libiberty: Fix off-by-one when collecting range expression

Fixes this error during build of fixincludes:

In function ‘byte_regex_compile’,
    inlined from ‘xregcomp’ at ../libiberty/../../libiberty/regex.c:7973:11:
../libiberty/../../libiberty/regex.c:3477:29: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
 3477 |                     str[c1] = '\0';
      |                             ^
../libiberty/../../libiberty/regex.c: In function ‘xregcomp’:
../libiberty/../../libiberty/regex.c:3454:35: note: at offset 128 into destination object ‘str’ of size 128
 3454 |                     unsigned char str[128];     /* Should be large enough.  */
      |                                   ^

	* regex.c (regex_compile): Don't write beyond array bounds when
	collecting range expression.

diff --git a/libiberty/regex.c b/libiberty/regex.c
index bc36f43d450a08682e0358336a0942cc91401939..8337deaef5af3a6624fe3f591c04a1b1eedb3344 100644 (file)
--- a/libiberty/regex.c
+++ b/libiberty/regex.c
@@ -3468,7 +3468,7 @@ PREFIX(regex_compile) (const char *ARG_PREFIX(pattern),
                        PATFETCH (c);
                        if ((c == '.' && *p == ']') || p == pend)
                          break;
-                       if (c1 < sizeof (str))
+                       if (c1 < sizeof (str) - 1)
                          str[c1++] = c;
                        else
                          /* This is in any case an invalid class name.  */