From: K.Kosako <kosako@sofnec.co.jp>
Date: Fri, 30 Mar 2018 09:50:14 +0000 (+0900)
Subject: fix #84: stack-buffer-overflow in mbc_enc_len
X-Git-Tag: v6.8.2^2~40
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=34c8cdd7513a4c4a8dd01564b2dffd011c88747a;p=onig

fix #84: stack-buffer-overflow in mbc_enc_len
---

diff --git a/src/regexec.c b/src/regexec.c
index e24ba9f..694981d 100644
--- a/src/regexec.c
+++ b/src/regexec.c
@@ -3395,9 +3395,10 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
         sprev = s;
         if (backref_match_at_nested_level(reg, stk, stk_base, ic
                      , case_fold_flag, (int )level, (int )tlen, p, &s, end)) {
-          while (sprev + (len = enclen(encode, sprev)) < s)
-            sprev += len;
-
+          if (sprev < end) {
+            while (sprev + (len = enclen(encode, sprev)) < s)
+              sprev += len;
+          }
           p += (SIZE_MEMNUM * tlen);
         }
         else