From d2c9f85f59ab7e58af68c5f89b64a95ac26e1e43 Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@zsh.org>
Date: Thu, 20 Oct 2016 10:43:52 +0100
Subject: 39683: Update scan pointers after possible alloc.

Problem could cause next scan index to point into an invalid block
when handling meta characters.
---
 ChangeLog     | 5 +++++
 Src/pattern.c | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 6e339b5ea..e7c7c8b07 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2016-10-20  Peter Stephenson  <p.stephenson@samsung.com>
+
+	* 39683: Src/pattern.c: Update scan pointer in pattern after
+	possible reallocation for meta handling.
+
 2016-10-19  Barton E. Schaefer  <schaefer@zsh.org>
 
 	* 39680: Src/mem.c: correctly handle case of popping last arena
diff --git a/Src/pattern.c b/Src/pattern.c
index 4e2f2369f..158bfd560 100644
--- a/Src/pattern.c
+++ b/Src/pattern.c
@@ -669,12 +669,16 @@ patcompile(char *exp, int inflags, char **endexp)
 				nmeta++;
 			if (nmeta) {
 			    char *oldpatout = patout;
+			    ptrdiff_t pd;
 			    patadd(NULL, 0, nmeta, 0);
 			    /*
 			     * Yuk.
 			     */
 			    p = (Patprog)patout;
-			    opnd = patout + (opnd - oldpatout);
+			    pd = patout - oldpatout;
+			    opnd += pd;
+			    pscan += pd;
+			    next += pd;
 			    dst = patout + startoff;
 			}
 
-- 
cgit v1.2.3