Description: Do not crash if regexp is too long for our buffer
Author: Ian Jackson <iwj@ubuntu.com>, Jonathan Nieder <jrnieder@gmail.com>
Bug-Ubuntu: https://bugs.launchpad.net/bug/23494
Bug-Debian: http://bugs.debian.org/391051

--- a/scan.c
+++ b/scan.c
@@ -1033,6 +1033,15 @@
    STRING *sval ;
 
    while (1)
+   {
+      if (p >= string_buff + MIN_SPRINTF - 2)
+      {
+          compile_error(
+			  "regular expression /%.10s ..."
+			  " exceeds implementation size limit",
+			  string_buff) ;
+	  mawk_exit(2) ;
+      }
       switch (scan_code[*p++ = next()])
       {
 	 case SC_DIV:		/* done */
@@ -1070,6 +1079,7 @@
 	    }
 	    break ;
       }
+   }
 
 out:
    /* now we've got the RE, so compile it */
--- a/test/mawktest
+++ b/test/mawktest
@@ -35,6 +35,13 @@
 
 cmp -s  reg-awk.out temp$$ || exit
 
+# 640 backslashes
+backslashes='\\\\\\\\\\'
+backslashes="$backslashes$backslashes$backslashes$backslashes"
+backslashes="$backslashes$backslashes$backslashes$backslashes"
+backslashes="$backslashes$backslashes$backslashes$backslashes"
+( set +e; LC_ALL=C mawk "/a$backslashes/" $dat; test $? -eq 2 ) || exit
+
 echo regular expression matching OK
 #######################################
 
