Created attachment 11231 [details]
Patch for use-after-free bug, from Assaf Gordon
In <https://debbugs.gnu.org/32592#14> Saito Takaaki reported that a friend found a bug in GNU sed regex handling, and Assaf Gordon has found that this was due to use-after-free relating to the back-references. Assaf has a fix, which I'm attaching.
In that same thread, Jim Meyering noted <https://debbugs.gnu.org/32592#35> that there was some seemingly-useless code immediately after Assaf's bug fix. I have looked into this, and it turns out that this code does not properly report an error when heap allocation fails; instead, it just trudges onward and does goodness knows what. I'll attach a second patch for this nearby bug.
Created attachment 11232 [details]
Patch for heap-exhaustion bug
Assaf Gordon writes in <https://debbugs.gnu.org/32592#41> that the use-after-free bug was already reported as Bug#18040. The two bug reports should be merged.
As I mentioned in Comment 2, this is the same bug as Bug#18040. Resolving it as a duplicate.
*** This bug has been marked as a duplicate of bug 18040 ***