[Bug #20886] Avoid double-free in regex timeout after stack_double (#12063)

Fix regex timeout double-free after stack_double As of 10574857ce167869524b97ee862b610928f6272f, it's possible to crash on a double free due to `stk_alloc` AKA `msa->stack_p` being freed twice, once at the end of match_at and a second time in `FREE_MATCH_ARG` in the parent caller. Fixes [Bug #20886]
author: John Hawthorn <john@hawthorn.email> 2024-11-12 09:04:21 -0800
committer: GitHub <noreply@github.com> 2024-11-12 09:04:21 -0800
commit: f4258aaed02ee7be761f2499b0b6243a8f37b7cb (patch)
tree: 989920cfa73194b0121aaee72fd8236a36d34d40 /test
parent: a51a6bf6926241704593b9439e91c06ee6f3ee61 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/test/ruby/test_regexp.rb b/test/ruby/test_regexp.rb
index 6b9efcb555..010be01960 100644
--- a/test/ruby/test_regexp.rb
+++ b/test/ruby/test_regexp.rb
@@ -1838,6 +1838,13 @@ class TestRegexp < Test::Unit::TestCase
     end;
   end
 
+  def test_bug_20886
+    re = Regexp.new("d()*+|a*a*bc", timeout: 0.02)
+    assert_raise(Regexp::TimeoutError) do
+      re === "b" + "a" * 1000
+    end
+  end
+
   def per_instance_redos_test(global_timeout, per_instance_timeout, expected_timeout)
     assert_separately([], "#{<<-"begin;"}\n#{<<-'end;'}")
       global_timeout = #{ EnvUtil.apply_timeout_scale(global_timeout).inspect }
author	John Hawthorn <john@hawthorn.email>	2024-11-12 09:04:21 -0800
committer	GitHub <noreply@github.com>	2024-11-12 09:04:21 -0800
commit	f4258aaed02ee7be761f2499b0b6243a8f37b7cb (patch)
tree	989920cfa73194b0121aaee72fd8236a36d34d40 /test
parent	a51a6bf6926241704593b9439e91c06ee6f3ee61 (diff)