From 83aeccb25e1fffd5d042e72c1d58ec14d0b98a63 Mon Sep 17 00:00:00 2001
From: Joshua Sled <jsled@asynchronous.org>
Date: Tue, 28 Feb 2006 01:26:43 +0000
Subject: [PATCH] Bug#332804: fix infinite loop in parsing malformed functions
 (e.g. "ipmt(1:2:)").

git-svn-id: svn+ssh://svn.gnucash.org/repo/gnucash/trunk@13416 57a11ea4-9604-0410-9ed3-97b8803252fd
---
 ChangeLog                           |  3 +++
 src/calculation/expression_parser.c | 11 +++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d79e215279..1a4cc5327e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2006-02-27  Joshua Sled  <jsled@asynchronous.org>
 
+	* src/calculation/expression_parser.c (primary_exp): Fix infinite
+	loop in parsing malformed functions (e.g. "ipmt(1:2:)"). Bug#332804.
+
 	* src/app-utils/gnc-exp-parser.c (func_op): No longer crashes on
 	an invalid formula, though it's also not very clear what's going
 	on.  Basically fixes Bug#137885.
diff --git a/src/calculation/expression_parser.c b/src/calculation/expression_parser.c
index eff4d365d4..a1439a28c0 100644
--- a/src/calculation/expression_parser.c
+++ b/src/calculation/expression_parser.c
@@ -832,9 +832,9 @@ next_token (parser_env_ptr pe)
 
     *nstr = EOS;
     if ( funcFlag ) {
-      add_token( pe, FN_TOKEN );
+      add_token(pe, FN_TOKEN);
     } else {
-      add_token (pe, VAR_TOKEN);
+      add_token(pe, VAR_TOKEN);
     }
 
   }
@@ -1147,13 +1147,12 @@ primary_exp (parser_env_ptr pe)
         assignment_op(pe);
         if ( pe->error_code )
           return;
-
-        funcArgCount++;
-        if ( pe->Token == ')' ) {
+        if (!pe->Token || pe->Token == ')') {
           break;
         }
+        funcArgCount++;
         next_token(pe);
-      } while ( pe->Token != ARG_TOKEN );
+      } while (pe->Token != ARG_TOKEN);
 
       if ( pe->Token != ')' ) {
         add_token( pe, EOS );