The pattern
(?=ab\K)
is documented that it may return a start of the match greater than the
end of the match. This is true, for example, for the subject
ab
which yields 2 for start and 0 for end.
Using pcre2_substring_length_bynumber() to determine the length of this
pattern leads to a negative underflow and yields 4294967294 on 32-bit
systems, 18446744073709551614 on 64-bit.
All pcre2_substring_...() functions involving pattern length calculation
seem effected by this underflow.
In particular, pcre2_substring_get_...() allocate memory based on this
incorrect computation, which can easily lead to out of memory situations.
Ralf
--
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
