Created attachment 11231 [details] Patch for use-after-free bug, from Assaf Gordon In <https://debbugs.gnu.org/32592#14> Saito Takaaki reported that a friend found a bug in GNU sed regex handling, and Assaf Gordon has found that this was due to use-after-free relating to the back-references. Assaf has a fix, which I'm attaching. In that same thread, Jim Meyering noted <https://debbugs.gnu.org/32592#35> that there was some seemingly-useless code immediately after Assaf's bug fix. I have looked into this, and it turns out that this code does not properly report an error when heap allocation fails; instead, it just trudges onward and does goodness knows what. I'll attach a second patch for this nearby bug.
Created attachment 11232 [details] Patch for heap-exhaustion bug
Assaf Gordon writes in <https://debbugs.gnu.org/32592#41> that the use-after-free bug was already reported as Bug#18040. The two bug reports should be merged.
As I mentioned in Comment 2, this is the same bug as Bug#18040. Resolving it as a duplicate. *** This bug has been marked as a duplicate of bug 18040 ***