From be352d954818c027bd09d075135420da1ea5921c Mon Sep 17 00:00:00 2001
From: Milo Yip <miloyip@gmail.com>
Date: Sun, 17 Apr 2016 11:59:09 +0800
Subject: [PATCH 1/2] Fix a bug in regex

Due to dereferencing a pointer which may be invalidated
---
 include/rapidjson/internal/regex.h | 8 ++++----
 test/unittest/regextest.cpp        | 5 +++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/include/rapidjson/internal/regex.h b/include/rapidjson/internal/regex.h
index c0a3ec5..422a524 100644
--- a/include/rapidjson/internal/regex.h
+++ b/include/rapidjson/internal/regex.h
@@ -468,17 +468,17 @@ private:
     static SizeType Min(SizeType a, SizeType b) { return a < b ? a : b; }
 
     void CloneTopOperand(Stack<Allocator>& operandStack) {
-        const Frag *src = operandStack.template Top<Frag>();
-        SizeType count = stateCount_ - src->minIndex; // Assumes top operand contains states in [src->minIndex, stateCount_)
+        const Frag src = *operandStack.template Top<Frag>(); // Copy constructor to prevent invalidation
+        SizeType count = stateCount_ - src.minIndex; // Assumes top operand contains states in [src->minIndex, stateCount_)
         State* s = states_.template Push<State>(count);
-        memcpy(s, &GetState(src->minIndex), count * sizeof(State));
+        memcpy(s, &GetState(src.minIndex), count * sizeof(State));
         for (SizeType j = 0; j < count; j++) {
             if (s[j].out != kRegexInvalidState)
                 s[j].out += count;
             if (s[j].out1 != kRegexInvalidState)
                 s[j].out1 += count;
         }
-        *operandStack.template Push<Frag>() = Frag(src->start + count, src->out + count, src->minIndex + count);
+        *operandStack.template Push<Frag>() = Frag(src.start + count, src.out + count, src.minIndex + count);
         stateCount_ += count;
     }
 
diff --git a/test/unittest/regextest.cpp b/test/unittest/regextest.cpp
index b497df6..4fb5b22 100644
--- a/test/unittest/regextest.cpp
+++ b/test/unittest/regextest.cpp
@@ -584,4 +584,9 @@ TEST(Regex, Issue538) {
     EXPECT_TRUE(re.IsValid());
 }
 
+TEST(Regex, Issue583) {
+    Regex re("[0-9]{99999}");
+    ASSERT_TRUE(re.IsValid());
+}
+
 #undef EURO

From fa8c676b37056d83992119e4ebdc6954befff3e8 Mon Sep 17 00:00:00 2001
From: Milo Yip <miloyip@gmail.com>
Date: Sun, 17 Apr 2016 12:10:44 +0800
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5d126a..0ed193b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 * Custom Microsoft headers are necessary only for Visual Studio 2012 and lower (#559)
 * Fix memory leak for invalid regex (26e69ffde95ba4773ab06db6457b78f308716f4b)
 * Fix a bug in schema minimum/maximum keywords for 64-bit integer (e7149d665941068ccf8c565e77495521331cf390)
+* Fix a crash bug in regex (#605)
 
 ### Changed
 * Clarify problematic JSON license (#392)