+689 ────
    684          } else {
    685            pnum--;
    686            if (pnum<max) {
    687              cmd=args;
    688              while(pnum) {
 →  689                cmd=cmd->nxt;
    690                pnum--;
    691              }
    692              if ((cmd->line[0]=='"')&&(!stype)) {  /* numeric value for string */
    693                int len=strlen(cmd->line)-2;
    694                snprintf(num,256,"%d",len); /* return str len */
─ threads ────
[#0] Id 1, Name: "atasm", stopped 0x55555555f568 in macro_subst (), reason: SIGSEGV
── trace ────
[#0] 0x55555555f568 → macro_subst(name=0x555555585260 "repeat block", in=0x55555556dce0 <line> "\t.word [* .TITLE \"A SAM PR\377\377\377\377M USING IOMAC.LIB\"%16666666666\266", '\066' <repeats 19 times>, ".INCLUDE sys  3,MESSAGE2,ofLENGTH", args=0x0, max=0x0)
[#1] 0x555555557386 → get_nxt_word(tp=0x0)
[#2] 0x55555555cef6 → assemble(fname=0x7fffffffd5e0 "./afl-collect-new/master:id:000164,sig:04,src:000866,time:7124060,op:flip1,pos:82")
[#3] 0x555555556839 → main(argc=<optimized out>, argv=0x7fffffffdc18)

gef➤  p cmd
$1 = (macro_line *) 0x0