Fix overwriting bug in fuzzsupport when text is very short

PhilipHazel · PhilipHazel · commit dd0bc880bca3 · 2024-03-09T17:01:03.000Z
diff --git a/ChangeLog b/ChangeLog
@@ -8,7 +8,7 @@ Version 10.44 xx-xxx-2024
 -------------------------
 
 1. If a pattern contained a variable-length lookbehind in which the first
-branch was not the one with the shortest minimym length, and the lookbehind
+branch was not the one with the shortest minimum length, and the lookbehind
 contained a capturing group, and elsewhere in the pattern there was another
 lookbehind that referenced that group, the pattern was incorrectly compiled,
 leading to unpredictable results, including crashes in JIT compiling. An
diff --git a/src/pcre2_fuzzsupport.c b/src/pcre2_fuzzsupport.c
@@ -295,10 +295,10 @@ Start the scan at the second character so there can be a lookbehind for a
 backslash, and end it before the end so that the next character can be checked
 for an opening brace. */
 
-for (size_t i = 1; i < size - 2; i++)
+if (size > 3) for (size_t i = 1; i < size - 2; i++)
   {
   size_t j;
-
+  
   if (wdata[i] != ')' || wdata[i-1] == '\\' || wdata[i+1] != '{') continue;
   i++;  /* Points to '{' */
 
