From fe94004d513ab9cdb44c9b9f1b60bd54b118aef7 Mon Sep 17 00:00:00 2001
From: Gabe DiFiore <difioregabe@gmail.com>
Date: Mon, 20 Apr 2026 03:36:16 -0400
Subject: [PATCH] Fix stack buffer overflow in `rvermicelliDoubleExecReal()`
 (#392)

Fix stack buffer overflow in rvermicelliDoubleExecReal

Remove unconditional snprintf that writes input buffer length into
fixed 255-byte stack buffer. On inputs >255 bytes, this causes stack
smash detected by FORTIFY_SOURCE. The removed lines were debug
scaffolding that duplicated the DEBUG_PRINTF above them.

Fixes crash on patterns like ".*literal" with buffers >255 bytes.
---
 src/nfa/vermicelli_simd.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/nfa/vermicelli_simd.cpp b/src/nfa/vermicelli_simd.cpp
index e8210f2c..3bea78b9 100644
--- a/src/nfa/vermicelli_simd.cpp
+++ b/src/nfa/vermicelli_simd.cpp
@@ -368,9 +368,6 @@ const u8 *rvermicelliDoubleExecReal(char c1, char c2, SuperVector<S> const casem
     assert(buf < buf_end);
     DEBUG_PRINTF("rverm %p len %zu\n", buf, buf_end - buf);
     DEBUG_PRINTF("b %s\n", buf);
-    char s[255];
-    snprintf(s, buf_end - buf + 1, "%s", buf);
-    DEBUG_PRINTF("b %s\n", s);
 
     const u8 *d = buf_end;
     const u8 *rv;
-- 
2.47.3