From 87dc91f5cf2c748d834dbff7b250a153c762387d Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Wed, 9 Sep 2020 15:07:01 -0700
Subject: [PATCH 2/2] grep: fix logic for growing PCRE JIT stack

* src/pcresearch.c (jit_exec) [PCRE_EXTRA_MATCH_LIMIT_RECURSION]:
When growing the match_limit_recursion limit, do not use the old
value if ! (flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION), as it is
uninitialized in that case.
---
 src/pcresearch.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/pcresearch.c b/src/pcresearch.c
index e265083..a668c45 100644
--- a/src/pcresearch.c
+++ b/src/pcresearch.c
@@ -90,16 +90,18 @@ jit_exec (struct pcre_comp *pc, char const *subject, int search_bytes,
 
 #if PCRE_EXTRA_MATCH_LIMIT_RECURSION
       if (e == PCRE_ERROR_RECURSIONLIMIT
-          && (PCRE_STUDY_EXTRA_NEEDED || pc->extra)
-          && pc->extra->match_limit_recursion <= ULONG_MAX / 2)
+          && (PCRE_STUDY_EXTRA_NEEDED || pc->extra))
         {
-          pc->extra->match_limit_recursion *= 2;
-          if (pc->extra->match_limit_recursion == 0)
+          unsigned long lim
+            = (pc->extra->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION
+               ? pc->extra->match_limit_recursion
+               : 0);
+          if (lim <= ULONG_MAX / 2)
             {
-              pc->extra->match_limit_recursion = (1 << 24) - 1;
+              pc->extra->match_limit_recursion = lim ? 2 * lim : (1 << 24) - 1;
               pc->extra->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
+              continue;
             }
-          continue;
         }
 #endif
 
-- 
2.17.1