From 0a065f31b54c06779b680b01adaf1346bc012e77 Mon Sep 17 00:00:00 2001
From: Hugo van der Sanden <hv@crypt.org>
Date: Sun, 4 Aug 2019 14:07:22 +0100
Subject: [PATCH] [gh 17847] avoid overflow on delta in study_chunk

delta and pos_delta may hold OPTIMIZE_INFTY to represent infinity.
---
 regcomp.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/regcomp.c b/regcomp.c
index e692d53eb5c9..81fdffca7307 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -5386,13 +5386,25 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
 	    }
 	    min += charlen - min_subtract;
             assert (min >= 0);
-            delta += min_subtract;
+            if ((SSize_t)min_subtract < OPTIMIZE_INFTY
+                && delta < OPTIMIZE_INFTY - (SSize_t)min_subtract
+            ) {
+                delta += min_subtract;
+            } else {
+                delta = OPTIMIZE_INFTY;
+            }
 	    if (flags & SCF_DO_SUBSTR) {
 		data->pos_min += charlen - min_subtract;
 		if (data->pos_min < 0) {
                     data->pos_min = 0;
                 }
-                data->pos_delta += min_subtract;
+                if ((SSize_t)min_subtract < OPTIMIZE_INFTY
+                    && data->pos_delta < OPTIMIZE_INFTY - (SSize_t)min_subtract
+                ) {
+                    data->pos_delta += min_subtract;
+                } else {
+                    data->pos_delta = OPTIMIZE_INFTY;
+                }
 		if (min_subtract) {
 		    data->cur_is_floating = 1; /* float */
 		}