Highlights
Memory Corruption: 4 prior fixes. Scrutinize any change in this area.
b.c: most-fixed (2 issues). Treat as high-risk during review.
4 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Memory Corruption: Out-of-bounds writes inside regular expression compilation and state transition tables (specifically related to the HAT anchor token and gototab indices) can lead to severe heap corruption and arbitrary code execution.
Buffer Overflow: String manipulation functions like substr are prone to off-by-one or out-of-bounds writes when byte lengths are confused with UTF-8 character lengths during slice or buffer allocation operations.
Memory Corruption: Dynamic buffer reallocation using helpers like adjbuf can invalidate existing pointers (such as k in fnematch), resulting in use-after-free and out-of-bounds writes if pointer arithmetic is not adjusted relative to the new buffer base.