Deal with integer overflow bug in recent variable length lookbehind code. Fixes ClusterFuzz 61627.
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
index 32b7c43..cba0f24 100644
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@@ -9658,8 +9658,8 @@
if (max != REPEAT_UNLIMITED)
{
if (lastitemlength != 0 && /* Should not occur, but just in case */
- min != 0 &&
- INT_MAX/lastitemlength < max - 1)
+ max != 0 &&
+ (INT_MAX - branchlength)/lastitemlength < max - 1)
{
*errcodeptr = ERR87; /* Integer overflow; lookbehind too big */
return -1;
diff --git a/testdata/testinput2 b/testdata/testinput2
index 278168a..e43c878 100644
--- a/testdata/testinput2
+++ b/testdata/testinput2
@@ -5973,4 +5973,6 @@
/(?<=(()()()()()()()()()()()()()(()()()()(())()()()()(()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()(())()()()()(()()()()()()(()()()()()()()()()()()()()()()()()()()()()(())()()()()(()()()()()()()()()()()()()(()()()()()()()()()()()()()(()())))))))))/
+/(?<!( {65054}){0,44965})/auto_callout
+
# End of testinput2
diff --git a/testdata/testoutput2 b/testdata/testoutput2
index 1130482..7a3d645 100644
--- a/testdata/testoutput2
+++ b/testdata/testoutput2
@@ -17803,6 +17803,9 @@
/(?<=(()()()()()()()()()()()()()(()()()()(())()()()()(()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()(())()()()()(()()()()()()(()()()()()()()()()()()()()()()()()()()()()(())()()()()(()()()()()()()()()()()()()(()()()()()()()()()()()()()(()())))))))))/
+/(?<!( {65054}){0,44965})/auto_callout
+Failed: error 187 at offset 0: lookbehind assertion is too long
+
# End of testinput2
Error -70: PCRE2_ERROR_BADDATA (unknown error number)
Error -62: bad serialized data
