From 6eb4aca6a7f2f60f473580576d86686ed6a6ebec Mon Sep 17 00:00:00 2001
From: "K.Kosako" <kosako@sofnec.co.jp>
Date: Wed, 6 Nov 2019 17:32:29 +0900
Subject: [PATCH] fix #162: heap-buffer-overflow in fetch_interval_quantifier
 due to double PFETCH

---
 regparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/regparse.c b/regparse.c
index 324c414..70c36d5 100644
--- a/regparse.c
+++ b/regparse.c
@@ -4178,7 +4178,7 @@ fetch_interval_quantifier(UChar** src, UChar* end, PToken* tok, ScanEnv* env)
   if (PEND) goto invalid;
   PFETCH(c);
   if (IS_SYNTAX_OP(env->syntax, ONIG_SYN_OP_ESC_BRACE_INTERVAL)) {
-    if (c != MC_ESC(env->syntax)) goto invalid;
+    if (c != MC_ESC(env->syntax) || PEND) goto invalid;
     if (PEND) goto invalid;
     PFETCH(c);
   }