fix multi-byte-locale read-beyond-end-of-buffer error

Avoid read-beyond-end-of-buffer errors, evoked by running this:
LC_ALL=en_US.UTF-8 valgrind src/grep -f <(printf 'a\nb\n') <(echo c)

Conditional jump or move depends on uninitialised value(s)
   at 0x78136D: __gconv_transform_utf8_internal (in /lib/libc-2.11.so)
   by 0x7E7232: mbrtowc (in /lib/libc-2.11.so)
   by 0x8055773: dfaexec (dfa.c:2816)
   by 0x804D7B0: EGexecute (search.c:353)
   by 0x804ACD8: grepbuf (grep.c:1036)
   by 0x804B023: grep (grep.c:1156)
   by 0x804B460: grepfile (grep.c:1287)
   by 0x804CF0D: main (grep.c:2282)

Conditional jump or move depends on uninitialised value(s)
   at 0x7E7248: mbrtowc (in /lib/libc-2.11.so)
   by 0x8055773: dfaexec (dfa.c:2816)
   by 0x804D7B0: EGexecute (search.c:353)
   by 0x804ACD8: grepbuf (grep.c:1036)
   by 0x804B023: grep (grep.c:1156)
   by 0x804B460: grepfile (grep.c:1287)
   by 0x804CF0D: main (grep.c:2282)

* src/dfa.c (dfaexec) [MBS_SUPPORT]: Do not access one byte beyond
end of buffer.

1 files changed, 2 insertions, 2 deletions

diff --git a/src/dfa.c b/src/dfa.c
index d1d7f256..b50f98a5 100644
--- a/src/dfa.c
+++ b/src/dfa.c
@@ -2808,13 +2808,13 @@ dfaexec (struct dfa *d, char const *begin, size_t size, int *backref)
       MALLOC(inputwcs, wchar_t, end - (unsigned char const *)begin + 2);
       memset(&mbs, 0, sizeof(mbstate_t));
       remain_bytes = 0;
-      for (i = 0; i < end - (unsigned char const *)begin + 1; i++)
+      for (i = 0; i < end - (unsigned char const *)begin; i++)
 	{
 	  if (remain_bytes == 0)
 	    {
 	      remain_bytes
 		= mbrtowc(inputwcs + i, begin + i,
-			  end - (unsigned char const *)begin - i + 1, &mbs);
+			  end - (unsigned char const *)begin - i, &mbs);
 	      if (remain_bytes <= 1)
 		{
 		  remain_bytes = 0;