From d2c9f85f59ab7e58af68c5f89b64a95ac26e1e43 Mon Sep 17 00:00:00 2001
From: Peter Stephenson <pws@zsh.org>
Date: Thu, 20 Oct 2016 10:43:52 +0100
Subject: 39683: Update scan pointers after possible alloc.

Problem could cause next scan index to point into an invalid block
when handling meta characters.
---
 Src/pattern.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'Src/pattern.c')

diff --git a/Src/pattern.c b/Src/pattern.c
index 4e2f2369f..158bfd560 100644
--- a/Src/pattern.c
+++ b/Src/pattern.c
@@ -669,12 +669,16 @@ patcompile(char *exp, int inflags, char **endexp)
 				nmeta++;
 			if (nmeta) {
 			    char *oldpatout = patout;
+			    ptrdiff_t pd;
 			    patadd(NULL, 0, nmeta, 0);
 			    /*
 			     * Yuk.
 			     */
 			    p = (Patprog)patout;
-			    opnd = patout + (opnd - oldpatout);
+			    pd = patout - oldpatout;
+			    opnd += pd;
+			    pscan += pd;
+			    next += pd;
 			    dst = patout + startoff;
 			}
 
-- 
cgit v1.2.3