[perl #125826] make the buffer large enough in TRIE_STORE_REVCHAR

Since the SV is discarded almost immediately (in non-DEBUGGING builds)
don't worry about making it the smallest possible size.

2 files changed, 10 insertions, 1 deletions

diff --git a/regcomp.c b/regcomp.c
index f08f08ff4a..4719d12c75 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -2001,7 +2001,7 @@ is the recommended Unicode-aware way of saying
 #define TRIE_STORE_REVCHAR(val)                                            \
     STMT_START {                                                           \
 	if (UTF) {							   \
-            SV *zlopp = newSV(7); /* XXX: optimize me */                   \
+            SV *zlopp = newSV(UTF8_MAXBYTES);				   \
 	    unsigned char *flrbbbbb = (unsigned char *) SvPVX(zlopp);	   \
             unsigned const char *const kapow = uvchr_to_utf8(flrbbbbb, val); \
 	    SvCUR_set(zlopp, kapow - flrbbbbb);				   \
diff --git a/t/re/pat_advanced.t b/t/re/pat_advanced.t
index 230fd891a6..33647f321c 100644
--- a/t/re/pat_advanced.t
+++ b/t/re/pat_advanced.t
@@ -2419,6 +2419,15 @@ EOF
                         'No segfault on qr{(?&foo){0}abc(?<foo>)}');
     }
 
+    SKIP:
+    {   # [perl #125826] buffer overflow in TRIE_STORE_REVCHAR
+        # (during compilation, so use a fresh perl)
+        $Config{uvsize} == 8
+	  or skip("need large code-points for this test", 1);
+	fresh_perl_is('/\x{E000000000}|/ and print qq(ok\n)', "ok\n", {},
+		      "buffer overflow in TRIE_STORE_REVCHAR");
+    }
+
     # !!! NOTE that tests that aren't at all likely to crash perl should go
     # a ways above, above these last ones.