Hi! We found that in the latest pull, when `regcomp` with `REG_EXTENDED` is compiling pattern with multiple adjacent '+', like "1*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++", the memory would be exhausted very quickly. Because in `duplicate_tree` it exponentially calls `create_token_tree` which malloc all the memory, looks like it's easy to cause serious DOS. Checked the regex specification that said "multiple adjacent duplication symbols ( '+', '*', '?', and intervals) produces undefined results.", and seems like other regex implementation have handled this, maybe glibc needs to handle it too?
Created attachment 14373 [details] regex DOS poc please be caution to run it since it might exhaust all the memory within few seconds
Looks like a dup of PR 28864
Which seems to be a dup of PR 20095