From 6cdf22b5dd07461399c83c033333f366ec4bd85b Mon Sep 17 00:00:00 2001
From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Sat, 13 Jul 2019 17:01:10 +0200
Subject: [PATCH] Fix out-of-bounds buffer read in Scintilla MMIXAL lexer

Fix off-by-1 error in the loop condition.

Apply our own minimal fix because Upstream is aware of the bug (see
https://sourceforge.net/p/scintilla/bugs/2019/) but refuses to fix it
there.

Closes #18440.
---
 src/stc/scintilla/lexers/LexMMIXAL.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/stc/scintilla/lexers/LexMMIXAL.cxx b/src/stc/scintilla/lexers/LexMMIXAL.cxx
index 2a152b8a8f..83604f82f6 100644
--- a/src/stc/scintilla/lexers/LexMMIXAL.cxx
+++ b/src/stc/scintilla/lexers/LexMMIXAL.cxx
@@ -103,7 +103,7 @@ static void ColouriseMMIXALDoc(Sci_PositionU startPos, Sci_Position length, int
 				char s[100];
 				sc.GetCurrent(s, sizeof(s));
 				if (*s == ':') {	// ignore base prefix for match
-					for (size_t i = 0; i != sizeof(s); ++i) {
+					for (size_t i = 0; i != sizeof(s)-1; ++i) {
 						*(s+i) = *(s+i+1);
 					}
 				}