Hi,

Latest sed (4.7.4-f8503-dirty; and prior to this, e.g. 4.4) may trigger a stack overflow error by executing the following command.

echo 0 | ./sed '/\(\)\(\1\(\)\1\(\)\)*/c0' # equivalently sed -f c01.sed c01.in

ASan reports like this:

AddressSanitizer:DEADLYSIGNAL

=================================================================

==26879==ERROR: AddressSanitizer: stack-overflow on address 0x7ffea609bff8 (pc 0x0000005b0b76 bp 0x7ffea609c090 sp 0x7ffea609bf20 T0)

#0 0x5b0b75 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18

#1 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#2 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#3 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#4 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#5 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#6 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#7 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

...

#247 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#248 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

#249 0x5b0ed3 in check_dst_limits_calc_pos_1 /home/hongxu/FOT/sed-O0/./lib/regexec.c:1948:7

SUMMARY: AddressSanitizer: stack-overflow /home/hongxu/FOT/sed-O0/./lib/regexec.c:1912:18 in check_dst_limits_calc_pos_1

==26879==ABORTING

Best Regards,

Hongxu