From 608951844e496f595cb1c8f299506dc41908147f Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sun, 24 May 2026 13:11:09 +0200 Subject: [PATCH] BUG/MEDIUM: regex: allocate a large enough pcre2 match for all matches In 3.3 with commit fda6dc959 ("MINOR: regex: use a thread-local match pointer for pcre2") we got a thread-local match that saves us from having to allocate a match array with each match. However something was clearly overlooked or misunderstood in the pcre2 API because the local match array was initialized via pcre2_match_data_create() for MAX_MATCH-1 entries instead of MAX_MATCH, despite the commit message mentioning MAX_MATCH entries. It was possibly confused with an index. Due to this there is a risk of crash when matching more than 9 groups in a regex. This fix must be backported to 3.3. --- src/regex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/regex.c b/src/regex.c index 524afc925..0f192f725 100644 --- a/src/regex.c +++ b/src/regex.c @@ -444,7 +444,7 @@ INITCALL0(STG_REGISTER, regex_register_build_options); #ifdef USE_PCRE2 static int init_pcre2_per_thread(void) { - local_pcre2_match = pcre2_match_data_create(MAX_MATCH - 1, NULL); + local_pcre2_match = pcre2_match_data_create(MAX_MATCH, NULL); if (!local_pcre2_match) { ha_alert("Failed to allocate PCRE2 match data context for thread %u.\n", tid); return 0;