Fix use-after-free: bind Regex lifetime to custom Syntax via PhantomData

[Copilot]

The Oniguruma C engine permanently stores the syntax pointer inside re_pattern_buffer (via onig_reg_init), but the safe Rust API did not express this dependency — allowing a custom Syntax to be dropped while the Regex was still live, yielding a dangling pointer.

Approach

Add a 'syntax lifetime parameter to Regex backed by PhantomData<&'syntax Syntax>, surfacing the C-level memory dependency to the borrow checker at zero runtime cost.

Changes

• Regex<'syntax> — new lifetime parameter + _syntax: PhantomData<&'syntax Syntax> field; Send/Sync/Drop impls updated accordingly.
• Constructors:
  • new / with_encoding → explicitly return Regex<'static> (use Syntax::default() which is 'static; no new restriction on callers)
  • with_options<'s>(..., syntax: &'s Syntax) -> Result<Regex<'s>, Error> — returned Regex cannot outlive syntax
  • with_options_and_encoding<'s, T>(..., syntax: &'s Syntax) -> Result<Regex<'s>, Error> — same
• Iterator types — 'syntax added as an independent lifetime parameter (separate from the regex reference lifetime 'r):
  • FindMatches<'r, 'syntax, 't>, FindCaptures<'r, 'syntax, 't>, RegexSplits<'r, 'syntax, 't>, RegexSplitsN<'r, 'syntax, 't>
• pattern.rs — RegexSearcher<'r, 'syntax, 'a>; impl<'r, 'syntax> Pattern for &'r Regex<'syntax>

Example

// Before: compiled fine, but custom_syntax could be freed while regex was live
let regex = {
    let custom_syntax = *Syntax::default();
    Regex::with_options("hello", RegexOptions::REGEX_OPTION_NONE, &custom_syntax).unwrap()
    // custom_syntax dropped here — dangling pointer in the C engine
};

// After: compiler rejects this — `custom_syntax does not live long enough`

Callers using Regex::new or Regex::with_options(..., Syntax::default()) are unaffected — the returned type is Regex<'static>.

[iwillspeak]

What do we think @Keats ? Adds a lifetime requirement to Regex so we'd have to bump but it does seem like the right thing to do here.

[Copilot]

Pull request overview

This PR updates the onig crate’s Regex type to carry an explicit lifetime tying it to the Syntax used at compile time, preventing a compiled regex from outliving a custom (non-static) Syntax.

Changes:

• Introduce Regex<'syntax> with a PhantomData<&'syntax Syntax> marker to enforce correct syntax lifetimes.
• Update constructors (new, with_encoding, with_options, with_options_and_encoding) to return Regex values with appropriate lifetimes ('static for default syntax, otherwise tied to the provided &Syntax).
• Propagate the new Regex<'syntax> type through related impl blocks and add a test demonstrating the lifetime enforcement.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
onig/src/lib.rs	Adds Regex<'syntax> + PhantomData, updates constructors’ return types, updates Drop/Send/Sync, and adds a lifetime-enforcement test.
onig/src/find.rs	Adjusts Regex impl block to be generic over 'syntax (propagating the new Regex<'syntax> type).
onig/src/pattern.rs	Updates Pattern integration to work with the lifetime-parameterized Regex.
onig/src/names.rs	Updates inherent impl block to Regex<'syntax>.
onig/src/replace.rs	Updates inherent impl block to Regex<'syntax>.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Keats]

I think that's fine? 99% of the usage will be 'static anyway