The following fix to dfa.c was suggested by a static checking tool.
I'm applying it in the gawk code base.
Basically, it's theoretically possible for len to have run off the end
of the `str' array.
Thanks,
Arnold
diff --git a/dfa.c b/dfa.c
index 8b79eb7..490a075 100644
--- a/dfa.c
+++ b/dfa.c
@@ -1038,7 +1038,8 @@ parse_bracket_exp (void)
/* This is in any case an invalid class name. */
str[0] = '\0';
}
- str[len] = '\0';
+ if (len < BRACKET_BUFFER_SIZE)
+ str[len] = '\0';
/* Fetch bracket. */
FETCH_WC (c, wc, _("unbalanced ["));
