#20 null pointer dereference in function get_signed_expression()

[chiba taiki]

Hi,

While fuzzing ATasm 1.09, I found null pointer dereference in the function get_signed_expression(),in setparse.c

─── source:setparse.c+173 ────
    168    char math[]="[]*/+-&|^<>=";
    169
    170    buf[0]=0;
    171    walk=buf;
    172    look=str;
           // look=0x00007fffffffd210  →  0x0000000000000000
 →  173    while(*look) {
    174      if (*look=='*') {
    175        if ((walk==buf)||((!ISDIGIT(*(walk-1)))&&(*(walk-1)!=']'))||
    176            (*(look+1)=='*')) {
    177          snprintf(work,256,"%d",pc);
    178          strcpy(walk,work);
─── threads ────
[#0] Id 1, Name: "atasm", stopped 0x555555560d49 in get_signed_expression (), reason: SIGSEGV
───── trace ────
[#0] 0x555555560d49 → get_signed_expression(str=0x0, tp=0x1)
[#1] 0x555555560205 → get_expression(str=0x0, tp=0x1)
[#2] 0x55555555aae0 → proc_sym(sym=0x555555581e80)
[#3] 0x55555555b5fe → do_cmd(buf=0x55555556c500 <buf> "")
[#4] 0x55555555b715 → assemble(fname=0x7fffffffd7c0 "demo2")
[#5] 0x55555555cc56 → main(argc=0x2, argv=0x7fffffffddc8)
─────────────

reproduce:

atasm null_pointer_dereference_03_setparse_173