From 5c516341171745a8308204085a8018e13cedd561 Mon Sep 17 00:00:00 2001
From: Hugo van der Sanden <hv@crypt.org>
Date: Wed, 22 Apr 2020 13:24:02 +0100
Subject: [PATCH 1/2] regcomp: avoid overflow setting last_start_max

The dubious '((*ACCEPT)0)*' construct resulted on the one hand with
is_inf being false, but on the other setting pos_delta to OPTIMIZE_INFTY.
---
 regcomp.c  | 6 ++++--
 t/re/pat.t | 9 ++++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/regcomp.c b/regcomp.c
index b208c01f09fe..097094cfc504 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -5306,8 +5306,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
 		   offset, later match for variable offset.  */
 		if (data->last_end == -1) { /* Update the start info. */
 		    data->last_start_min = data->pos_min;
- 		    data->last_start_max = is_inf
-                        ? OPTIMIZE_INFTY : data->pos_min + data->pos_delta;
+                    data->last_start_max =
+                        is_inf ? OPTIMIZE_INFTY
+                        : (data->pos_delta > OPTIMIZE_INFTY - data->pos_min)
+                            ? OPTIMIZE_INFTY : data->pos_min + data->pos_delta;
 		}
 		sv_catpvn(data->last_found, STRING(scan), bytelen);
 		if (UTF)
diff --git a/t/re/pat.t b/t/re/pat.t
index 455132085c00..6ece306b5b5b 100644
--- a/t/re/pat.t
+++ b/t/re/pat.t
@@ -24,7 +24,7 @@ BEGIN {
 
 skip_all_without_unicode_tables();
 
-plan tests => 1019;  # Update this when adding/deleting tests.
+plan tests => 1020;  # Update this when adding/deleting tests.
 
 run_tests() unless caller;
 
@@ -2264,6 +2264,13 @@ SKIP:
                 'ok', {}, "gh16947: test fix doesn't break SUSPEND");
     }
 
+    # gh17730: should not crash
+    {
+        fresh_perl_is(q{
+            "q00" =~ m{(((*ACCEPT)0)*00)?0(?1)}; print "ok"
+        }, 'ok', {}, 'gh17730: should not crash');
+    }
+
 } # End of sub run_tests
 
 1;

From d23733db32b12b784b2bf07cae6d645569636f6d Mon Sep 17 00:00:00 2001
From: Hugo van der Sanden <hv@crypt.org>
Date: Thu, 23 Apr 2020 14:33:55 +0100
Subject: [PATCH 2/2] study_chunk: temporary underflow guard for scan_commit

Numeric underflow on max_offset was being silently converted to
OPTIMIZE_INFTY by a misleading test. That test was removed in f6231ebfc0,
exposing multiple issues.

This restores the test in a more direct form for 5.32; it should
be removed after 5.32 is released so we can continue the search for
the underlying issues.
---
 regcomp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/regcomp.c b/regcomp.c
index 097094cfc504..ee9a2d2eea9b 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -1498,6 +1498,8 @@ S_scan_commit(pTHX_ const RExC_state_t *pRExC_state, scan_data_t *data,
                        ? OPTIMIZE_INFTY
                        : (l
                           ? data->last_start_max
+                          /* temporary underflow guard for 5.32 */
+                          : data->pos_delta < 0 ? OPTIMIZE_INFTY
                           : (data->pos_delta > OPTIMIZE_INFTY - data->pos_min
 					 ? OPTIMIZE_INFTY
 					 : data->pos_min + data->pos_delta));