fix #84: stack-buffer-overflow in mbc_enc_len

diff --git a/src/regexec.c b/src/regexec.c
index e24ba9f2dae82dc39e0dce5cca2411e9a980ae4e..694981d5bfae0e30bee34d24b33d9f368d49a400 100644 (file)
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -3395,9 +3395,10 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
         sprev = s;
         if (backref_match_at_nested_level(reg, stk, stk_base, ic
                      , case_fold_flag, (int )level, (int )tlen, p, &s, end)) {
-          while (sprev + (len = enclen(encode, sprev)) < s)
-            sprev += len;
-
+          if (sprev < end) {
+            while (sprev + (len = enclen(encode, sprev)) < s)
+              sprev += len;
+          }
           p += (SIZE_MEMNUM * tlen);
         }
         else