From 2e4772befb2b1c37cb4b9d6572945115ee28630a Mon Sep 17 00:00:00 2001
From: Christian Egli <christian.egli@sbs.ch>
Date: Wed, 25 May 2022 18:08:36 +0200
Subject: [PATCH] Prevent an invalid memory writes in compileRule

Origin: https://github.com/liblouis/liblouis/commit/2e4772b

---
 liblouis/compileTranslationTable.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/liblouis/compileTranslationTable.c b/liblouis/compileTranslationTable.c
index a2ba81e..50b86a9 100644
--- a/liblouis/compileTranslationTable.c
+++ b/liblouis/compileTranslationTable.c
@@ -3244,12 +3244,14 @@ doOpcode:
 	case CTO_SeqAfterExpression:
 
 		if (getRuleCharsText(nested, &ruleChars, &lastToken)) {
-			for ((*table)->seqAfterExpressionLength = 0;
-					(*table)->seqAfterExpressionLength < ruleChars.length;
-					(*table)->seqAfterExpressionLength++)
-				(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] =
-						ruleChars.chars[(*table)->seqAfterExpressionLength];
-			(*table)->seqAfterExpression[(*table)->seqAfterExpressionLength] = 0;
+			if ((ruleChars.length + 1) > SEQPATTERNSIZE) {
+				compileError(nested, "More than %d characters", SEQPATTERNSIZE);
+				return 0;
+			}
+			for (int k = 0; k < ruleChars.length; k++)
+				(*table)->seqAfterExpression[k] = ruleChars.chars[k];
+			(*table)->seqAfterExpression[ruleChars.length] = 0;
+			(*table)->seqAfterExpressionLength = ruleChars.length;
 		}
 		break;
 
-- 
2.33.0