Segmentation fault with pipe (Array index out of bounds)

[A2Z-Ad]

I found segmentation fault with following operation.
( "man gcc" is enough large to cause segmentation fault in this case. :) )

$ hw --version
highway version 1.1.0
$ man gcc | hw hoge
Segmentation fault (core dumped)
$ man gcc | wc
  15597  101199  822142

It seems that the "search" function has the out of bounds access to array.
Please check the followings.

Segmentation fault happens in line 424.
The "read_sum" can become larger than NMAX by addition in line 416.

    392 int search(int fd,
    393            const char *pattern,
    394            int pattern_len,
    395            enum file_type t,
    396            match_line_list *match_lines,
    397            int thread_no)
    398 {
    399     char eol = '\n';
    400     size_t line_count = 0;
    401     size_t read_sum = 0;
    402     size_t n = NMAX;
    403     ssize_t read_len;
    404     int buf_offset = 0;
    405     int match_count = 0;
    406     bool do_search = false;
    407     char *buf = (char *)hw_calloc(n + 1, SIZE_OF_CHAR);
    408     char *last_new_line_scan_pos = buf;
    409     char *last_line_end;
    410 
    411     if (!op.use_regex) {
    412         prepare_fjs(pattern, pattern_len, t);
    413     }
    414 
    415     while ((read_len = read(fd, buf + buf_offset, NMAX)) > 0) {
    416         read_sum += read_len;
    417 
    418         // Search end position of the last line in the buffer. We search from the first posi    418 tion
    419         // and end position of the last line.
    420         size_t search_len;
    421         if (read_len < NMAX) {
    422             last_line_end = buf + read_sum;
    423             search_len = read_sum;
    424             buf[read_sum] = eol;
    425         } else {