diff --git a/src/cmd/ksh93/sh/arith.c b/src/cmd/ksh93/sh/arith.c
index 214575de4..2a9097609 100644
--- a/src/cmd/ksh93/sh/arith.c
+++ b/src/cmd/ksh93/sh/arith.c
@@ -539,25 +539,28 @@ Sfdouble_t sh_strnum(register const char *str, char** ptr, int mode)
 	{
 		d = 0.0;
 		last = (char*)str;
-	} else {
+	}
+	else
+	{
 		errno = 0;
 		d = strtonll(str,&last,&base,-1);
-		if (*last && !shp->inarith && sh_isstate(SH_INIT)) {
+		if(*last && !shp->inarith && sh_isstate(SH_INIT))
+		{
 			/* This call is to handle "base#value" literals if we're importing untrusted env vars. */
 			errno = 0;
-			d = strtonll(str, &last, NULL, -1);
+			d = strtonll(str, &last, NIL(char*), -1);
 		}
-
 		if(*last || errno)
 		{
-			if (sh_isstate(SH_INIT)) {
+			if(sh_isstate(SH_INIT))
 				/*
 				 * Initializing means importing untrusted env vars. The string does not appear to be
 				 * a recognized numeric literal, so give up. We can't safely call strval(), because
 				 * that allows arbitrary expressions, causing security vulnerability CVE-2019-14868.
 				 */
 				d = 0.0;
-			} else {
+			else
+			{
 				if(!last || *last!='.' || last[1]!='.')
 					d = strval(shp,str,&last,arith,mode);
 				if(!ptr && *last && mode>0)
@@ -566,9 +569,9 @@ Sfdouble_t sh_strnum(register const char *str, char** ptr, int mode)
 					UNREACHABLE();
 				}
 			}
-		} else if (!d && *str=='-') {
-			d = -0.0;
 		}
+		else if(!d && *str=='-')
+			d = -0.0;
 	}
 	if(ptr)
 		*ptr = last;