[regexp] Add RegExpMacroAssembler::kMaxCaptures

Post-early-errors, syntax errors can't be caught, so the testcase has
to be modified so that we parse successfully (then overflow the stack).

Bug: v8:13163
Change-Id: I894c65bb4712f557d697b028b220444ccf6bb09c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3818602
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82676}

src/regexp/regexp-macro-assembler.h

@@ -29,6 +29,7 @@ class RegExpMacroAssembler {
   // The implementation must be able to handle at least:
   static constexpr int kMaxRegisterCount = (1 << 16);
   static constexpr int kMaxRegister = kMaxRegisterCount - 1;
+  static constexpr int kMaxCaptures = (kMaxRegister - 1) / 2;
   static constexpr int kMaxCPOffset = (1 << 15) - 1;
   static constexpr int kMinCPOffset = -(1 << 15);
 

src/regexp/regexp-parser.cc

@@ -910,7 +910,7 @@ RegExpParserState* RegExpParserImpl<CharT>::ParseOpenParenthesis(
     }
   }
   if (subexpr_type == CAPTURE) {
-    if (captures_started_ >= RegExpMacroAssembler::kMaxRegisterCount) {
+    if (captures_started_ >= RegExpMacroAssembler::kMaxCaptures) {
       ReportError(RegExpError::kTooManyCaptures);
       return nullptr;
     }
@@ -1036,7 +1036,7 @@ bool RegExpParserImpl<CharT>::ParseBackReferenceIndex(int* index_out) {
     base::uc32 c = current();
     if (IsDecimalDigit(c)) {
       value = 10 * value + (c - '0');
-      if (value > RegExpMacroAssembler::kMaxRegisterCount) {
+      if (value > RegExpMacroAssembler::kMaxCaptures) {
         Reset(start);
         return false;
       }

test/mjsunit/regress/regress-1129.js

@@ -31,7 +31,7 @@
 
 // Create RegExp that is syntactically correct, but throws a stack overflow
 // during compilation.
-var source = Array(50000).join("(") + "a" + Array(50000).join(")");
+var source = Array(25000).join("(") + "a" + Array(25000).join(")");
 var r = RegExp(source);
 try {
   // Try to compile in UC16 mode, and drop the exception.