From 11ea45c9e47d13e13e3e539551e2df300f995c11 Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Thu, 20 Jan 2022 13:42:56 +0200
Subject: [PATCH] Fix UB in ebrowse

* lib-src/ebrowse.c (matching_regexp): Avoid writing beyond the
limits of 'matching_regexp_buffer'.  Patch by Jan Stranik
<jan@stranik.org>.  (Bug#53333)

Copyright-paperwork-exempt: yes
---
 lib-src/ebrowse.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib-src/ebrowse.c b/lib-src/ebrowse.c
index 04ae018464e..ac7e7901878 100644
--- a/lib-src/ebrowse.c
+++ b/lib-src/ebrowse.c
@@ -1925,7 +1925,15 @@ matching_regexp (void)
       *--s = *--t;
 
       if (*s == '"' || *s == '\\')
-        *--s = '\\';
+	{
+	  if (s > matching_regexp_buffer)
+	    *--s = '\\';
+	  else
+	    {
+	      s++;
+	      break;
+	    }
+	}
     }
 
   *(matching_regexp_end_buf - 1) = '\0';
-- 
2.39.2