Index: pcretest.c
===================================================================
--- pcretest.c	(revision 1690)
+++ pcretest.c	(revision 1691)
@@ -426,11 +426,11 @@
 #define PCRE_COPY_NAMED_SUBSTRING32(rc, re, bptr, offsets, count, \
     namesptr, cbuffer, size) \
   rc = pcre32_copy_named_substring((pcre32 *)re, (PCRE_SPTR32)bptr, offsets, \
-    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/2)
+    count, (PCRE_SPTR32)namesptr, (PCRE_UCHAR32 *)cbuffer, size/4)
 
 #define PCRE_COPY_SUBSTRING32(rc, bptr, offsets, count, i, cbuffer, size) \
   rc = pcre32_copy_substring((PCRE_SPTR32)bptr, offsets, count, i, \
-    (PCRE_UCHAR32 *)cbuffer, size/2)
+    (PCRE_UCHAR32 *)cbuffer, size/4)
 
 #define PCRE_DFA_EXEC32(count, re, extra, bptr, len, start_offset, options, \
     offsets, size_offsets, workspace, size_workspace) \
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 1690)
+++ ChangeLog	(revision 1691)
@@ -37,7 +37,10 @@
 8. The alternative matching function, pcre_dfa_exec() misbehaved if it
 encountered a character class with a possessive repeat, for example [a-f]{3}+.
 
+9. When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer 
+length incorrectly, which could result in buffer overflow.
 
+
 Version 8.40 11-January-2017
 ----------------------------