regcomp: avoid overflow setting last_start_max

The dubious '((*ACCEPT)0)*' construct resulted on the one hand with
is_inf being false, but on the other setting pos_delta to OPTIMIZE_INFTY.

2 files changed, 12 insertions, 3 deletions

diff --git a/regcomp.c b/regcomp.c
index b208c01f09..097094cfc5 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -5306,8 +5306,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
 		   offset, later match for variable offset.  */
 		if (data->last_end == -1) { /* Update the start info. */
 		    data->last_start_min = data->pos_min;
- 		    data->last_start_max = is_inf
-                        ? OPTIMIZE_INFTY : data->pos_min + data->pos_delta;
+                    data->last_start_max =
+                        is_inf ? OPTIMIZE_INFTY
+                        : (data->pos_delta > OPTIMIZE_INFTY - data->pos_min)
+                            ? OPTIMIZE_INFTY : data->pos_min + data->pos_delta;
 		}
 		sv_catpvn(data->last_found, STRING(scan), bytelen);
 		if (UTF)
diff --git a/t/re/pat.t b/t/re/pat.t
index 455132085c..6ece306b5b 100644
--- a/t/re/pat.t
+++ b/t/re/pat.t
@@ -24,7 +24,7 @@ BEGIN {
 
 skip_all_without_unicode_tables();
 
-plan tests => 1019;  # Update this when adding/deleting tests.
+plan tests => 1020;  # Update this when adding/deleting tests.
 
 run_tests() unless caller;
 
@@ -2264,6 +2264,13 @@ SKIP:
                 'ok', {}, "gh16947: test fix doesn't break SUSPEND");
     }
 
+    # gh17730: should not crash
+    {
+        fresh_perl_is(q{
+            "q00" =~ m{(((*ACCEPT)0)*00)?0(?1)}; print "ok"
+        }, 'ok', {}, 'gh17730: should not crash');
+    }
+
 } # End of sub run_tests
 
 1;