PATCH: [perl #133770] null pointer dereference in S_regclass()

The failing case can be reduced to

qr/\x{100}[\x{3030}\x{1fb2}/

(It only happens on UTF-8 patterns).

The bottom line is that it was assuming that there was at least one
character that folded to 1fb2 besides itself, even though the function
call said there weren't any such.  The solution is to pay attention to
the function return value.

I incorporated Hugo's++ patch as part of this one.

However, the original test case should never have gotten this far.  The
parser is getting passed garbage, and instead of croaking, it is somehow
interpreting it as valid and calling the regex compiler.  I will file a
ticket about that.

1 files changed, 5 insertions, 3 deletions

diff --git a/regcomp.c b/regcomp.c
index 387126e94f..fffacc63f7 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -18410,10 +18410,12 @@ S_regclass(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth,
                      * inversion list, making sure everything is included. */
                     fold_list = add_cp_to_invlist(fold_list, start[0]);
                     fold_list = add_cp_to_invlist(fold_list, folded);
-                    fold_list = add_cp_to_invlist(fold_list, first_fold);
-                    for (i = 0; i < folds_to_this_cp_count - 1; i++) {
-                        fold_list = add_cp_to_invlist(fold_list,
+                    if (folds_to_this_cp_count > 0) {
+                        fold_list = add_cp_to_invlist(fold_list, first_fold);
+                        for (i = 0; i + 1 < folds_to_this_cp_count; i++) {
+                            fold_list = add_cp_to_invlist(fold_list,
                                                         remaining_folds[i]);
+                        }
                     }
 
                     /* If the fold list is identical to what's in this ANYOF