[project @ 2005-12-02 12:26:22 by simonmar]

Apply rev 1.24 from FreeBSD's copy of this file.  Commit message from
FreeBSD:

   The algorithm that computes the tables used in the BM search
   algorithm sometimes access an array beyond it's length. This only
   happens in the last iteration of a loop, and the value fetched is
   not used then, so the bug is a relatively innocent one. Fix this by
   not fetching any value on the last iteration of said loop.

   Submitted by:	MKI <mki@mozone.net>

This is the cause of bug #1194393 (crash in darcs on Windows).

diff --git a/cbits/regex/regcomp.c b/cbits/regex/regcomp.c
index be9fdfa..e58c6d1 100644 (file)
--- a/cbits/regex/regcomp.c
+++ b/cbits/regex/regcomp.c
@@ -2055,7 +2055,8 @@ struct re_guts *g;
                            g->mlen + ssuffix - suffix);
                         suffix++;
                 }
-                ssuffix = pmatches[ssuffix];
+               if (suffix < g->mlen)
+                       ssuffix = pmatches[ssuffix];
         }
 
        free(pmatches);