Bug#707824: less: crashes with multiple group regex

[Richard Hansen]

This bug does affect i386.  To reproduce for either i386 or amd64, run
the following:

    newline=$(printf \\nx); newline=${newline%x}
    echo x | LESS="+g/(((((x)))))${newline}" less

Downstream Ubuntu bug report:
https://bugs.launchpad.net/bugs/1521043

This bug was fixed in upstream version 481.  Attached is a debdiff that
cherry-picks the fix from version 481.

-Richard

diff -Nru less-458/debian/changelog less-458/debian/changelog
--- less-458/debian/changelog	2014-09-08 00:35:22.000000000 -0400
+++ less-458/debian/changelog	2015-11-29 23:55:52.000000000 -0500
@@ -1,3 +1,10 @@
+less (458-4) unstable; urgency=medium
+
+  * Cherry-pick upstream fix for double free in regular expression
+    code.  (Closes: #707824; LP: #1521043)
+
+ -- Richard Hansen <rhan...@rhansen.org>  Sun, 29 Nov 2015 22:40:34 -0500
+
 less (458-3) unstable; urgency=medium
 
   * debian/control:
diff -Nru less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch
--- less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch	1969-12-31 19:00:00.000000000 -0500
+++ less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch	2015-11-29 23:55:14.000000000 -0500
@@ -0,0 +1,30 @@
+Description: fix double free with multiple regex groups
+Author: Mark Nudelman <ma...@greenwoodsoftware.com>
+Origin: upstream, from version 481 (upstream doesn't have a public VCS)
+Forwarded: not-needed
+Applied-Upstream: 481
+Last-Update: 2015-11-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/pattern.c
++++ b/pattern.c
+@@ -287,18 +287,14 @@
+ #if HAVE_GNU_REGEX
+ 	{
+ 		struct re_registers search_regs;
+-		regoff_t *starts = (regoff_t *) ecalloc(1, sizeof (regoff_t));
+-		regoff_t *ends = (regoff_t *) ecalloc(1, sizeof (regoff_t));
+ 		spattern->not_bol = notbol;
+-		re_set_registers(spattern, &search_regs, 1, starts, ends);
++		spattern->regs_allocated = REGS_UNALLOCATED;
+ 		matched = re_search(spattern, line, line_len, 0, line_len, &search_regs) >= 0;
+ 		if (matched)
+ 		{
+ 			*sp = line + search_regs.start[0];
+ 			*ep = line + search_regs.end[0];
+ 		}
+-		free(starts);
+-		free(ends);
+ 	}
+ #endif
+ #if HAVE_POSIX_REGCOMP
diff -Nru less-458/debian/patches/series less-458/debian/patches/series
--- less-458/debian/patches/series	2012-01-30 23:34:10.000000000 -0500
+++ less-458/debian/patches/series	2015-11-29 23:55:14.000000000 -0500
@@ -1,2 +1,3 @@
 01-434417-LESS_IS_MORE.patch
 02-655926-more_can_go_backwards.patch
+03-707824-fix_double_free_with_multiple_regex_groups.patch