===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sed/compile.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- src/usr.bin/sed/compile.c	2014/10/08 04:19:08	1.36
+++ src/usr.bin/sed/compile.c	2014/12/12 03:32:55	1.37
@@ -1,4 +1,4 @@
-/*	$OpenBSD: compile.c,v 1.36 2014/10/08 04:19:08 deraadt Exp $	*/
+/*	$OpenBSD: compile.c,v 1.37 2014/12/12 03:32:55 jsg Exp $	*/
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -538,7 +538,7 @@
 {
 	int gn;			/* True if we have seen g or n */
 	long l;
-	char wfile[PATH_MAX], *q;
+	char wfile[PATH_MAX], *q, *eq;
 
 	s->n = 1;				/* Default */
 	s->p = 0;
@@ -584,9 +584,12 @@
 #endif
 			EATSPACE();
 			q = wfile;
+			eq = wfile + sizeof(wfile) - 1;
 			while (*p) {
 				if (*p == '\n')
 					break;
+				if (q >= eq)
+					err(COMPILE, "wfile too long");
 				*q++ = *p++;
 			}
 			*q = '\0';