_sre.template crashes if template argument contains group index that is negative or not an int instance.
Examples:

>>> import _sre
>>> _sre.template("", ["", -1, ""])
Segmentation fault (core dumped)

>>> _sre.template("", ["", (), ""])
Segmentation fault (core dumped)

In _sre_template_impl part of self->items remains uninitialized if call to PyLong_AsSsize_t returns negative value or fails with exception. Then attempt to clear self->items[i].literal in template_clear leads to dereferencing of uninitialized pointer.

Not sure if this worth fixing, since _sre.template is an internal implementation detail that is used only in _compile_template function, where it accepts only (I guess) correct templates created in _parser.parse_template function, and additional checks/initialization can affect its performance. But I'll submit a PR anyway.

Linked PRs

• gh-106524: Zero template items before initializing them in _sre.template #106525
• [3.12] gh-106524: Fix a crash in _sre.template() (GH-106525) #106544