This bug does affect i386. To reproduce for either i386 or amd64, run the following:
newline=$(printf \\nx); newline=${newline%x} echo x | LESS="+g/(((((x)))))${newline}" less Downstream Ubuntu bug report: https://bugs.launchpad.net/bugs/1521043 This bug was fixed in upstream version 481. Attached is a debdiff that cherry-picks the fix from version 481. -Richard
diff -Nru less-458/debian/changelog less-458/debian/changelog --- less-458/debian/changelog 2014-09-08 00:35:22.000000000 -0400 +++ less-458/debian/changelog 2015-11-29 23:55:52.000000000 -0500 @@ -1,3 +1,10 @@ +less (458-4) unstable; urgency=medium + + * Cherry-pick upstream fix for double free in regular expression + code. (Closes: #707824; LP: #1521043) + + -- Richard Hansen <rhan...@rhansen.org> Sun, 29 Nov 2015 22:40:34 -0500 + less (458-3) unstable; urgency=medium * debian/control: diff -Nru less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch --- less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch 1969-12-31 19:00:00.000000000 -0500 +++ less-458/debian/patches/03-707824-fix_double_free_with_multiple_regex_groups.patch 2015-11-29 23:55:14.000000000 -0500 @@ -0,0 +1,30 @@ +Description: fix double free with multiple regex groups +Author: Mark Nudelman <ma...@greenwoodsoftware.com> +Origin: upstream, from version 481 (upstream doesn't have a public VCS) +Forwarded: not-needed +Applied-Upstream: 481 +Last-Update: 2015-11-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/pattern.c ++++ b/pattern.c +@@ -287,18 +287,14 @@ + #if HAVE_GNU_REGEX + { + struct re_registers search_regs; +- regoff_t *starts = (regoff_t *) ecalloc(1, sizeof (regoff_t)); +- regoff_t *ends = (regoff_t *) ecalloc(1, sizeof (regoff_t)); + spattern->not_bol = notbol; +- re_set_registers(spattern, &search_regs, 1, starts, ends); ++ spattern->regs_allocated = REGS_UNALLOCATED; + matched = re_search(spattern, line, line_len, 0, line_len, &search_regs) >= 0; + if (matched) + { + *sp = line + search_regs.start[0]; + *ep = line + search_regs.end[0]; + } +- free(starts); +- free(ends); + } + #endif + #if HAVE_POSIX_REGCOMP diff -Nru less-458/debian/patches/series less-458/debian/patches/series --- less-458/debian/patches/series 2012-01-30 23:34:10.000000000 -0500 +++ less-458/debian/patches/series 2015-11-29 23:55:14.000000000 -0500 @@ -1,2 +1,3 @@ 01-434417-LESS_IS_MORE.patch 02-655926-more_can_go_backwards.patch +03-707824-fix_double_free_with_multiple_regex_groups.patch