Program unexpected panic when multiply operation.

[bhao-Soo]

What version of regex are you using?

1.7.1

Describe the bug at a high level.

Program attempt to multiply with overflow, which causing a panic.

What are the steps to reproduce the behavior?

Using auto-generated fuzz target can reproduce the behavior. it was uploaded to the issue platform.
multiply_overflow.zip

Similar problems were found in the fuzzy test:

• regex/src/re_set.rs:419:1
• regex/src/re_trait.rs:23:23

What is the actual behavior?

Panic happens, the program crashes.

What is the expected behavior?

Multiply operation without causing a panic

[BurntSushi]

OK, unlike #948 and #949, this one looks like a valid bug. Again, a real example without all of the obfuscation is clearer:

fn main() {
    let pattern = "\n\n\n\n&;*****\0\u{2}**\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n****\u{f}*\u{19}\r.\u{19}";
    let group_index = 9944060567225171988;

    let re = regex::Regex::new(pattern).unwrap();
    let locs = re.capture_locations();
    dbg!(locs.get(group_index));
}

The contract of CaptureLocations::get is:

Returns the start and end positions of the Nth capture group. Returns None if i is not a valid capture group or if the capture group did not match anything. The positions returned are always byte indices with respect to the original string matched.

Obviously the offset here is quite pathological, but the correct return value here is None.

Thank you. Nice find.