Save and restore PL_regeol for op inside of regex (RT ##66110)

If the op inside of a (?{ }) construct is another regex, the two
regexen end up corrupting each others' end-of-string markers,
resulting in various pathologies including access violations,
stack corruptions, and memory use growing without bound.

The change here is intended to be a relatively safe, cheap way to
prevent memory errors and makes no attempt to save and restore
other aspects of regex state; i.e., general purpose reentrancy
for the regex engine is still a TODO.

diff --git a/regexec.c b/regexec.c
index f3c9540..d3dd612 100644 (file)
--- a/regexec.c
+++ b/regexec.c
@@ -3716,6 +3716,7 @@ S_regmatch(pTHX_ regmatch_info *reginfo, regnode *prog)
                OP_4tree * const oop = PL_op;
                COP * const ocurcop = PL_curcop;
                PAD *old_comppad;
+               char *saved_regeol = PL_regeol;
            
                n = ARG(scan);
                PL_op = (OP_4tree*)rexi->data->data[n];
@@ -3741,6 +3742,7 @@ S_regmatch(pTHX_ regmatch_info *reginfo, regnode *prog)
                PL_op = oop;
                PAD_RESTORE_LOCAL(old_comppad);
                PL_curcop = ocurcop;
+               PL_regeol = saved_regeol;
                if (!logical) {
                    /* /(?{...})/ */
                    sv_setsv(save_scalar(PL_replgv), ret);