[3.14] gh-140979: Fix off-by-one error in the RE code validator (GH-140984) (GH-141001)

It was too lenient and allowed MARK opcodes with too large value.
(cherry picked from commit 1326d2a808245e5f2de9e515460bab30556e8f05)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

diff --git a/Modules/_sre/sre.c b/Modules/_sre/sre.c
index 694a66818f90d80406d79b74291e43b4e2c5b7b4..2761c76a3792f878d1a5a55e75a5d9d4d58298aa 100644 (file)
--- a/Modules/_sre/sre.c
+++ b/Modules/_sre/sre.c
@@ -1942,7 +1942,7 @@ _validate_inner(SRE_CODE *code, SRE_CODE *end, Py_ssize_t groups)
                sre_match() code is robust even if they don't, and the worst
                you can get is nonsensical match results. */
             GET_ARG;
-            if (arg > 2 * (size_t)groups + 1) {
+            if (arg >= 2 * (size_t)groups) {
                 VTRACE(("arg=%d, groups=%d\n", (int)arg, (int)groups));
                 FAIL;
             }