PATCH: [perl #133642] Double free

This was caused by doing a SAVEFREEPV twice.  The solution is to not do
this twice.

But this means that if the process unexpectedly dies, there is a
potential memory leak.  That potential already exists with other
variables, and has its own ticket #133589.

Author: khwilliamson

regcomp.c

@@ -7533,15 +7533,6 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
 
     SetProgLen(RExC_rxi,RExC_size);
 
-    /* The values for the two variables below are now immutable, we can add
-     * them to the list to free without overwhelming it */
-    if (RExC_open_parens) {
-        SAVEFREEPV(RExC_open_parens);
-    }
-    if (RExC_close_parens) {
-        SAVEFREEPV(RExC_close_parens);
-    }
-
     /* Update the string to compile, with correct modifiers, etc */
     set_regex_pv(pRExC_state, Rx);
 
@@ -8094,6 +8085,15 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
     });
 #endif
 
+    if (RExC_open_parens) {
+        Safefree(RExC_open_parens);
+        RExC_open_parens = NULL;
+    }
+    if (RExC_close_parens) {
+        Safefree(RExC_close_parens);
+        RExC_close_parens = NULL;
+    }
+
 #ifdef USE_ITHREADS
     /* under ithreads the ?pat? PMf_USED flag on the pmop is simulated
      * by setting the regexp SV to readonly-only instead. If the

t/re/pat.t

@@ -23,7 +23,7 @@ BEGIN {
     skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
     skip_all_without_unicode_tables();
 
-plan tests => 849;  # Update this when adding/deleting tests.
+plan tests => 850;  # Update this when adding/deleting tests.
 
 run_tests() unless caller;
 
@@ -1950,6 +1950,9 @@ EOP
     {   # [perl $132164]
         fresh_perl_is('m m0*0+\Rm', "",{},"Undefined behavior in address sanitizer");
     }
+    {   # [perl #133642]
+        fresh_perl_is('m/((?<=(0?)))/', "Variable length lookbehind not implemented in regex m/((?<=(0?)))/ at - line 1.",{},"Was getting 'Double free'");
+    }
 
 } # End of sub run_tests