Merge commit from fork

Completes the buffer-overflow fix from #87, which bounded writes into
`pcre_str` but left the initial `strcpy` of `pattern` into `l_pattern`
at the top of `ec_glob` unguarded. Sufficiently long patterns smash the
stack before any of the bounds-checked code runs.

Fix CVE-2026-40489

Author: xuhdev

src/lib/ec_glob.c

@@ -96,8 +96,12 @@ int ec_glob(const char *pattern, const char *string)
     _Bool                     are_braces_paired = 1;
     UT_array *                nums;     /* number ranges */
     int                       ret = 0;
+    size_t                    pattern_len = strlen(pattern);
 
-    strcpy(l_pattern, pattern);
+    /* Reject patterns that would overflow l_pattern in the copy below. */
+    if (pattern_len >= sizeof(l_pattern))
+        return -1;
+    memcpy(l_pattern, pattern, pattern_len + 1);
     p_pcre = pcre_str + 1;
     pcre_str_end = pcre_str + 2 * PATTERN_MAX;