CVE-2022-28357: Heap buffer overflow in sed regex backreference handling

GNU sed v4.8 has a heap buffer overflow vulnerability in the match_regex function (sed/regexp.c) when processing regular expressions with backreferences. When a regex pattern contains backreferences, the regarray->start and regarray->end arrays are allocated for only 1 element regardless of the regsize parameter. The regsize is calculated as sub->max_id + 1, where max_id is a 4-bit field (0-15), allowing regsize to be up to 16. This causes a heap overflow when the code attempts to access array indices beyond 0, as only 1 element was allocated but 16 may be needed.