PATCH: [perl #133871] heap-buffer-overflow in S_reginsert
The regex compiler was written assuming it knew how many parentheses
pairs there were at code generation time. When I converted to a single
pass in
7c932d07cab18751bfc7515b4320436273a459e2, most things were
straight forward to not have to know this number, but there were a few
where it was non-trivial (for me anyway) to figure out how to handle.
So I punted on these and do a second pass when these are encountered.
There are few of them and are less commonly used, namely (?R), (?|...)
and forward references to groups (which most commonly will end up being
a syntax error anyway).
The fix in this commit is to avoid doing some parentheses relocations
when a regnode is inserted when it is known that the parentheses counts
are unreliable (during initial parsing of one of these tricky
constructs). The code in the ticket is using a branch reset '(?|...)'.
A second pass will get done, and the insert properly handled then, after
the counts are reliable.