/[pcre]/code/trunk/pcre_compile.c

Diff of /code/trunk/pcre_compile.c

Parent Directory | Revision Log | View Patch Patch

-revision 745 by ph10,
Mon Nov 14 11:41:03 2011 UTC
+revision 1412 by ph10,
Sun Dec 15 17:01:46 2013 UTC
 Line 6
  and semantics are as close as possible to those of the Perl 5 language.
                         Written by Philip Hazel
-            Copyright (c) 1997-2011 University of Cambridge
+            Copyright (c) 1997-2013 University of Cambridge
  -----------------------------------------------------------------------------
  Redistribution and use in source and binary forms, with or without
 Line 53 
 supporting internal functions that are n
  #include "pcre_internal.h"
- /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
+ /* When PCRE_DEBUG is defined, we need the pcre(16|32)_printint() function, which
- also used by pcretest. PCRE_DEBUG is not defined when building a production
+ is also used by pcretest. PCRE_DEBUG is not defined when building a production
- library. */
+ library. We do not need to select pcre16_printint.c specially, because the
+ COMPILE_PCREx macro will already be appropriately set. */
  #ifdef PCRE_DEBUG
- #include "pcre_printint.src"
+ /* pcre_printint.c should not include any headers */
+ #define PCRE_INCLUDED
+ #include "pcre_printint.c"
+ #undef PCRE_INCLUDED
  #endif
  /* Macro for setting individual bits in class bitmaps. */
- #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
+ #define SETBIT(a,b) a[(b)/8] |= (1 << ((b)&7))
  /* Maximum length value to check against when making sure that the integer that
  holds the compiled pattern length does not overflow. We make it a bit less than
-Line 73 
 to check them every time. */
+Line 77 
 to check them every time. */
  #define OFLOW_MAX (INT_MAX - 20)
+ /* Definitions to allow mutual recursion */
+ static int
+   add_list_to_class(pcre_uint8 *, pcre_uchar **, int, compile_data *,
+     const pcre_uint32 *, unsigned int);
+ static BOOL
+   compile_regex(int, pcre_uchar **, const pcre_uchar **, int *, BOOL, BOOL, int, int,
+     pcre_uint32 *, pcre_int32 *, pcre_uint32 *, pcre_int32 *, branch_chain *,
+     compile_data *, int *);
  /*************************************************
  *      Code parameters and static tables         *
-Line 88 
 so this number is very generous.
+Line 104 
 so this number is very generous.
  The same workspace is used during the second, actual compile phase for
  remembering forward references to groups so that they can be filled in at the
  end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
- is 4 there is plenty of room. */
+ is 4 there is plenty of room for most patterns. However, the memory can get
+ filled up by repetitions of forward references, for example patterns like
+ /(?1){0,1999}(b)/, and one user did hit the limit. The code has been changed so
+ that the workspace is expanded using malloc() in this situation. The value
+ below is therefore a minimum, and we put a maximum on it for safety. The
+ minimum is now also defined in terms of LINK_SIZE so that the use of malloc()
+ kicks in at the same number of forward references in all cases. */
+ #define COMPILE_WORK_SIZE (2048*LINK_SIZE)
+ #define COMPILE_WORK_SIZE_MAX (100*COMPILE_WORK_SIZE)
+ /* This value determines the size of the initial vector that is used for
+ remembering named groups during the pre-compile. It is allocated on the stack,
+ but if it is too small, it is expanded using malloc(), in a similar way to the
+ workspace. The value is the number of slots in the list. */
- #define COMPILE_WORK_SIZE (4096)
+ #define NAMED_GROUP_LIST_SIZE  20
  /* The overrun tests check for a slightly smaller size so that they detect the
  overrun before it actually does run off the end of the data block. */
- #define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
+ #define WORK_SIZE_SAFETY_MARGIN (100)
+ /* Private flags added to firstchar and reqchar. */
+ #define REQ_CASELESS    (1 << 0)        /* Indicates caselessness */
+ #define REQ_VARY        (1 << 1)        /* Reqchar followed non-literal item */
+ /* Negative values for the firstchar and reqchar flags */
+ #define REQ_UNSET       (-2)
+ #define REQ_NONE        (-1)
+ /* Repeated character flags. */
+ #define UTF_LENGTH     0x10000000l      /* The char contains its length. */
  /* Table for handling escaped characters in the range '0'-'z'. Positive returns
  are simple data values; negative values are for special things like \d and so
-Line 219 
 static const verbitem verbs[] = {
+Line 260 
 static const verbitem verbs[] = {
  static const int verbcount = sizeof(verbs)/sizeof(verbitem);
+ /* Substitutes for [[:<:]] and [[:>:]], which mean start and end of word in
+ another regex library. */
+ static const pcre_uchar sub_start_of_word[] = {
+   CHAR_BACKSLASH, CHAR_b, CHAR_LEFT_PARENTHESIS, CHAR_QUESTION_MARK,
+   CHAR_EQUALS_SIGN, CHAR_BACKSLASH, CHAR_w, CHAR_RIGHT_PARENTHESIS, '\0' };
+ static const pcre_uchar sub_end_of_word[] = {
+   CHAR_BACKSLASH, CHAR_b, CHAR_LEFT_PARENTHESIS, CHAR_QUESTION_MARK,
+   CHAR_LESS_THAN_SIGN, CHAR_EQUALS_SIGN, CHAR_BACKSLASH, CHAR_w,
+   CHAR_RIGHT_PARENTHESIS, '\0' };
  /* Tables of names of POSIX character classes and their lengths. The names are
  now all in a single string, to reduce the number of relocations when a shared
  library is dynamically loaded. The list of lengths is terminated by a zero
  length entry. The first three must be alpha, lower, upper, as this is assumed
- for handling case independence. */
+ for handling case independence. The indices for graph, print, and punct are
+ needed, so identify them. */
  static const char posix_names[] =
    STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
-Line 231 
 static const char posix_names[] =
+Line 286 
 static const char posix_names[] =
    STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
    STRING_word0  STRING_xdigit;
- static const uschar posix_name_lengths[] = {
+ static const pcre_uint8 posix_name_lengths[] = {
 , 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
+ #define PC_GRAPH  8
+ #define PC_PRINT  9
+ #define PC_PUNCT 10
  /* Table of class bit maps for each POSIX class. Each class is formed from a
  base map, with an optional addition or removal of another map. Then, for some
  classes, there is some additional tweaking: for [:blank:] the vertical space
-Line 261 
 static const int posix_class_maps[] = {
+Line 321 
 static const int posix_class_maps[] = {
    cbit_xdigit,-1,          0              /* xdigit */
  };
- /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
+ /* Table of substitutes for \d etc when PCRE_UCP is set. They are replaced by
- substitutes must be in the order of the names, defined above, and there are
+ Unicode property escapes. */
- both positive and negative cases. NULL means no substitute. */
  #ifdef SUPPORT_UCP
- static const uschar *substitutes[] = {
+ static const pcre_uchar string_PNd[]  = {
-   (uschar *)"\\P{Nd}",    /* \D */
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
-   (uschar *)"\\p{Nd}",    /* \d */
+   CHAR_N, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
-   (uschar *)"\\P{Xsp}",   /* \S */       /* NOTE: Xsp is Perl space */
+ static const pcre_uchar string_pNd[]  = {
-   (uschar *)"\\p{Xsp}",   /* \s */
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
-   (uschar *)"\\P{Xwd}",   /* \W */
+   CHAR_N, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
-   (uschar *)"\\p{Xwd}"    /* \w */
+ static const pcre_uchar string_PXsp[] = {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_s, CHAR_p, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_pXsp[] = {
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_s, CHAR_p, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_PXwd[] = {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_w, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_pXwd[] = {
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_w, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar *substitutes[] = {
+   string_PNd,           /* \D */
+   string_pNd,           /* \d */
+   string_PXsp,          /* \S */   /* Xsp is Perl space, but from 8.34, Perl */
+   string_pXsp,          /* \s */   /* space and POSIX space are the same. */
+   string_PXwd,          /* \W */
+   string_pXwd           /* \w */
  };
- static const uschar *posix_substitutes[] = {
+ /* The POSIX class substitutes must be in the order of the POSIX class names,
-   (uschar *)"\\p{L}",     /* alpha */
+ defined above, and there are both positive and negative cases. NULL means no
-   (uschar *)"\\p{Ll}",    /* lower */
+ general substitute of a Unicode property escape (\p or \P). However, for some
-   (uschar *)"\\p{Lu}",    /* upper */
+ POSIX classes (e.g. graph, print, punct) a special property code is compiled
-   (uschar *)"\\p{Xan}",   /* alnum */
+ directly. */
-   NULL,                   /* ascii */
-   (uschar *)"\\h",        /* blank */
+ static const pcre_uchar string_pL[] =   {
-   NULL,                   /* cntrl */
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
-   (uschar *)"\\p{Nd}",    /* digit */
+   CHAR_L, CHAR_RIGHT_CURLY_BRACKET, '\0' };
-   NULL,                   /* graph */
+ static const pcre_uchar string_pLl[] =  {
-   NULL,                   /* print */
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
-   NULL,                   /* punct */
+   CHAR_L, CHAR_l, CHAR_RIGHT_CURLY_BRACKET, '\0' };
-   (uschar *)"\\p{Xps}",   /* space */    /* NOTE: Xps is POSIX space */
+ static const pcre_uchar string_pLu[] =  {
-   (uschar *)"\\p{Xwd}",   /* word */
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
-   NULL,                   /* xdigit */
+   CHAR_L, CHAR_u, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_pXan[] = {
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_a, CHAR_n, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_h[] =    {
+   CHAR_BACKSLASH, CHAR_h, '\0' };
+ static const pcre_uchar string_pXps[] = {
+   CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_p, CHAR_s, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_PL[] =   {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_L, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_PLl[] =  {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_L, CHAR_l, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_PLu[] =  {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_L, CHAR_u, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_PXan[] = {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_a, CHAR_n, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar string_H[] =    {
+   CHAR_BACKSLASH, CHAR_H, '\0' };
+ static const pcre_uchar string_PXps[] = {
+   CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
+   CHAR_X, CHAR_p, CHAR_s, CHAR_RIGHT_CURLY_BRACKET, '\0' };
+ static const pcre_uchar *posix_substitutes[] = {
+   string_pL,            /* alpha */
+   string_pLl,           /* lower */
+   string_pLu,           /* upper */
+   string_pXan,          /* alnum */
+   NULL,                 /* ascii */
+   string_h,             /* blank */
+   NULL,                 /* cntrl */
+   string_pNd,           /* digit */
+   NULL,                 /* graph */
+   NULL,                 /* print */
+   NULL,                 /* punct */
+   string_pXps,          /* space */   /* Xps is POSIX space, but from 8.34 */
+   string_pXwd,          /* word  */   /* Perl and POSIX space are the same */
+   NULL,                 /* xdigit */
    /* Negated cases */
-   (uschar *)"\\P{L}",     /* ^alpha */
+   string_PL,            /* ^alpha */
-   (uschar *)"\\P{Ll}",    /* ^lower */
+   string_PLl,           /* ^lower */
-   (uschar *)"\\P{Lu}",    /* ^upper */
+   string_PLu,           /* ^upper */
-   (uschar *)"\\P{Xan}",   /* ^alnum */
+   string_PXan,          /* ^alnum */
-   NULL,                   /* ^ascii */
+   NULL,                 /* ^ascii */
-   (uschar *)"\\H",        /* ^blank */
+   string_H,             /* ^blank */
-   NULL,                   /* ^cntrl */
+   NULL,                 /* ^cntrl */
-   (uschar *)"\\P{Nd}",    /* ^digit */
+   string_PNd,           /* ^digit */
-   NULL,                   /* ^graph */
+   NULL,                 /* ^graph */
-   NULL,                   /* ^print */
+   NULL,                 /* ^print */
-   NULL,                   /* ^punct */
+   NULL,                 /* ^punct */
-   (uschar *)"\\P{Xps}",   /* ^space */   /* NOTE: Xps is POSIX space */
+   string_PXps,          /* ^space */  /* Xps is POSIX space, but from 8.34 */
-   (uschar *)"\\P{Xwd}",   /* ^word */
+   string_PXwd,          /* ^word */   /* Perl and POSIX space are the same */
-   NULL                    /* ^xdigit */
+   NULL                  /* ^xdigit */
  };
- #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
+ #define POSIX_SUBSIZE (sizeof(posix_substitutes) / sizeof(pcre_uchar *))
  #endif
  #define STRING(a)  # a
-Line 365 
 static const char error_texts[] =
+Line 484 
 static const char error_texts[] =
    /* 30 */
    "unknown POSIX class name\0"
    "POSIX collating elements are not supported\0"
-   "this version of PCRE is not compiled with PCRE_UTF8 support\0"
+   "this version of PCRE is compiled without UTF support\0"
    "spare error\0"  /** DEAD **/
-   "character value in \\x{...} sequence is too large\0"
+   "character value in \\x{} or \\o{} is too large\0"
    /* 35 */
    "invalid condition (?(0)\0"
    "\\C not allowed in lookbehind assertion\0"
-Line 388 
 static const char error_texts[] =
+Line 507 
 static const char error_texts[] =
    "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
    /* 50 */
    "repeated subpattern is too long\0"    /** DEAD **/
-   "octal value is greater than \\377 (not in UTF-8 mode)\0"
+   "octal value is greater than \\377 in 8-bit non-UTF-8 mode\0"
    "internal error: overran compiling workspace\0"
    "internal error: previously-checked referenced subpattern not found\0"
    "DEFINE group contains more than one branch\0"
-Line 399 
 static const char error_texts[] =
+Line 518 
 static const char error_texts[] =
    "a numbered reference must not be zero\0"
    "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
    /* 60 */
-   "(*VERB) not recognized\0"
+   "(*VERB) not recognized or malformed\0"
    "number is too big\0"
    "subpattern name expected\0"
    "digit expected after (?+\0"
-Line 407 
 static const char error_texts[] =
+Line 526 
 static const char error_texts[] =
    /* 65 */
    "different names for subpatterns of the same number are not allowed\0"
    "(*MARK) must have an argument\0"
-   "this version of PCRE is not compiled with PCRE_UCP support\0"
+   "this version of PCRE is not compiled with Unicode property support\0"
    "\\c must be followed by an ASCII character\0"
    "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
+   /* 70 */
+   "internal error: unknown opcode in find_fixedlength()\0"
+   "\\N is not supported in a class\0"
+   "too many forward references\0"
+   "disallowed Unicode code point (>= 0xd800 && <= 0xdfff)\0"
+   "invalid UTF-16 string\0"
+   /* 75 */
+   "name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)\0"
+   "character value in \\u.... sequence is too large\0"
+   "invalid UTF-32 string\0"
+   "setting UTF is disabled by the application\0"
+   "non-hex character in \\x{} (closing brace missing?)\0"
+   /* 80 */
+   "non-octal character in \\o{} (closing brace missing?)\0"
+   "missing opening brace after \\o\0"
+   "parentheses are too deeply nested\0"
+   "invalid range in character class\0"
+   "group name must start with a non-digit\0"
    ;
  /* Table to identify digits and hex digits. This is used when compiling
-Line 428 
 For convenience, we use the same bit def
+Line 565 
 For convenience, we use the same bit def
  Then we can use ctype_digit and ctype_xdigit in the code. */
+ /* Using a simple comparison for decimal numbers rather than a memory read
+ is much faster, and the resulting code is simpler (the compiler turns it
+ into a subtraction and unsigned comparison). */
+ #define IS_DIGIT(x) ((x) >= CHAR_0 && (x) <= CHAR_9)
  #ifndef EBCDIC
  /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
  UTF-8 mode. */
- static const unsigned char digitab[] =
+ static const pcre_uint8 digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   8- 15 */
-Line 472 
 static const unsigned char digitab[] =
+Line 615 
 static const unsigned char digitab[] =
  /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
- static const unsigned char digitab[] =
+ static const pcre_uint8 digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7  0 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   8- 15    */
-Line 507 
 static const unsigned char digitab[] =
+Line 650 
 static const unsigned char digitab[] =
 x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /*  0 - 7  F0 */
 x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00};/*  8 -255    */
- static const unsigned char ebcdic_chartab[] = { /* chartable partial dup */
+ static const pcre_uint8 ebcdic_chartab[] = { /* chartable partial dup */
 x80,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /*   0-  7 */
 x00,0x00,0x00,0x00,0x01,0x01,0x00,0x00, /*   8- 15 */
 x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /*  16- 23 */
-Line 543 
 static const unsigned char ebcdic_charta
+Line 686 
 static const unsigned char ebcdic_charta
  #endif
- /* Definition to allow mutual recursion */
+ /* This table is used to check whether auto-possessification is possible
+ between adjacent character-type opcodes. The left-hand (repeated) opcode is
+ used to select the row, and the right-hand opcode is use to select the column.
+ A value of 1 means that auto-possessification is OK. For example, the second
+ value in the first row means that \D+\d can be turned into \D++\d.
+ The Unicode property types (\P and \p) have to be present to fill out the table
+ because of what their opcode values are, but the table values should always be
+ zero because property types are handled separately in the code. The last four
+ columns apply to items that cannot be repeated, so there is no need to have
+ rows for them. Note that OP_DIGIT etc. are generated only when PCRE_UCP is
+ *not* set. When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
+ #define APTROWS (LAST_AUTOTAB_LEFT_OP - FIRST_AUTOTAB_OP + 1)
+ #define APTCOLS (LAST_AUTOTAB_RIGHT_OP - FIRST_AUTOTAB_OP + 1)
+ static const pcre_uint8 autoposstab[APTROWS][APTCOLS] = {
+ /* \D \d \S \s \W \w  . .+ \C \P \p \R \H \h \V \v \X \Z \z  $ $M */
+   { 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* \D */
+   { 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1 },  /* \d */
+   { 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1 },  /* \S */
+   { 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* \s */
+   { 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* \W */
+   { 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1 },  /* \w */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* .  */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* .+ */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 },  /* \C */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* \P */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },  /* \p */
+   { 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0 },  /* \R */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0 },  /* \H */
+   { 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0 },  /* \h */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0 },  /* \V */
+   { 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0 },  /* \v */
+   { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0 }   /* \X */
+ };
- static BOOL
-   compile_regex(int, uschar **, const uschar **, int *, BOOL, BOOL, int, int,
+ /* This table is used to check whether auto-possessification is possible
-     int *, int *, branch_chain *, compile_data *, int *);
+ between adjacent Unicode property opcodes (OP_PROP and OP_NOTPROP). The
+ left-hand (repeated) opcode is used to select the row, and the right-hand
+ opcode is used to select the column. The values are as follows:
+  Always return FALSE (never auto-possessify)
+  Character groups are distinct (possessify if both are OP_PROP)
+  Check character categories in the same group (general or particular)
+  TRUE if the two opcodes are not the same (PROP vs NOTPROP)
+  Check left general category vs right particular category
+  Check right general category vs left particular category
+  Left alphanum vs right general category
+  Left space vs right general category
+  Left word vs right general category
+  Right alphanum vs left general category
+  Right space vs left general category
+  Right word vs left general category
+  Left alphanum vs right particular category
+  Left space vs right particular category
+  Left word vs right particular category
+  Right alphanum vs left particular category
+  Right space vs left particular category
+  Right word vs left particular category
+ */
+ static const pcre_uint8 propposstab[PT_TABSIZE][PT_TABSIZE] = {
+ /* ANY LAMP GC  PC  SC ALNUM SPACE PXSPACE WORD CLIST UCNC */
+   { 0,  0,  0,  0,  0,    0,    0,      0,   0,    0,   0 },  /* PT_ANY */
+   { 0,  3,  0,  0,  0,    3,    1,      1,   0,    0,   0 },  /* PT_LAMP */
+   { 0,  0,  2,  4,  0,    9,   10,     10,  11,    0,   0 },  /* PT_GC */
+   { 0,  0,  5,  2,  0,   15,   16,     16,  17,    0,   0 },  /* PT_PC */
+   { 0,  0,  0,  0,  2,    0,    0,      0,   0,    0,   0 },  /* PT_SC */
+   { 0,  3,  6, 12,  0,    3,    1,      1,   0,    0,   0 },  /* PT_ALNUM */
+   { 0,  1,  7, 13,  0,    1,    3,      3,   1,    0,   0 },  /* PT_SPACE */
+   { 0,  1,  7, 13,  0,    1,    3,      3,   1,    0,   0 },  /* PT_PXSPACE */
+   { 0,  0,  8, 14,  0,    0,    1,      1,   3,    0,   0 },  /* PT_WORD */
+   { 0,  0,  0,  0,  0,    0,    0,      0,   0,    0,   0 },  /* PT_CLIST */
+   { 0,  0,  0,  0,  0,    0,    0,      0,   0,    0,   3 }   /* PT_UCNC */
+ };
+ /* This table is used to check whether auto-possessification is possible
+ between adjacent Unicode property opcodes (OP_PROP and OP_NOTPROP) when one
+ specifies a general category and the other specifies a particular category. The
+ row is selected by the general category and the column by the particular
+ category. The value is 1 if the particular category is not part of the general
+ category. */
+ static const pcre_uint8 catposstab[7][30] = {
+ /* Cc Cf Cn Co Cs Ll Lm Lo Lt Lu Mc Me Mn Nd Nl No Pc Pd Pe Pf Pi Po Ps Sc Sk Sm So Zl Zp Zs */
+   { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 },  /* C */
+   { 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 },  /* L */
+   { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 },  /* M */
+   { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 },  /* N */
+   { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1 },  /* P */
+   { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1 },  /* S */
+   { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0 }   /* Z */
+ };
+ /* This table is used when checking ALNUM, (PX)SPACE, SPACE, and WORD against
+ a general or particular category. The properties in each row are those
+ that apply to the character set in question. Duplication means that a little
+ unnecessary work is done when checking, but this keeps things much simpler
+ because they can all use the same code. For more details see the comment where
+ this table is used.
+ Note: SPACE and PXSPACE used to be different because Perl excluded VT from
+ "space", but from Perl 5.18 it's included, so both categories are treated the
+ same here. */
+ static const pcre_uint8 posspropstab[3][4] = {
+   { ucp_L, ucp_N, ucp_N, ucp_Nl },  /* ALNUM, 3rd and 4th values redundant */
+   { ucp_Z, ucp_Z, ucp_C, ucp_Cc },  /* SPACE and PXSPACE, 2nd value redundant */
+   { ucp_L, ucp_N, ucp_P, ucp_Po }   /* WORD */
+ };
+ /* This table is used when converting repeating opcodes into possessified
+ versions as a result of an explicit possessive quantifier such as ++. A zero
+ value means there is no possessified version - in those cases the item in
+ question must be wrapped in ONCE brackets. The table is truncated at OP_CALLOUT
+ because all relevant opcodes are less than that. */
+ static const pcre_uint8 opcode_possessify[] = {
+, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,   /* 0 - 15  */
+, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,   /* 16 - 31 */
+,                       /* NOTI */
+   OP_POSSTAR, 0,           /* STAR, MINSTAR */
+   OP_POSPLUS, 0,           /* PLUS, MINPLUS */
+   OP_POSQUERY, 0,          /* QUERY, MINQUERY */
+   OP_POSUPTO, 0,           /* UPTO, MINUPTO */
+,                       /* EXACT */
+, 0, 0, 0,              /* POS{STAR,PLUS,QUERY,UPTO} */
+   OP_POSSTARI, 0,          /* STARI, MINSTARI */
+   OP_POSPLUSI, 0,          /* PLUSI, MINPLUSI */
+   OP_POSQUERYI, 0,         /* QUERYI, MINQUERYI */
+   OP_POSUPTOI, 0,          /* UPTOI, MINUPTOI */
+,                       /* EXACTI */
+, 0, 0, 0,              /* POS{STARI,PLUSI,QUERYI,UPTOI} */
+   OP_NOTPOSSTAR, 0,        /* NOTSTAR, NOTMINSTAR */
+   OP_NOTPOSPLUS, 0,        /* NOTPLUS, NOTMINPLUS */
+   OP_NOTPOSQUERY, 0,       /* NOTQUERY, NOTMINQUERY */
+   OP_NOTPOSUPTO, 0,        /* NOTUPTO, NOTMINUPTO */
+,                       /* NOTEXACT */
+, 0, 0, 0,              /* NOTPOS{STAR,PLUS,QUERY,UPTO} */
+   OP_NOTPOSSTARI, 0,       /* NOTSTARI, NOTMINSTARI */
+   OP_NOTPOSPLUSI, 0,       /* NOTPLUSI, NOTMINPLUSI */
+   OP_NOTPOSQUERYI, 0,      /* NOTQUERYI, NOTMINQUERYI */
+   OP_NOTPOSUPTOI, 0,       /* NOTUPTOI, NOTMINUPTOI */
+,                       /* NOTEXACTI */
+, 0, 0, 0,              /* NOTPOS{STARI,PLUSI,QUERYI,UPTOI} */
+   OP_TYPEPOSSTAR, 0,       /* TYPESTAR, TYPEMINSTAR */
+   OP_TYPEPOSPLUS, 0,       /* TYPEPLUS, TYPEMINPLUS */
+   OP_TYPEPOSQUERY, 0,      /* TYPEQUERY, TYPEMINQUERY */
+   OP_TYPEPOSUPTO, 0,       /* TYPEUPTO, TYPEMINUPTO */
+,                       /* TYPEEXACT */
+, 0, 0, 0,              /* TYPEPOS{STAR,PLUS,QUERY,UPTO} */
+   OP_CRPOSSTAR, 0,         /* CRSTAR, CRMINSTAR */
+   OP_CRPOSPLUS, 0,         /* CRPLUS, CRMINPLUS */
+   OP_CRPOSQUERY, 0,        /* CRQUERY, CRMINQUERY */
+   OP_CRPOSRANGE, 0,        /* CRRANGE, CRMINRANGE */
+, 0, 0, 0,              /* CRPOS{STAR,PLUS,QUERY,RANGE} */
+, 0, 0,                 /* CLASS, NCLASS, XCLASS */
+, 0,                    /* REF, REFI */
+, 0,                    /* DNREF, DNREFI */
+, 0                     /* RECURSE, CALLOUT */
+ };
-Line 570 
 find_error_text(int n)
+Line 883 
 find_error_text(int n)
  const char *s = error_texts;
  for (; n > 0; n--)
    {
-   while (*s++ != 0) {};
+   while (*s++ != CHAR_NULL) {};
-   if (*s == 0) return "Error text not found (please report)";
+   if (*s == CHAR_NULL) return "Error text not found (please report)";
    }
  return s;
  }
+ /*************************************************
+ *           Expand the workspace                 *
+ *************************************************/
+ /* This function is called during the second compiling phase, if the number of
+ forward references fills the existing workspace, which is originally a block on
+ the stack. A larger block is obtained from malloc() unless the ultimate limit
+ has been reached or the increase will be rather small.
+ Argument: pointer to the compile data block
+ Returns:  0 if all went well, else an error number
+ */
+ static int
+ expand_workspace(compile_data *cd)
+ {
+ pcre_uchar *newspace;
+ int newsize = cd->workspace_size * 2;
+ if (newsize > COMPILE_WORK_SIZE_MAX) newsize = COMPILE_WORK_SIZE_MAX;
+ if (cd->workspace_size >= COMPILE_WORK_SIZE_MAX ||
+     newsize - cd->workspace_size < WORK_SIZE_SAFETY_MARGIN)
+  return ERR72;
+ newspace = (PUBL(malloc))(IN_UCHARS(newsize));
+ if (newspace == NULL) return ERR21;
+ memcpy(newspace, cd->start_workspace, cd->workspace_size * sizeof(pcre_uchar));
+ cd->hwm = (pcre_uchar *)newspace + (cd->hwm - cd->start_workspace);
+ if (cd->workspace_size > COMPILE_WORK_SIZE)
+   (PUBL(free))((void *)cd->start_workspace);
+ cd->start_workspace = newspace;
+ cd->workspace_size = newsize;
+ return 0;
+ }
  /*************************************************
  *            Check for counted repeat            *
  *************************************************/
-Line 593 
 Returns:    TRUE or FALSE
+Line 944 
 Returns:    TRUE or FALSE
  */
  static BOOL
- is_counted_repeat(const uschar *p)
+ is_counted_repeat(const pcre_uchar *p)
  {
- if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
+ if (!IS_DIGIT(*p)) return FALSE;
- while ((digitab[*p] & ctype_digit) != 0) p++;
+ p++;
+ while (IS_DIGIT(*p)) p++;
  if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
  if (*p++ != CHAR_COMMA) return FALSE;
  if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
- if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
+ if (!IS_DIGIT(*p)) return FALSE;
- while ((digitab[*p] & ctype_digit) != 0) p++;
+ p++;
+ while (IS_DIGIT(*p)) p++;
  return (*p == CHAR_RIGHT_CURLY_BRACKET);
  }
-Line 615 
 return (*p == CHAR_RIGHT_CURLY_BRACKET);
+Line 968 
 return (*p == CHAR_RIGHT_CURLY_BRACKET);
  *************************************************/
  /* This function is called when a \ has been encountered. It either returns a
- positive value for a simple escape such as \n, or a negative value which
+ positive value for a simple escape such as \n, or 0 for a data character which
- encodes one of the more complicated things such as \d. A backreference to group
+ will be placed in chptr. A backreference to group n is returned as negative n.
- n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
+ When UTF-8 is enabled, a positive value greater than 255 may be returned in
- UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
+ chptr. On entry, ptr is pointing at the \. On exit, it is on the final
- ptr is pointing at the \. On exit, it is on the final character of the escape
+ character of the escape sequence.
- sequence.
  Arguments:
    ptrptr         points to the pattern position pointer
+   chptr          points to a returned data character
    errorcodeptr   points to the errorcode variable
    bracount       number of previous extracting brackets
    options        the options bits
    isclass        TRUE if inside a character class
- Returns:         zero or positive => a data character
+ Returns:         zero => a data character
-                  negative => a special escape sequence
+                  positive => a special escape sequence
+                  negative => a back reference
                   on error, errorcodeptr is set
  */
  static int
- check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,
+ check_escape(const pcre_uchar **ptrptr, pcre_uint32 *chptr, int *errorcodeptr,
-   int options, BOOL isclass)
+   int bracount, int options, BOOL isclass)
  {
- BOOL utf8 = (options & PCRE_UTF8) != 0;
+ /* PCRE_UTF16 has the same value as PCRE_UTF8. */
- const uschar *ptr = *ptrptr + 1;
+ BOOL utf = (options & PCRE_UTF8) != 0;
- int c, i;
+ const pcre_uchar *ptr = *ptrptr + 1;
+ pcre_uint32 c;
+ int escape = 0;
+ int i;
  GETCHARINCTEST(c, ptr);           /* Get character value, increment pointer */
  ptr--;                            /* Set pointer back to the last byte */
  /* If backslash is at the end of the pattern, it's an error. */
- if (c == 0) *errorcodeptr = ERR1;
+ if (c == CHAR_NULL) *errorcodeptr = ERR1;
  /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
  in a table. A non-zero result is something that can be returned immediately.
  Otherwise further processing may be required. */
  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
- else if (c < CHAR_0 || c > CHAR_z) {}                     /* Not alphanumeric */
+ /* Not alphanumeric */
- else if ((i = escapes[c - CHAR_0]) != 0) c = i;
+ else if (c < CHAR_0 || c > CHAR_z) {}
+ else if ((i = escapes[c - CHAR_0]) != 0)
+   { if (i > 0) c = (pcre_uint32)i; else escape = -i; }
  #else           /* EBCDIC coding */
- else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphanumeric */
+ /* Not alphanumeric */
- else if ((i = escapes[c - 0x48]) != 0)  c = i;
+ else if (c < CHAR_a || (!MAX_255(c) || (ebcdic_chartab[c] & 0x0E) == 0)) {}
+ else if ((i = escapes[c - 0x48]) != 0)  { if (i > 0) c = (pcre_uint32)i; else escape = -i; }
  #endif
  /* Escapes that need further processing, or are illegal. */
  else
    {
-   const uschar *oldptr;
+   const pcre_uchar *oldptr;
-   BOOL braced, negated;
+   BOOL braced, negated, overflow;
+   int s;
    switch (c)
      {
-Line 684 
 else
+Line 1045 
 else
        {
        /* In JavaScript, \u must be followed by four hexadecimal numbers.
        Otherwise it is a lowercase u letter. */
-       if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0
+       if (MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0
-            && (digitab[ptr[3]] & ctype_xdigit) != 0 && (digitab[ptr[4]] & ctype_xdigit) != 0)
+         && MAX_255(ptr[2]) && (digitab[ptr[2]] & ctype_xdigit) != 0
+         && MAX_255(ptr[3]) && (digitab[ptr[3]] & ctype_xdigit) != 0
+         && MAX_255(ptr[4]) && (digitab[ptr[4]] & ctype_xdigit) != 0)
          {
          c = 0;
          for (i = 0; i < 4; ++i)
            {
-           register int cc = *(++ptr);
+           register pcre_uint32 cc = *(++ptr);
  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
            if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
            c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
-Line 699 
 else
+Line 1062 
 else
            c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
  #endif
            }
+ #if defined COMPILE_PCRE8
+         if (c > (utf ? 0x10ffffU : 0xffU))
+ #elif defined COMPILE_PCRE16
+         if (c > (utf ? 0x10ffffU : 0xffffU))
+ #elif defined COMPILE_PCRE32
+         if (utf && c > 0x10ffffU)
+ #endif
+           {
+           *errorcodeptr = ERR76;
+           }
+         else if (utf && c >= 0xd800 && c <= 0xdfff) *errorcodeptr = ERR73;
          }
        }
      else
-Line 725 
 else
+Line 1100 
 else
      (3) For Oniguruma compatibility we also support \g followed by a name or a
      number either in angle brackets or in single quotes. However, these are
      (possibly recursive) subroutine calls, _not_ backreferences. Just return
-     the -ESC_g code (cf \k). */
+     the ESC_g code (cf \k). */
      case CHAR_g:
      if (isclass) break;
      if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
        {
-       c = -ESC_g;
+       escape = ESC_g;
        break;
        }
-Line 739 
 else
+Line 1114 
 else
      if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
        {
-       const uschar *p;
+       const pcre_uchar *p;
-       for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
+       for (p = ptr+2; *p != CHAR_NULL && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
-         if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
+         if (*p != CHAR_MINUS && !IS_DIGIT(*p)) break;
-       if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
+       if (*p != CHAR_NULL && *p != CHAR_RIGHT_CURLY_BRACKET)
          {
-         c = -ESC_k;
+         escape = ESC_k;
          break;
          }
        braced = TRUE;
-Line 759 
 else
+Line 1134 
 else
        }
      else negated = FALSE;
-     c = 0;
+     /* The integer range is limited by the machine's int representation. */
-     while ((digitab[ptr[1]] & ctype_digit) != 0)
+     s = 0;
-       c = c * 10 + *(++ptr) - CHAR_0;
+     overflow = FALSE;
+     while (IS_DIGIT(ptr[1]))
-     if (c < 0)   /* Integer overflow */
+       {
+       if (s > INT_MAX / 10 - 1) /* Integer overflow */
+         {
+         overflow = TRUE;
+         break;
+         }
+       s = s * 10 + (int)(*(++ptr) - CHAR_0);
+       }
+     if (overflow) /* Integer overflow */
        {
+       while (IS_DIGIT(ptr[1]))
+         ptr++;
        *errorcodeptr = ERR61;
        break;
        }
-Line 775 
 else
+Line 1160 
 else
        break;
        }
-     if (c == 0)
+     if (s == 0)
        {
        *errorcodeptr = ERR58;
        break;
-Line 783 
 else
+Line 1168 
 else
      if (negated)
        {
-       if (c > bracount)
+       if (s > bracount)
          {
          *errorcodeptr = ERR15;
          break;
          }
-       c = bracount - (c - 1);
+       s = bracount - (s - 1);
        }
-     c = -(ESC_REF + c);
+     escape = -s;
      break;
      /* The handling of escape sequences consisting of a string of digits
-     starting with one that is not zero is not straightforward. By experiment,
+     starting with one that is not zero is not straightforward. Perl has changed
-     the way Perl works seems to be as follows:
+     over the years. Nowadays \g{} for backreferences and \o{} for octal are
+     recommended to avoid the ambiguities in the old syntax.
      Outside a character class, the digits are read as a decimal number. If the
-     number is less than 10, or if there are that many previous extracting
+     number is less than 8 (used to be 10), or if there are that many previous
-     left brackets, then it is a back reference. Otherwise, up to three octal
+     extracting left brackets, then it is a back reference. Otherwise, up to
-     digits are read to form an escaped byte. Thus \123 is likely to be octal
+     three octal digits are read to form an escaped byte. Thus \123 is likely to
-(cf \0123, which is octal 012 followed by the literal 3). If the octal
+     be octal 123 (cf \0123, which is octal 012 followed by the literal 3). If
-     value is greater than 377, the least significant 8 bits are taken. Inside a
+     the octal value is greater than 377, the least significant 8 bits are
-     character class, \ followed by a digit is always an octal number. */
+     taken. \8 and \9 are treated as the literal characters 8 and 9.
+     Inside a character class, \ followed by a digit is always either a literal
+or 9 or an octal number. */
      case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
      case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
-Line 812 
 else
+Line 1201 
 else
      if (!isclass)
        {
        oldptr = ptr;
-       c -= CHAR_0;
+       /* The integer range is limited by the machine's int representation. */
-       while ((digitab[ptr[1]] & ctype_digit) != 0)
+       s = (int)(c -CHAR_0);
-         c = c * 10 + *(++ptr) - CHAR_0;
+       overflow = FALSE;
-       if (c < 0)    /* Integer overflow */
+       while (IS_DIGIT(ptr[1]))
+         {
+         if (s > INT_MAX / 10 - 1) /* Integer overflow */
+           {
+           overflow = TRUE;
+           break;
+           }
+         s = s * 10 + (int)(*(++ptr) - CHAR_0);
+         }
+       if (overflow) /* Integer overflow */
          {
+         while (IS_DIGIT(ptr[1]))
+           ptr++;
          *errorcodeptr = ERR61;
          break;
          }
-       if (c < 10 || c <= bracount)
+       if (s < 8 || s <= bracount)  /* Check for back reference */
          {
-         c = -(ESC_REF + c);
+         escape = -s;
          break;
          }
        ptr = oldptr;      /* Put the pointer back and fall through */
        }
-     /* Handle an octal number following \. If the first digit is 8 or 9, Perl
+     /* Handle a digit following \ when the number is not a back reference. If
-     generates a binary zero byte and treats the digit as a following literal.
+     the first digit is 8 or 9, Perl used to generate a binary zero byte and
-     Thus we have to pull back the pointer by one. */
+     then treat the digit as a following literal. At least by Perl 5.18 this
+     changed so as not to insert the binary zero. */
-     if ((c = *ptr) >= CHAR_8)
+     if ((c = *ptr) >= CHAR_8) break;
-       {
-       ptr--;
+     /* Fall through with a digit less than 8 */
-       c = 0;
-       break;
-       }
      /* \0 always starts an octal number, but we may drop through to here with a
      larger first octal digit. The original code used just to take the least
      significant 8 bits of octal numbers (I think this is what early Perls used
-     to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
+     to do). Nowadays we allow for larger numbers in UTF-8 mode and 16-bit mode,
-     than 3 octal digits. */
+     but no more than 3 octal digits. */
      case CHAR_0:
      c -= CHAR_0;
      while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
          c = c * 8 + *(++ptr) - CHAR_0;
-     if (!utf8 && c > 255) *errorcodeptr = ERR51;
+ #ifdef COMPILE_PCRE8
+     if (!utf && c > 0xff) *errorcodeptr = ERR51;
+ #endif
+     break;
+     /* \o is a relatively new Perl feature, supporting a more general way of
+     specifying character codes in octal. The only supported form is \o{ddd}. */
+     case CHAR_o:
+     if (ptr[1] != CHAR_LEFT_CURLY_BRACKET) *errorcodeptr = ERR81; else
+       {
+       ptr += 2;
+       c = 0;
+       overflow = FALSE;
+       while (*ptr >= CHAR_0 && *ptr <= CHAR_7)
+         {
+         register pcre_uint32 cc = *ptr++;
+         if (c == 0 && cc == CHAR_0) continue;     /* Leading zeroes */
+ #ifdef COMPILE_PCRE32
+         if (c >= 0x20000000l) { overflow = TRUE; break; }
+ #endif
+         c = (c << 3) + cc - CHAR_0 ;
+ #if defined COMPILE_PCRE8
+         if (c > (utf ? 0x10ffffU : 0xffU)) { overflow = TRUE; break; }
+ #elif defined COMPILE_PCRE16
+         if (c > (utf ? 0x10ffffU : 0xffffU)) { overflow = TRUE; break; }
+ #elif defined COMPILE_PCRE32
+         if (utf && c > 0x10ffffU) { overflow = TRUE; break; }
+ #endif
+         }
+       if (overflow)
+         {
+         while (*ptr >= CHAR_0 && *ptr <= CHAR_7) ptr++;
+         *errorcodeptr = ERR34;
+         }
+       else if (*ptr == CHAR_RIGHT_CURLY_BRACKET)
+         {
+         if (utf && c >= 0xd800 && c <= 0xdfff) *errorcodeptr = ERR73;
+         }
+       else *errorcodeptr = ERR80;
+       }
      break;
-     /* \x is complicated. \x{ddd} is a character number which can be greater
+     /* \x is complicated. In JavaScript, \x must be followed by two hexadecimal
-     than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
+     numbers. Otherwise it is a lowercase x letter. */
-     treated as a data character. */
      case CHAR_x:
      if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
        {
-       /* In JavaScript, \x must be followed by two hexadecimal numbers.
+       if (MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0
-       Otherwise it is a lowercase x letter. */
+         && MAX_255(ptr[2]) && (digitab[ptr[2]] & ctype_xdigit) != 0)
-       if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0)
          {
          c = 0;
          for (i = 0; i < 2; ++i)
            {
-           register int cc = *(++ptr);
+           register pcre_uint32 cc = *(++ptr);
  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
            if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
            c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
-Line 876 
 else
+Line 1312 
 else
  #endif
            }
          }
-       break;
+       }    /* End JavaScript handling */
-       }
-     if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
+     /* Handle \x in Perl's style. \x{ddd} is a character number which can be
-       {
+     greater than 0xff in utf or non-8bit mode, but only if the ddd are hex
-       const uschar *pt = ptr + 2;
+     digits. If not, { used to be treated as a data character. However, Perl
-       int count = 0;
+     seems to read hex digits up to the first non-such, and ignore the rest, so
+     that, for example \x{zz} matches a binary zero. This seems crazy, so PCRE
+     now gives an error. */
-       c = 0;
+     else
-       while ((digitab[*pt] & ctype_xdigit) != 0)
+       {
+       if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
          {
-         register int cc = *pt++;
+         ptr += 2;
-         if (c == 0 && cc == CHAR_0) continue;     /* Leading zeroes */
+         c = 0;
-         count++;
+         overflow = FALSE;
+         while (MAX_255(*ptr) && (digitab[*ptr] & ctype_xdigit) != 0)
+           {
+           register pcre_uint32 cc = *ptr++;
+           if (c == 0 && cc == CHAR_0) continue;     /* Leading zeroes */
+ #ifdef COMPILE_PCRE32
+           if (c >= 0x10000000l) { overflow = TRUE; break; }
+ #endif
  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
-         if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
+           if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
-         c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
+           c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
  #else           /* EBCDIC coding */
-         if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
+           if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
-         c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
+           c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
  #endif
-         }
-       if (*pt == CHAR_RIGHT_CURLY_BRACKET)
+ #if defined COMPILE_PCRE8
-         {
+           if (c > (utf ? 0x10ffffU : 0xffU)) { overflow = TRUE; break; }
-         if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
+ #elif defined COMPILE_PCRE16
-         ptr = pt;
+           if (c > (utf ? 0x10ffffU : 0xffffU)) { overflow = TRUE; break; }
-         break;
+ #elif defined COMPILE_PCRE32
-         }
+           if (utf && c > 0x10ffffU) { overflow = TRUE; break; }
+ #endif
+           }
-       /* If the sequence of hex digits does not end with '}', then we don't
+         if (overflow)
-       recognize this construct; fall through to the normal \x handling. */
+           {
-       }
+           while (MAX_255(*ptr) && (digitab[*ptr] & ctype_xdigit) != 0) ptr++;
+           *errorcodeptr = ERR34;
+           }
+         else if (*ptr == CHAR_RIGHT_CURLY_BRACKET)
+           {
+           if (utf && c >= 0xd800 && c <= 0xdfff) *errorcodeptr = ERR73;
+           }
-     /* Read just a single-byte hex-defined char */
+         /* If the sequence of hex digits does not end with '}', give an error.
+         We used just to recognize this construct and fall through to the normal
+         \x handling, but nowadays Perl gives an error, which seems much more
+         sensible, so we do too. */
-     c = 0;
+         else *errorcodeptr = ERR79;
-     while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
+         }   /* End of \x{} processing */
-       {
-       int cc;                                  /* Some compilers don't like */
+       /* Read a single-byte hex-defined char (up to two hex digits after \x) */
-       cc = *(++ptr);                           /* ++ in initializers */
+       else
+         {
+         c = 0;
+         while (i++ < 2 && MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0)
+           {
+           pcre_uint32 cc;                          /* Some compilers don't like */
+           cc = *(++ptr);                           /* ++ in initializers */
  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
-       if (cc >= CHAR_a) cc -= 32;              /* Convert to upper case */
+           if (cc >= CHAR_a) cc -= 32;              /* Convert to upper case */
-       c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
+           c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
  #else           /* EBCDIC coding */
-       if (cc <= CHAR_z) cc += 64;              /* Convert to upper case */
+           if (cc <= CHAR_z) cc += 64;              /* Convert to upper case */
-       c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
+           c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
  #endif
-       }
+           }
+         }     /* End of \xdd handling */
+       }       /* End of Perl-style \x handling */
      break;
      /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
-Line 935 
 else
+Line 1401 
 else
      case CHAR_c:
      c = *(++ptr);
-     if (c == 0)
+     if (c == CHAR_NULL)
        {
        *errorcodeptr = ERR2;
        break;
-Line 975 
 else
+Line 1441 
 else
  newline". PCRE does not support \N{name}. However, it does support
  quantification such as \N{2,3}. */
- if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
+ if (escape == ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
       !is_counted_repeat(ptr+2))
    *errorcodeptr = ERR37;
  /* If PCRE_UCP is set, we change the values for \d etc. */
- if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
+ if ((options & PCRE_UCP) != 0 && escape >= ESC_D && escape <= ESC_w)
-   c -= (ESC_DU - ESC_D);
+   escape += (ESC_DU - ESC_D);
  /* Set the pointer to the final character before returning. */
  *ptrptr = ptr;
- return c;
+ *chptr = c;
+ return escape;
  }
-Line 1005 
 escape sequence.
+Line 1472 
 escape sequence.
  Argument:
    ptrptr         points to the pattern position pointer
    negptr         points to a boolean that is set TRUE for negation else FALSE
-   dptr           points to an int that is set to the detailed property value
+   ptypeptr       points to an unsigned int that is set to the type value
+   pdataptr       points to an unsigned int that is set to the detailed property value
    errorcodeptr   points to the error code variable
- Returns:         type value from ucp_type_table, or -1 for an invalid type
+ Returns:         TRUE if the type value was found, or FALSE for an invalid type
  */
- static int
+ static BOOL
- get_ucp(const uschar **ptrptr, BOOL *negptr, int *dptr, int *errorcodeptr)
+ get_ucp(const pcre_uchar **ptrptr, BOOL *negptr, unsigned int *ptypeptr,
+   unsigned int *pdataptr, int *errorcodeptr)
  {
- int c, i, bot, top;
+ pcre_uchar c;
- const uschar *ptr = *ptrptr;
+ int i, bot, top;
- char name[32];
+ const pcre_uchar *ptr = *ptrptr;
+ pcre_uchar name[32];
  c = *(++ptr);
- if (c == 0) goto ERROR_RETURN;
+ if (c == CHAR_NULL) goto ERROR_RETURN;
  *negptr = FALSE;
-Line 1033 
 if (c == CHAR_LEFT_CURLY_BRACKET)
+Line 1503 
 if (c == CHAR_LEFT_CURLY_BRACKET)
      *negptr = TRUE;
      ptr++;
      }
-   for (i = 0; i < (int)sizeof(name) - 1; i++)
+   for (i = 0; i < (int)(sizeof(name) / sizeof(pcre_uchar)) - 1; i++)
      {
      c = *(++ptr);
-     if (c == 0) goto ERROR_RETURN;
+     if (c == CHAR_NULL) goto ERROR_RETURN;
      if (c == CHAR_RIGHT_CURLY_BRACKET) break;
      name[i] = c;
      }
-Line 1057 
 else
+Line 1527 
 else
  /* Search for a recognized property name using binary chop */
  bot = 0;
- top = _pcre_utt_size;
+ top = PRIV(utt_size);
  while (bot < top)
    {
+   int r;
    i = (bot + top) >> 1;
-   c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
+   r = STRCMP_UC_C8(name, PRIV(utt_names) + PRIV(utt)[i].name_offset);
-   if (c == 0)
+   if (r == 0)
      {
-     *dptr = _pcre_utt[i].value;
+     *ptypeptr = PRIV(utt)[i].type;
-     return _pcre_utt[i].type;
+     *pdataptr = PRIV(utt)[i].value;
+     return TRUE;
      }
-   if (c > 0) bot = i + 1; else top = i;
+   if (r > 0) bot = i + 1; else top = i;
    }
  *errorcodeptr = ERR47;
  *ptrptr = ptr;
- return -1;
+ return FALSE;
  ERROR_RETURN:
  *errorcodeptr = ERR46;
  *ptrptr = ptr;
- return -1;
+ return FALSE;
  }
  #endif
  /*************************************************
  *         Read repeat counts                     *
  *************************************************/
-Line 1104 
 Returns:         pointer to '}' on succe
+Line 1575 
 Returns:         pointer to '}' on succe
                   current ptr on error, with errorcodeptr set non-zero
  */
- static const uschar *
+ static const pcre_uchar *
- read_repeat_counts(const uschar *p, int *minp, int *maxp, int *errorcodeptr)
+ read_repeat_counts(const pcre_uchar *p, int *minp, int *maxp, int *errorcodeptr)
  {
  int min = 0;
  int max = -1;
-Line 1113 
 int max = -1;
+Line 1584 
 int max = -1;
  /* Read the minimum value and do a paranoid check: a negative value indicates
  an integer overflow. */
- while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
+ while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0);
  if (min < 0 || min > 65535)
    {
    *errorcodeptr = ERR5;
-Line 1128 
 if (*p == CHAR_RIGHT_CURLY_BRACKET) max
+Line 1599 
 if (*p == CHAR_RIGHT_CURLY_BRACKET) max
    if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
      {
      max = 0;
-     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
+     while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0);
      if (max < 0 || max > 65535)
        {
        *errorcodeptr = ERR5;
-Line 1153 
 return p;
+Line 1624 
 return p;
  /*************************************************
- *  Subroutine for finding forward reference      *
+ *      Find first significant op code            *
  *************************************************/
- /* This recursive function is called only from find_parens() below. The
+ /* This is called by several functions that scan a compiled expression looking
- top-level call starts at the beginning of the pattern. All other calls must
+ for a fixed first character, or an anchoring op code etc. It skips over things
- start at a parenthesis. It scans along a pattern's text looking for capturing
+ that do not influence this. For some calls, it makes sense to skip negative
- subpatterns, and counting them. If it finds a named pattern that matches the
+ forward and all backward assertions, and also the \b assertion; for others it
- name it is given, it returns its number. Alternatively, if the name is NULL, it
+ does not.
- returns when it reaches a given numbered subpattern. Recursion is used to keep
- track of subpatterns that reset the capturing group numbers - the (?| feature.
- This function was originally called only from the second pass, in which we know
- that if (?< or (?' or (?P< is encountered, the name will be correctly
- terminated because that is checked in the first pass. There is now one call to
- this function in the first pass, to check for a recursive back reference by
- name (so that we can make the whole group atomic). In this case, we need check
- only up to the current position in the pattern, and that is still OK because
- and previous occurrences will have been checked. To make this work, the test
- for "end of pattern" is a check against cd->end_pattern in the main loop,
- instead of looking for a binary zero. This means that the special first-pass
- call can adjust cd->end_pattern temporarily. (Checks for binary zero while
- processing items within the loop are OK, because afterwards the main loop will
- terminate.)
  Arguments:
-   ptrptr       address of the current character pointer (updated)
+   code         pointer to the start of the group
-   cd           compile background data
+   skipassert   TRUE if certain assertions are to be skipped
-   name         name to seek, or NULL if seeking a numbered subpattern
-   lorn         name length, or subpattern number if name is NULL
-   xmode        TRUE if we are in /x mode
-   utf8         TRUE if we are in UTF-8 mode
-   count        pointer to the current capturing subpattern number (updated)
- Returns:       the number of the named subpattern, or -1 if not found
+ Returns:       pointer to the first significant opcode
  */
- static int
+ static const pcre_uchar*
- find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
+ first_significant_code(const pcre_uchar *code, BOOL skipassert)
-   BOOL xmode, BOOL utf8, int *count)
  {
- uschar *ptr = *ptrptr;
+ for (;;)
- int start_count = *count;
- int hwm_count = start_count;
- BOOL dup_parens = FALSE;
- /* If the first character is a parenthesis, check on the type of group we are
- dealing with. The very first call may not start with a parenthesis. */
- if (ptr[0] == CHAR_LEFT_PARENTHESIS)
    {
-   /* Handle specials such as (*SKIP) or (*UTF8) etc. */
+   switch ((int)*code)
+     {
+     case OP_ASSERT_NOT:
+     case OP_ASSERTBACK:
+     case OP_ASSERTBACK_NOT:
+     if (!skipassert) return code;
+     do code += GET(code, 1); while (*code == OP_ALT);
+     code += PRIV(OP_lengths)[*code];
+     break;
-   if (ptr[1] == CHAR_ASTERISK) ptr += 2;
+     case OP_WORD_BOUNDARY:
+     case OP_NOT_WORD_BOUNDARY:
+     if (!skipassert) return code;
+     /* Fall through */
-   /* Handle a normal, unnamed capturing parenthesis. */
+     case OP_CALLOUT:
+     case OP_CREF:
+     case OP_DNCREF:
+     case OP_RREF:
+     case OP_DNRREF:
+     case OP_DEF:
+     code += PRIV(OP_lengths)[*code];
+     break;
-   else if (ptr[1] != CHAR_QUESTION_MARK)
+     default:
-     {
+     return code;
-     *count += 1;
-     if (name == NULL && *count == lorn) return *count;
-     ptr++;
      }
+   }
+ /* Control never reaches here */
+ }
-   /* All cases now have (? at the start. Remember when we are in a group
-   where the parenthesis numbers are duplicated. */
-   else if (ptr[2] == CHAR_VERTICAL_LINE)
-     {
-     ptr += 3;
-     dup_parens = TRUE;
-     }
-   /* Handle comments; all characters are allowed until a ket is reached. */
-   else if (ptr[2] == CHAR_NUMBER_SIGN)
+ /*************************************************
-     {
+ *        Find the fixed length of a branch       *
-     for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
+ *************************************************/
-     goto FAIL_EXIT;
-     }
-   /* Handle a condition. If it is an assertion, just carry on so that it
+ /* Scan a branch and compute the fixed length of subject that will match it,
-   is processed as normal. If not, skip to the closing parenthesis of the
+ if the length is fixed. This is needed for dealing with backward assertions.
-   condition (there can't be any nested parens). */
+ In UTF8 mode, the result is in characters rather than bytes. The branch is
+ temporarily terminated with OP_END when this function is called.
-   else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
+ This function is called when a backward assertion is encountered, so that if it
-     {
+ fails, the error message can point to the correct place in the pattern.
-     ptr += 2;
+ However, we cannot do this when the assertion contains subroutine calls,
-     if (ptr[1] != CHAR_QUESTION_MARK)
+ because they can be forward references. We solve this by remembering this case
-       {
+ and doing the check at the end; a flag specifies which mode we are running in.
-       while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
-       if (*ptr != 0) ptr++;
-       }
-     }
-   /* Start with (? but not a condition. */
+ Arguments:
+   code     points to the start of the pattern (the bracket)
+   utf      TRUE in UTF-8 / UTF-16 / UTF-32 mode
+   atend    TRUE if called when the pattern is complete
+   cd       the "compile data" structure
-   else
+ Returns:   the fixed length,
-     {
+              or -1 if there is no fixed length,
-     ptr += 2;
+              or -2 if \C was encountered (in UTF-8 mode only)
-     if (*ptr == CHAR_P) ptr++;                      /* Allow optional P */
+              or -3 if an OP_RECURSE item was encountered and atend is FALSE
+              or -4 if an unknown opcode was encountered (internal error)
+ */
-     /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
+ static int
+ find_fixedlength(pcre_uchar *code, BOOL utf, BOOL atend, compile_data *cd)
+ {
+ int length = -1;
-     if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
+ register int branchlength = 0;
-         ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
+ register pcre_uchar *cc = code + 1 + LINK_SIZE;
-       {
-       int term;
-       const uschar *thisname;
-       *count += 1;
-       if (name == NULL && *count == lorn) return *count;
-       term = *ptr++;
-       if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
-       thisname = ptr;
-       while (*ptr != term) ptr++;
-       if (name != NULL && lorn == ptr - thisname &&
-           strncmp((const char *)name, (const char *)thisname, lorn) == 0)
-         return *count;
-       term++;
-       }
-     }
-   }
- /* Past any initial parenthesis handling, scan for parentheses or vertical
+ /* Scan along the opcodes for this branch. If we get to the end of the
- bars. Stop if we get to cd->end_pattern. Note that this is important for the
+ branch, check the length against that of the other branches. */
- first-pass call when this value is temporarily adjusted to stop at the current
- position. So DO NOT change this to a test for binary zero. */
- for (; ptr < cd->end_pattern; ptr++)
+ for (;;)
    {
-   /* Skip over backslashed characters and also entire \Q...\E */
+   int d;
+   pcre_uchar *ce, *cs;
+   register pcre_uchar op = *cc;
-   if (*ptr == CHAR_BACKSLASH)
+   switch (op)
      {
-     if (*(++ptr) == 0) goto FAIL_EXIT;
+     /* We only need to continue for OP_CBRA (normal capturing bracket) and
-     if (*ptr == CHAR_Q) for (;;)
+     OP_BRA (normal non-capturing bracket) because the other variants of these
-       {
+     opcodes are all concerned with unlimited repeated groups, which of course
-       while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
+     are not of fixed length. */
-       if (*ptr == 0) goto FAIL_EXIT;
-       if (*(++ptr) == CHAR_E) break;
-       }
-     continue;
-     }
-   /* Skip over character classes; this logic must be similar to the way they
+     case OP_CBRA:
-   are handled for real. If the first character is '^', skip it. Also, if the
+     case OP_BRA:
-   first few characters (either before or after ^) are \Q\E or \E we skip them
+     case OP_ONCE:
-   too. This makes for compatibility with Perl. Note the use of STR macros to
+     case OP_ONCE_NC:
-   encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
+     case OP_COND:
+     d = find_fixedlength(cc + ((op == OP_CBRA)? IMM2_SIZE : 0), utf, atend, cd);
+     if (d < 0) return d;
+     branchlength += d;
+     do cc += GET(cc, 1); while (*cc == OP_ALT);
+     cc += 1 + LINK_SIZE;
+     break;
-   if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
+     /* Reached end of a branch; if it's a ket it is the end of a nested call.
-     {
+     If it's ALT it is an alternation in a nested call. An ACCEPT is effectively
-     BOOL negate_class = FALSE;
+     an ALT. If it is END it's the end of the outer call. All can be handled by
-     for (;;)
+     the same code. Note that we must not include the OP_KETRxxx opcodes here,
-       {
+     because they all imply an unlimited repeat. */
-       if (ptr[1] == CHAR_BACKSLASH)
-         {
-         if (ptr[2] == CHAR_E)
-           ptr+= 2;
-         else if (strncmp((const char *)ptr+2,
-                  STR_Q STR_BACKSLASH STR_E, 3) == 0)
-           ptr += 4;
-         else
-           break;
-         }
-       else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
-         {
-         negate_class = TRUE;
-         ptr++;
-         }
-       else break;
-       }
-     /* If the next character is ']', it is a data character that must be
+     case OP_ALT:
-     skipped, except in JavaScript compatibility mode. */
+     case OP_KET:
+     case OP_END:
+     case OP_ACCEPT:
+     case OP_ASSERT_ACCEPT:
+     if (length < 0) length = branchlength;
+       else if (length != branchlength) return -1;
+     if (*cc != OP_ALT) return length;
+     cc += 1 + LINK_SIZE;
+     branchlength = 0;
+     break;
-     if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
+     /* A true recursion implies not fixed length, but a subroutine call may
-         (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
+     be OK. If the subroutine is a forward reference, we can't deal with
-       ptr++;
+     it until the end of the pattern, so return -3. */
-     while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
-       {
-       if (*ptr == 0) return -1;
-       if (*ptr == CHAR_BACKSLASH)
-         {
-         if (*(++ptr) == 0) goto FAIL_EXIT;
-         if (*ptr == CHAR_Q) for (;;)
-           {
-           while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
-           if (*ptr == 0) goto FAIL_EXIT;
-           if (*(++ptr) == CHAR_E) break;
-           }
-         continue;
-         }
-       }
-     continue;
-     }
-   /* Skip comments in /x mode */
-   if (xmode && *ptr == CHAR_NUMBER_SIGN)
-     {
-     ptr++;
-     while (*ptr != 0)
-       {
-       if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
-       ptr++;
- #ifdef SUPPORT_UTF8
-       if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
- #endif
-       }
-     if (*ptr == 0) goto FAIL_EXIT;
-     continue;
-     }
-   /* Check for the special metacharacters */
-   if (*ptr == CHAR_LEFT_PARENTHESIS)
-     {
-     int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
-     if (rc > 0) return rc;
-     if (*ptr == 0) goto FAIL_EXIT;
-     }
-   else if (*ptr == CHAR_RIGHT_PARENTHESIS)
-     {
-     if (dup_parens && *count < hwm_count) *count = hwm_count;
-     goto FAIL_EXIT;
-     }
-   else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
-     {
-     if (*count > hwm_count) hwm_count = *count;
-     *count = start_count;
-     }
-   }
- FAIL_EXIT:
- *ptrptr = ptr;
- return -1;
- }
- /*************************************************
- *       Find forward referenced subpattern       *
- *************************************************/
- /* This function scans along a pattern's text looking for capturing
- subpatterns, and counting them. If it finds a named pattern that matches the
- name it is given, it returns its number. Alternatively, if the name is NULL, it
- returns when it reaches a given numbered subpattern. This is used for forward
- references to subpatterns. We used to be able to start this scan from the
- current compiling point, using the current count value from cd->bracount, and
- do it all in a single loop, but the addition of the possibility of duplicate
- subpattern numbers means that we have to scan from the very start, in order to
- take account of such duplicates, and to use a recursive function to keep track
- of the different types of group.
- Arguments:
-   cd           compile background data
-   name         name to seek, or NULL if seeking a numbered subpattern
-   lorn         name length, or subpattern number if name is NULL
-   xmode        TRUE if we are in /x mode
-   utf8         TRUE if we are in UTF-8 mode
- Returns:       the number of the found subpattern, or -1 if not found
- */
- static int
- find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
-   BOOL utf8)
- {
- uschar *ptr = (uschar *)cd->start_pattern;
- int count = 0;
- int rc;
- /* If the pattern does not start with an opening parenthesis, the first call
- to find_parens_sub() will scan right to the end (if necessary). However, if it
- does start with a parenthesis, find_parens_sub() will return when it hits the
- matching closing parens. That is why we have to have a loop. */
- for (;;)
-   {
-   rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
-   if (rc > 0 || *ptr++ == 0) break;
-   }
- return rc;
- }
- /*************************************************
- *      Find first significant op code            *
- *************************************************/
- /* This is called by several functions that scan a compiled expression looking
- for a fixed first character, or an anchoring op code etc. It skips over things
- that do not influence this. For some calls, it makes sense to skip negative
- forward and all backward assertions, and also the \b assertion; for others it
- does not.
- Arguments:
-   code         pointer to the start of the group
-   skipassert   TRUE if certain assertions are to be skipped
- Returns:       pointer to the first significant opcode
- */
- static const uschar*
- first_significant_code(const uschar *code, BOOL skipassert)
- {
- for (;;)
-   {
-   switch ((int)*code)
-     {
-     case OP_ASSERT_NOT:
-     case OP_ASSERTBACK:
-     case OP_ASSERTBACK_NOT:
-     if (!skipassert) return code;
-     do code += GET(code, 1); while (*code == OP_ALT);
-     code += _pcre_OP_lengths[*code];
-     break;
-     case OP_WORD_BOUNDARY:
-     case OP_NOT_WORD_BOUNDARY:
-     if (!skipassert) return code;
-     /* Fall through */
-     case OP_CALLOUT:
-     case OP_CREF:
-     case OP_NCREF:
-     case OP_RREF:
-     case OP_NRREF:
-     case OP_DEF:
-     code += _pcre_OP_lengths[*code];
-     break;
-     default:
-     return code;
-     }
-   }
- /* Control never reaches here */
- }
- /*************************************************
- *        Find the fixed length of a branch       *
- *************************************************/
- /* Scan a branch and compute the fixed length of subject that will match it,
- if the length is fixed. This is needed for dealing with backward assertions.
- In UTF8 mode, the result is in characters rather than bytes. The branch is
- temporarily terminated with OP_END when this function is called.
- This function is called when a backward assertion is encountered, so that if it
- fails, the error message can point to the correct place in the pattern.
- However, we cannot do this when the assertion contains subroutine calls,
- because they can be forward references. We solve this by remembering this case
- and doing the check at the end; a flag specifies which mode we are running in.
- Arguments:
-   code     points to the start of the pattern (the bracket)
-   utf8     TRUE in UTF-8 mode
-   atend    TRUE if called when the pattern is complete
-   cd       the "compile data" structure
- Returns:   the fixed length,
-              or -1 if there is no fixed length,
-              or -2 if \C was encountered
-              or -3 if an OP_RECURSE item was encountered and atend is FALSE
- */
- static int
- find_fixedlength(uschar *code, BOOL utf8, BOOL atend, compile_data *cd)
- {
- int length = -1;
- register int branchlength = 0;
- register uschar *cc = code + 1 + LINK_SIZE;
- /* Scan along the opcodes for this branch. If we get to the end of the
- branch, check the length against that of the other branches. */
- for (;;)
-   {
-   int d;
-   uschar *ce, *cs;
-   register int op = *cc;
-   switch (op)
-     {
-     /* We only need to continue for OP_CBRA (normal capturing bracket) and
-     OP_BRA (normal non-capturing bracket) because the other variants of these
-     opcodes are all concerned with unlimited repeated groups, which of course
-     are not of fixed length. They will cause a -1 response from the default
-     case of this switch. */
-     case OP_CBRA:
-     case OP_BRA:
-     case OP_ONCE:
-     case OP_ONCE_NC:
-     case OP_COND:
-     d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), utf8, atend, cd);
-     if (d < 0) return d;
-     branchlength += d;
-     do cc += GET(cc, 1); while (*cc == OP_ALT);
-     cc += 1 + LINK_SIZE;
-     break;
-     /* Reached end of a branch; if it's a ket it is the end of a nested
-     call. If it's ALT it is an alternation in a nested call. If it is
-     END it's the end of the outer call. All can be handled by the same code.
-     Note that we must not include the OP_KETRxxx opcodes here, because they
-     all imply an unlimited repeat. */
-     case OP_ALT:
-     case OP_KET:
-     case OP_END:
-     if (length < 0) length = branchlength;
-       else if (length != branchlength) return -1;
-     if (*cc != OP_ALT) return length;
-     cc += 1 + LINK_SIZE;
-     branchlength = 0;
-     break;
-     /* A true recursion implies not fixed length, but a subroutine call may
-     be OK. If the subroutine is a forward reference, we can't deal with
-     it until the end of the pattern, so return -3. */
      case OP_RECURSE:
      if (!atend) return -3;
-     cs = ce = (uschar *)cd->start_code + GET(cc, 1);  /* Start subpattern */
+     cs = ce = (pcre_uchar *)cd->start_code + GET(cc, 1);  /* Start subpattern */
-     do ce += GET(ce, 1); while (*ce == OP_ALT);       /* End subpattern */
+     do ce += GET(ce, 1); while (*ce == OP_ALT);           /* End subpattern */
-     if (cc > cs && cc < ce) return -1;                /* Recursion */
+     if (cc > cs && cc < ce) return -1;                    /* Recursion */
-     d = find_fixedlength(cs + 2, utf8, atend, cd);
+     d = find_fixedlength(cs + IMM2_SIZE, utf, atend, cd);
      if (d < 0) return d;
      branchlength += d;
      cc += 1 + LINK_SIZE;
-Line 1604 
 for (;;)
+Line 1782 
 for (;;)
      case OP_ASSERTBACK:
      case OP_ASSERTBACK_NOT:
      do cc += GET(cc, 1); while (*cc == OP_ALT);
-     /* Fall through */
+     cc += PRIV(OP_lengths)[*cc];
+     break;
      /* Skip over things that don't match chars */
-     case OP_REVERSE:
+     case OP_MARK:
-     case OP_CREF:
+     case OP_PRUNE_ARG:
-     case OP_NCREF:
+     case OP_SKIP_ARG:
-     case OP_RREF:
+     case OP_THEN_ARG:
-     case OP_NRREF:
+     cc += cc[1] + PRIV(OP_lengths)[*cc];
-     case OP_DEF:
+     break;
      case OP_CALLOUT:
-     case OP_SOD:
-     case OP_SOM:
-     case OP_SET_SOM:
-     case OP_EOD:
-     case OP_EODN:
      case OP_CIRC:
      case OP_CIRCM:
+     case OP_CLOSE:
+     case OP_COMMIT:
+     case OP_CREF:
+     case OP_DEF:
+     case OP_DNCREF:
+     case OP_DNRREF:
      case OP_DOLL:
      case OP_DOLLM:
+     case OP_EOD:
+     case OP_EODN:
+     case OP_FAIL:
      case OP_NOT_WORD_BOUNDARY:
+     case OP_PRUNE:
+     case OP_REVERSE:
+     case OP_RREF:
+     case OP_SET_SOM:
+     case OP_SKIP:
+     case OP_SOD:
+     case OP_SOM:
+     case OP_THEN:
      case OP_WORD_BOUNDARY:
-     cc += _pcre_OP_lengths[*cc];
+     cc += PRIV(OP_lengths)[*cc];
      break;
      /* Handle literal characters */
-Line 1637 
 for (;;)
+Line 1829 
 for (;;)
      case OP_NOTI:
      branchlength++;
      cc += 2;
- #ifdef SUPPORT_UTF8
+ #ifdef SUPPORT_UTF
-     if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
+     if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
  #endif
      break;
-Line 1646 
 for (;;)
+Line 1838 
 for (;;)
      need to skip over a multibyte character in UTF8 mode.  */
      case OP_EXACT:
-     branchlength += GET2(cc,1);
+     case OP_EXACTI:
-     cc += 4;
+     case OP_NOTEXACT:
- #ifdef SUPPORT_UTF8
+     case OP_NOTEXACTI:
-     if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
+     branchlength += (int)GET2(cc,1);
+     cc += 2 + IMM2_SIZE;
+ #ifdef SUPPORT_UTF
+     if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
  #endif
      break;
      case OP_TYPEEXACT:
      branchlength += GET2(cc,1);
-     if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
+     if (cc[1 + IMM2_SIZE] == OP_PROP || cc[1 + IMM2_SIZE] == OP_NOTPROP)
-     cc += 4;
+       cc += 2;
+     cc += 1 + IMM2_SIZE + 1;
      break;
      /* Handle single-char matchers */
-Line 1666 
 for (;;)
+Line 1862 
 for (;;)
      cc += 2;
      /* Fall through */
+     case OP_HSPACE:
+     case OP_VSPACE:
+     case OP_NOT_HSPACE:
+     case OP_NOT_VSPACE:
      case OP_NOT_DIGIT:
      case OP_DIGIT:
      case OP_NOT_WHITESPACE:
-Line 1678 
 for (;;)
+Line 1878 
 for (;;)
      cc++;
      break;
-     /* The single-byte matcher isn't allowed */
+     /* The single-byte matcher isn't allowed. This only happens in UTF-8 mode;
+     otherwise \C is coded as OP_ALLANY. */
      case OP_ANYBYTE:
      return -2;
      /* Check a class for variable quantification */
- #ifdef SUPPORT_UTF8
-     case OP_XCLASS:
-     cc += GET(cc, 1) - 33;
-     /* Fall through */
- #endif
      case OP_CLASS:
      case OP_NCLASS:
-     cc += 33;
+ #if defined SUPPORT_UTF || defined COMPILE_PCRE16 || defined COMPILE_PCRE32
+     case OP_XCLASS:
+     /* The original code caused an unsigned overflow in 64 bit systems,
+     so now we use a conditional statement. */
+     if (op == OP_XCLASS)
+       cc += GET(cc, 1);
+     else
+       cc += PRIV(OP_lengths)[OP_CLASS];
+ #else
+     cc += PRIV(OP_lengths)[OP_CLASS];
+ #endif
      switch (*cc)
        {
        case OP_CRSTAR:
        case OP_CRMINSTAR:
+       case OP_CRPLUS:
+       case OP_CRMINPLUS:
        case OP_CRQUERY:
        case OP_CRMINQUERY:
+       case OP_CRPOSSTAR:
+       case OP_CRPOSPLUS:
+       case OP_CRPOSQUERY:
        return -1;
        case OP_CRRANGE:
        case OP_CRMINRANGE:
-       if (GET2(cc,1) != GET2(cc,3)) return -1;
+       case OP_CRPOSRANGE:
-       branchlength += GET2(cc,1);
+       if (GET2(cc,1) != GET2(cc,1+IMM2_SIZE)) return -1;
-       cc += 5;
+       branchlength += (int)GET2(cc,1);
+       cc += 1 + 2 * IMM2_SIZE;
        break;
        default:
-Line 1717 
 for (;;)
+Line 1928 
 for (;;)
      /* Anything else is variable length */
-     default:
+     case OP_ANYNL:
+     case OP_BRAMINZERO:
+     case OP_BRAPOS:
+     case OP_BRAPOSZERO:
+     case OP_BRAZERO:
+     case OP_CBRAPOS:
+     case OP_EXTUNI:
+     case OP_KETRMAX:
+     case OP_KETRMIN:
+     case OP_KETRPOS:
+     case OP_MINPLUS:
+     case OP_MINPLUSI:
+     case OP_MINQUERY:
+     case OP_MINQUERYI:
+     case OP_MINSTAR:
+     case OP_MINSTARI:
+     case OP_MINUPTO:
+     case OP_MINUPTOI:
+     case OP_NOTMINPLUS:
+     case OP_NOTMINPLUSI:
+     case OP_NOTMINQUERY:
+     case OP_NOTMINQUERYI:
+     case OP_NOTMINSTAR:
+     case OP_NOTMINSTARI:
+     case OP_NOTMINUPTO:
+     case OP_NOTMINUPTOI:
+     case OP_NOTPLUS:
+     case OP_NOTPLUSI:
+     case OP_NOTPOSPLUS:
+     case OP_NOTPOSPLUSI:
+     case OP_NOTPOSQUERY:
+     case OP_NOTPOSQUERYI:
+     case OP_NOTPOSSTAR:
+     case OP_NOTPOSSTARI:
+     case OP_NOTPOSUPTO:
+     case OP_NOTPOSUPTOI:
+     case OP_NOTQUERY:
+     case OP_NOTQUERYI:
+     case OP_NOTSTAR:
+     case OP_NOTSTARI:
+     case OP_NOTUPTO:
+     case OP_NOTUPTOI:
+     case OP_PLUS:
+     case OP_PLUSI:
+     case OP_POSPLUS:
+     case OP_POSPLUSI:
+     case OP_POSQUERY:
+     case OP_POSQUERYI:
+     case OP_POSSTAR:
+     case OP_POSSTARI:
+     case OP_POSUPTO:
+     case OP_POSUPTOI:
+     case OP_QUERY:
+     case OP_QUERYI:
+     case OP_REF:
+     case OP_REFI:
+     case OP_DNREF:
+     case OP_DNREFI:
+     case OP_SBRA:
+     case OP_SBRAPOS:
+     case OP_SCBRA:
+     case OP_SCBRAPOS:
+     case OP_SCOND:
+     case OP_SKIPZERO:
+     case OP_STAR:
+     case OP_STARI:
+     case OP_TYPEMINPLUS:
+     case OP_TYPEMINQUERY:
+     case OP_TYPEMINSTAR:
+     case OP_TYPEMINUPTO:
+     case OP_TYPEPLUS:
+     case OP_TYPEPOSPLUS:
+     case OP_TYPEPOSQUERY:
+     case OP_TYPEPOSSTAR:
+     case OP_TYPEPOSUPTO:
+     case OP_TYPEQUERY:
+     case OP_TYPESTAR:
+     case OP_TYPEUPTO:
+     case OP_UPTO:
+     case OP_UPTOI:
      return -1;
+     /* Catch unrecognized opcodes so that when new ones are added they
+     are not forgotten, as has happened in the past. */
+     default:
+     return -4;
      }
    }
  /* Control never gets here */
-Line 1726 
 for (;;)
+Line 2022 
 for (;;)
  /*************************************************
  *    Scan compiled regex for specific bracket    *
  *************************************************/
-Line 1739 
 length.
+Line 2034 
 length.
  Arguments:
    code        points to start of expression
-   utf8        TRUE in UTF-8 mode
+   utf         TRUE in UTF-8 / UTF-16 / UTF-32 mode
    number      the required bracket number or negative to find a lookbehind
  Returns:      pointer to the opcode for the bracket, or NULL if not found
  */
- const uschar *
+ const pcre_uchar *
- _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
+ PRIV(find_bracket)(const pcre_uchar *code, BOOL utf, int number)
  {
  for (;;)
    {
-   register int c = *code;
+   register pcre_uchar c = *code;
    if (c == OP_END) return NULL;
-Line 1764 
 for (;;)
+Line 2059 
 for (;;)
    else if (c == OP_REVERSE)
      {
-     if (number < 0) return (uschar *)code;
+     if (number < 0) return (pcre_uchar *)code;
-     code += _pcre_OP_lengths[c];
+     code += PRIV(OP_lengths)[c];
      }
    /* Handle capturing bracket */
-Line 1773 
 for (;;)
+Line 2068 
 for (;;)
    else if (c == OP_CBRA || c == OP_SCBRA ||
             c == OP_CBRAPOS || c == OP_SCBRAPOS)
      {
-     int n = GET2(code, 1+LINK_SIZE);
+     int n = (int)GET2(code, 1+LINK_SIZE);
-     if (n == number) return (uschar *)code;
+     if (n == number) return (pcre_uchar *)code;
-     code += _pcre_OP_lengths[c];
+     code += PRIV(OP_lengths)[c];
      }
    /* Otherwise, we can get the item's length from the table, except that for
-Line 1803 
 for (;;)
+Line 2098 
 for (;;)
        case OP_TYPEMINUPTO:
        case OP_TYPEEXACT:
        case OP_TYPEPOSUPTO:
-       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
+         code += 2;
        break;
        case OP_MARK:
        case OP_PRUNE_ARG:
        case OP_SKIP_ARG:
-       code += code[1];
+       case OP_THEN_ARG:
-       break;
-       case OP_THEN_ARG:
        code += code[1];
        break;
        }
      /* Add in the fixed length from the table */
-     code += _pcre_OP_lengths[c];
+     code += PRIV(OP_lengths)[c];
    /* In UTF-8 mode, opcodes that are followed by a character may be followed by
    a multi-byte character. The length in the table is a minimum, so we have to
    arrange to skip the extra bytes. */
- #ifdef SUPPORT_UTF8
+ #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
-     if (utf8) switch(c)
+     if (utf) switch(c)
        {
        case OP_CHAR:
        case OP_CHARI:
-Line 1856 
 for (;;)
+Line 2149 
 for (;;)
        case OP_MINQUERYI:
        case OP_POSQUERY:
        case OP_POSQUERYI:
-       if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
+       if (HAS_EXTRALEN(code[-1])) code += GET_EXTRALEN(code[-1]);
        break;
        }
  #else
-     (void)(utf8);  /* Keep compiler happy by referencing function argument */
+     (void)(utf);  /* Keep compiler happy by referencing function argument */
  #endif
      }
    }
-Line 1877 
 instance of OP_RECURSE.
+Line 2170 
 instance of OP_RECURSE.
  Arguments:
    code        points to start of expression
-   utf8        TRUE in UTF-8 mode
+   utf         TRUE in UTF-8 / UTF-16 / UTF-32 mode
  Returns:      pointer to the opcode for OP_RECURSE, or NULL if not found
  */
- static const uschar *
+ static const pcre_uchar *
- find_recurse(const uschar *code, BOOL utf8)
+ find_recurse(const pcre_uchar *code, BOOL utf)
  {
  for (;;)
    {
-   register int c = *code;
+   register pcre_uchar c = *code;
    if (c == OP_END) return NULL;
    if (c == OP_RECURSE) return code;
-Line 1922 
 for (;;)
+Line 2215 
 for (;;)
        case OP_TYPEUPTO:
        case OP_TYPEMINUPTO:
        case OP_TYPEEXACT:
-       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
+         code += 2;
        break;
        case OP_MARK:
        case OP_PRUNE_ARG:
        case OP_SKIP_ARG:
-       code += code[1];
-       break;
        case OP_THEN_ARG:
        code += code[1];
        break;
-Line 1938 
 for (;;)
+Line 2229 
 for (;;)
      /* Add in the fixed length from the table */
-     code += _pcre_OP_lengths[c];
+     code += PRIV(OP_lengths)[c];
      /* In UTF-8 mode, opcodes that are followed by a character may be followed
      by a multi-byte character. The length in the table is a minimum, so we have
      to arrange to skip the extra bytes. */
- #ifdef SUPPORT_UTF8
+ #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
-     if (utf8) switch(c)
+     if (utf) switch(c)
        {
        case OP_CHAR:
        case OP_CHARI:
+       case OP_NOT:
+       case OP_NOTI:
        case OP_EXACT:
        case OP_EXACTI:
+       case OP_NOTEXACT:
+       case OP_NOTEXACTI:
        case OP_UPTO:
        case OP_UPTOI:
+       case OP_NOTUPTO:
+       case OP_NOTUPTOI:
        case OP_MINUPTO:
        case OP_MINUPTOI:
+       case OP_NOTMINUPTO:
+       case OP_NOTMINUPTOI:
        case OP_POSUPTO:
        case OP_POSUPTOI:
+       case OP_NOTPOSUPTO:
+       case OP_NOTPOSUPTOI:
        case OP_STAR:
        case OP_STARI:
+       case OP_NOTSTAR:
+       case OP_NOTSTARI:
        case OP_MINSTAR:
        case OP_MINSTARI:
+       case OP_NOTMINSTAR:
+       case OP_NOTMINSTARI:
        case OP_POSSTAR:
        case OP_POSSTARI:
+       case OP_NOTPOSSTAR:
+       case OP_NOTPOSSTARI:
        case OP_PLUS:
        case OP_PLUSI:
+       case OP_NOTPLUS:
+       case OP_NOTPLUSI:
        case OP_MINPLUS:
        case OP_MINPLUSI:
+       case OP_NOTMINPLUS:
+       case OP_NOTMINPLUSI:
        case OP_POSPLUS:
        case OP_POSPLUSI:
+       case OP_NOTPOSPLUS:
+       case OP_NOTPOSPLUSI:
        case OP_QUERY:
        case OP_QUERYI:
+       case OP_NOTQUERY:
+       case OP_NOTQUERYI:
        case OP_MINQUERY:
        case OP_MINQUERYI:
+       case OP_NOTMINQUERY:
+       case OP_NOTMINQUERYI:
        case OP_POSQUERY:
        case OP_POSQUERYI:
-       if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
+       case OP_NOTPOSQUERY:
+       case OP_NOTPOSQUERYI:
+       if (HAS_EXTRALEN(code[-1])) code += GET_EXTRALEN(code[-1]);
        break;
        }
  #else
-     (void)(utf8);  /* Keep compiler happy by referencing function argument */
+     (void)(utf);  /* Keep compiler happy by referencing function argument */
  #endif
      }
    }
-Line 2002 
 bracket whose current branch will alread
+Line 2321 
 bracket whose current branch will alread
  Arguments:
    code        points to start of search
    endcode     points to where to stop
-   utf8        TRUE if in UTF8 mode
+   utf         TRUE if in UTF-8 / UTF-16 / UTF-32 mode
    cd          contains pointers to tables etc.
+   recurses    chain of recurse_check to catch mutual recursion
  Returns:      TRUE if what is matched could be empty
  */
+ typedef struct recurse_check {
+   struct recurse_check *prev;
+   const pcre_uchar *group;
+ } recurse_check;
  static BOOL
- could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
+ could_be_empty_branch(const pcre_uchar *code, const pcre_uchar *endcode,
-   compile_data *cd)
+   BOOL utf, compile_data *cd, recurse_check *recurses)
  {
- register int c;
+ register pcre_uchar c;
- for (code = first_significant_code(code + _pcre_OP_lengths[*code], TRUE);
+ recurse_check this_recurse;
+ for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
       code < endcode;
-      code = first_significant_code(code + _pcre_OP_lengths[c], TRUE))
+      code = first_significant_code(code + PRIV(OP_lengths)[c], TRUE))
    {
-   const uschar *ccode;
+   const pcre_uchar *ccode;
    c = *code;
-Line 2040 
 for (code = first_significant_code(code
+Line 2367 
 for (code = first_significant_code(code
    if (c == OP_RECURSE)
      {
-     const uschar *scode;
+     const pcre_uchar *scode = cd->start_code + GET(code, 1);
      BOOL empty_branch;
-     /* Test for forward reference */
+     /* Test for forward reference or uncompleted reference. This is disabled
+     when called to scan a completed pattern by setting cd->start_workspace to
+     NULL. */
+     if (cd->start_workspace != NULL)
+       {
+       const pcre_uchar *tcode;
+       for (tcode = cd->start_workspace; tcode < cd->hwm; tcode += LINK_SIZE)
+         if ((int)GET(tcode, 0) == (int)(code + 1 - cd->start_code)) return TRUE;
+       if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
+       }
+     /* If we are scanning a completed pattern, there are no forward references
+     and all groups are complete. We need to detect whether this is a recursive
+     call, as otherwise there will be an infinite loop. If it is a recursion,
+     just skip over it. Simple recursions are easily detected. For mutual
+     recursions we keep a chain on the stack. */
-     for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
+     else
-       if (GET(scode, 0) == code + 1 - cd->start_code) return TRUE;
+       {
+       recurse_check *r = recurses;
+       const pcre_uchar *endgroup = scode;
-     /* Not a forward reference, test for completed backward reference */
+       do endgroup += GET(endgroup, 1); while (*endgroup == OP_ALT);
+       if (code >= scode && code <= endgroup) continue;  /* Simple recursion */
-     empty_branch = FALSE;
+       for (r = recurses; r != NULL; r = r->prev)
-     scode = cd->start_code + GET(code, 1);
+         if (r->group == scode) break;
-     if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
+       if (r != NULL) continue;   /* Mutual recursion */
+       }
+     /* Completed reference; scan the referenced group, remembering it on the
+     stack chain to detect mutual recursions. */
-     /* Completed backwards reference */
+     empty_branch = FALSE;
+     this_recurse.prev = recurses;
+     this_recurse.group = scode;
      do
        {
-       if (could_be_empty_branch(scode, endcode, utf8, cd))
+       if (could_be_empty_branch(scode, endcode, utf, cd, &this_recurse))
          {
          empty_branch = TRUE;
          break;
-Line 2076 
 for (code = first_significant_code(code
+Line 2428 
 for (code = first_significant_code(code
    if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
        c == OP_BRAPOSZERO)
      {
-     code += _pcre_OP_lengths[c];
+     code += PRIV(OP_lengths)[c];
      do code += GET(code, 1); while (*code == OP_ALT);
      c = *code;
      continue;
-Line 2114 
 for (code = first_significant_code(code
+Line 2466 
 for (code = first_significant_code(code
        empty_branch = FALSE;
        do
          {
-         if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
+         if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd, NULL))
            empty_branch = TRUE;
          code += GET(code, 1);
          }
-Line 2132 
 for (code = first_significant_code(code
+Line 2484 
 for (code = first_significant_code(code
      {
      /* Check for quantifiers after a class. XCLASS is used for classes that
      cannot be represented just by a bit map. This includes negated single
-     high-valued characters. The length in _pcre_OP_lengths[] is zero; the
+     high-valued characters. The length in PRIV(OP_lengths)[] is zero; the
      actual length is stored in the compiled code, so we must update "code"
      here. */
- #ifdef SUPPORT_UTF8
+ #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
      case OP_XCLASS:
      ccode = code += GET(code, 1);
      goto CHECK_CLASS_REPEAT;
-Line 2144 
 for (code = first_significant_code(code
+Line 2496 
 for (code = first_significant_code(code
      case OP_CLASS:
      case OP_NCLASS:
-     ccode = code + 33;
+     ccode = code + PRIV(OP_lengths)[OP_CLASS];
- #ifdef SUPPORT_UTF8
+ #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
      CHECK_CLASS_REPEAT:
  #endif
-Line 2156 
 for (code = first_significant_code(code
+Line 2508 
 for (code = first_significant_code(code
        case OP_CRMINSTAR:
        case OP_CRQUERY:
        case OP_CRMINQUERY:
+       case OP_CRPOSSTAR:
+       case OP_CRPOSQUERY:
        break;
        default:                   /* Non-repeat => class must match */
        case OP_CRPLUS:            /* These repeats aren't empty */
        case OP_CRMINPLUS:
+       case OP_CRPOSPLUS:
        return FALSE;
        case OP_CRRANGE:
        case OP_CRMINRANGE:
-       if (GET2(ccode, 1) > 0) return FALSE;  /* Minimum > 0 */
+       case OP_CRPOSRANGE:
-       break;
+       if (GET2(ccode, 1) > 0) return FALSE;  /* Minimum > 0 */
-       }
+       break;
-     break;
+       }
+     break;
+     /* Opcodes that must match a character */
+     case OP_ANY:
+     case OP_ALLANY:
+     case OP_ANYBYTE:
+     case OP_PROP:
+     case OP_NOTPROP:
+     case OP_ANYNL:
+     case OP_NOT_HSPACE:
+     case OP_HSPACE:
+     case OP_NOT_VSPACE:
+     case OP_VSPACE:
+     case OP_EXTUNI:
+     case OP_NOT_DIGIT:
+     case OP_DIGIT:
+     case OP_NOT_WHITESPACE:
+     case OP_WHITESPACE:
+     case OP_NOT_WORDCHAR:
+     case OP_WORDCHAR:
+     case OP_CHAR:
+     case OP_CHARI:
+     case OP_NOT:
+     case OP_NOTI:
+     case OP_PLUS:
+     case OP_PLUSI:
+     case OP_MINPLUS:
+     case OP_MINPLUSI:
+     case OP_NOTPLUS:
+     case OP_NOTPLUSI:
+     case OP_NOTMINPLUS:
+     case OP_NOTMINPLUSI:
+     case OP_POSPLUS:
+     case OP_POSPLUSI:
+     case OP_NOTPOSPLUS:
+     case OP_NOTPOSPLUSI:
+     case OP_EXACT:
+     case OP_EXACTI:
+     case OP_NOTEXACT:
+     case OP_NOTEXACTI:
+     case OP_TYPEPLUS:
+     case OP_TYPEMINPLUS:
+     case OP_TYPEPOSPLUS:
+     case OP_TYPEEXACT:
+     return FALSE;
+     /* These are going to continue, as they may be empty, but we have to
+     fudge the length for the \p and \P cases. */
+     case OP_TYPESTAR:
+     case OP_TYPEMINSTAR:
+     case OP_TYPEPOSSTAR:
+     case OP_TYPEQUERY:
+     case OP_TYPEMINQUERY:
+     case OP_TYPEPOSQUERY:
+     if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+     break;
+     /* Same for these */
+     case OP_TYPEUPTO:
+     case OP_TYPEMINUPTO:
+     case OP_TYPEPOSUPTO:
+     if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
+       code += 2;
+     break;
+     /* End of branch */
+     case OP_KET:
+     case OP_KETRMAX:
+     case OP_KETRMIN:
+     case OP_KETRPOS:
+     case OP_ALT:
+     return TRUE;
+     /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
+     MINUPTO, and POSUPTO and their caseless and negative versions may be
+     followed by a multibyte character. */
+ #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
+     case OP_STAR:
+     case OP_STARI:
+     case OP_NOTSTAR:
+     case OP_NOTSTARI:
+     case OP_MINSTAR:
+     case OP_MINSTARI:
+     case OP_NOTMINSTAR:
+     case OP_NOTMINSTARI:
+     case OP_POSSTAR:
+     case OP_POSSTARI:
+     case OP_NOTPOSSTAR:
+     case OP_NOTPOSSTARI:
+     case OP_QUERY:
+     case OP_QUERYI:
+     case OP_NOTQUERY:
+     case OP_NOTQUERYI:
+     case OP_MINQUERY:
+     case OP_MINQUERYI:
+     case OP_NOTMINQUERY:
+     case OP_NOTMINQUERYI:
+     case OP_POSQUERY:
+     case OP_POSQUERYI:
+     case OP_NOTPOSQUERY:
+     case OP_NOTPOSQUERYI:
+     if (utf && HAS_EXTRALEN(code[1])) code += GET_EXTRALEN(code[1]);
+     break;
+     case OP_UPTO:
+     case OP_UPTOI:
+     case OP_NOTUPTO:
+     case OP_NOTUPTOI:
+     case OP_MINUPTO:
+     case OP_MINUPTOI:
+     case OP_NOTMINUPTO:
+     case OP_NOTMINUPTOI:
+     case OP_POSUPTO:
+     case OP_POSUPTOI:
+     case OP_NOTPOSUPTO:
+     case OP_NOTPOSUPTOI:
+     if (utf && HAS_EXTRALEN(code[1 + IMM2_SIZE])) code += GET_EXTRALEN(code[1 + IMM2_SIZE]);
+     break;
+ #endif
+     /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
+     string. */
+     case OP_MARK:
+     case OP_PRUNE_ARG:
+     case OP_SKIP_ARG:
+     case OP_THEN_ARG:
+     code += code[1];
+     break;
+     /* None of the remaining opcodes are required to match a character. */
+     default:
+     break;
+     }
+   }
+ return TRUE;
+ }
+ /*************************************************
+ *    Scan compiled regex for non-emptiness       *
+ *************************************************/
+ /* This function is called to check for left recursive calls. We want to check
+ the current branch of the current pattern to see if it could match the empty
+ string. If it could, we must look outwards for branches at other levels,
+ stopping when we pass beyond the bracket which is the subject of the recursion.
+ This function is called only during the real compile, not during the
+ pre-compile.
+ Arguments:
+   code        points to start of the recursion
+   endcode     points to where to stop (current RECURSE item)
+   bcptr       points to the chain of current (unclosed) branch starts
+   utf         TRUE if in UTF-8 / UTF-16 / UTF-32 mode
+   cd          pointers to tables etc
+ Returns:      TRUE if what is matched could be empty
+ */
+ static BOOL
+ could_be_empty(const pcre_uchar *code, const pcre_uchar *endcode,
+   branch_chain *bcptr, BOOL utf, compile_data *cd)
+ {
+ while (bcptr != NULL && bcptr->current_branch >= code)
+   {
+   if (!could_be_empty_branch(bcptr->current_branch, endcode, utf, cd, NULL))
+     return FALSE;
+   bcptr = bcptr->outer;
+   }
+ return TRUE;
+ }
+ /*************************************************
+ *        Base opcode of repeated opcodes         *
+ *************************************************/
+ /* Returns the base opcode for repeated single character type opcodes. If the
+ opcode is not a repeated character type, it returns with the original value.
+ Arguments:  c opcode
+ Returns:    base opcode for the type
+ */
+ static pcre_uchar
+ get_repeat_base(pcre_uchar c)
+ {
+ return (c > OP_TYPEPOSUPTO)? c :
+        (c >= OP_TYPESTAR)?   OP_TYPESTAR :
+        (c >= OP_NOTSTARI)?   OP_NOTSTARI :
+        (c >= OP_NOTSTAR)?    OP_NOTSTAR :
+        (c >= OP_STARI)?      OP_STARI :
+                              OP_STAR;
+ }
+ #ifdef SUPPORT_UCP
+ /*************************************************
+ *        Check a character and a property        *
+ *************************************************/
+ /* This function is called by check_auto_possessive() when a property item
+ is adjacent to a fixed character.
+ Arguments:
+   c            the character
+   ptype        the property type
+   pdata        the data for the type
+   negated      TRUE if it's a negated property (\P or \p{^)
+ Returns:       TRUE if auto-possessifying is OK
+ */
+ static BOOL
+ check_char_prop(pcre_uint32 c, unsigned int ptype, unsigned int pdata,
+   BOOL negated)
+ {
+ const pcre_uint32 *p;
+ const ucd_record *prop = GET_UCD(c);
+ switch(ptype)
+   {
+   case PT_LAMP:
+   return (prop->chartype == ucp_Lu ||
+           prop->chartype == ucp_Ll ||
+           prop->chartype == ucp_Lt) == negated;
+   case PT_GC:
+   return (pdata == PRIV(ucp_gentype)[prop->chartype]) == negated;
+   case PT_PC:
+   return (pdata == prop->chartype) == negated;
+   case PT_SC:
+   return (pdata == prop->script) == negated;
+   /* These are specials */
+   case PT_ALNUM:
+   return (PRIV(ucp_gentype)[prop->chartype] == ucp_L ||
+           PRIV(ucp_gentype)[prop->chartype] == ucp_N) == negated;
+   /* Perl space used to exclude VT, but from Perl 5.18 it is included, which
+   means that Perl space and POSIX space are now identical. PCRE was changed
+   at release 8.34. */
+   case PT_SPACE:    /* Perl space */
+   case PT_PXSPACE:  /* POSIX space */
+   switch(c)
+     {
+     HSPACE_CASES:
+     VSPACE_CASES:
+     return negated;
+     default:
+     return (PRIV(ucp_gentype)[prop->chartype] == ucp_Z) == negated;
+     }
+   break;  /* Control never reaches here */
+   case PT_WORD:
+   return (PRIV(ucp_gentype)[prop->chartype] == ucp_L ||
+           PRIV(ucp_gentype)[prop->chartype] == ucp_N ||
+           c == CHAR_UNDERSCORE) == negated;
+   case PT_CLIST:
+   p = PRIV(ucd_caseless_sets) + prop->caseset;
+   for (;;)
+     {
+     if (c < *p) return !negated;
+     if (c == *p++) return negated;
+     }
+   break;  /* Control never reaches here */
+   }
+ return FALSE;
+ }
+ #endif  /* SUPPORT_UCP */
+ /*************************************************
+ *        Fill the character property list        *
+ *************************************************/
+ /* Checks whether the code points to an opcode that can take part in auto-
+ possessification, and if so, fills a list with its properties.
+ Arguments:
+   code        points to start of expression
+   utf         TRUE if in UTF-8 / UTF-16 / UTF-32 mode
+   fcc         points to case-flipping table
+   list        points to output list
+               list[0] will be filled with the opcode
+               list[1] will be non-zero if this opcode
+                 can match an empty character string
+               list[2..7] depends on the opcode
+ Returns:      points to the start of the next opcode if *code is accepted
+               NULL if *code is not accepted
+ */
+ static const pcre_uchar *
+ get_chr_property_list(const pcre_uchar *code, BOOL utf,
+   const pcre_uint8 *fcc, pcre_uint32 *list)
+ {
+ pcre_uchar c = *code;
+ pcre_uchar base;
+ const pcre_uchar *end;
+ pcre_uint32 chr;
+ #ifdef SUPPORT_UCP
+ pcre_uint32 *clist_dest;
+ const pcre_uint32 *clist_src;
+ #else
+ utf = utf;  /* Suppress "unused parameter" compiler warning */
+ #endif
+ list[0] = c;
+ list[1] = FALSE;
+ code++;
+ if (c >= OP_STAR && c <= OP_TYPEPOSUPTO)
+   {
+   base = get_repeat_base(c);
+   c -= (base - OP_STAR);
+   if (c == OP_UPTO || c == OP_MINUPTO || c == OP_EXACT || c == OP_POSUPTO)
+     code += IMM2_SIZE;
+   list[1] = (c != OP_PLUS && c != OP_MINPLUS && c != OP_EXACT && c != OP_POSPLUS);
+   switch(base)
+     {
+     case OP_STAR:
+     list[0] = OP_CHAR;
+     break;
+     case OP_STARI:
+     list[0] = OP_CHARI;
+     break;
+     case OP_NOTSTAR:
+     list[0] = OP_NOT;
+     break;
+     case OP_NOTSTARI:
+     list[0] = OP_NOTI;
+     break;
+     case OP_TYPESTAR:
+     list[0] = *code;
+     code++;
+     break;
+     }
+   c = list[0];
+   }
+ switch(c)
+   {
+   case OP_NOT_DIGIT:
+   case OP_DIGIT:
+   case OP_NOT_WHITESPACE:
+   case OP_WHITESPACE:
+   case OP_NOT_WORDCHAR:
+   case OP_WORDCHAR:
+   case OP_ANY:
+   case OP_ALLANY:
+   case OP_ANYNL:
+   case OP_NOT_HSPACE:
+   case OP_HSPACE:
+   case OP_NOT_VSPACE:
+   case OP_VSPACE:
+   case OP_EXTUNI:
+   case OP_EODN:
+   case OP_EOD:
+   case OP_DOLL:
+   case OP_DOLLM:
+   return code;
+   case OP_CHAR:
+   case OP_NOT:
+   GETCHARINCTEST(chr, code);
+   list[2] = chr;
+   list[3] = NOTACHAR;
+   return code;
+   case OP_CHARI:
+   case OP_NOTI:
+   list[0] = (c == OP_CHARI) ? OP_CHAR : OP_NOT;
+   GETCHARINCTEST(chr, code);
+   list[2] = chr;
+ #ifdef SUPPORT_UCP
+   if (chr < 128 || (chr < 256 && !utf))
+     list[3] = fcc[chr];
+   else
+     list[3] = UCD_OTHERCASE(chr);
+ #elif defined SUPPORT_UTF || !defined COMPILE_PCRE8
+   list[3] = (chr < 256) ? fcc[chr] : chr;
+ #else
+   list[3] = fcc[chr];
+ #endif
+   /* The othercase might be the same value. */
+   if (chr == list[3])
+     list[3] = NOTACHAR;
+   else
+     list[4] = NOTACHAR;
+   return code;
+ #ifdef SUPPORT_UCP
+   case OP_PROP:
+   case OP_NOTPROP:
+   if (code[0] != PT_CLIST)
+     {
+     list[2] = code[0];
+     list[3] = code[1];
+     return code + 2;
+     }
+   /* Convert only if we have enough space. */
+   clist_src = PRIV(ucd_caseless_sets) + code[1];
+   clist_dest = list + 2;
+   code += 2;
+   do {
+      if (clist_dest >= list + 8)
+        {
+        /* Early return if there is not enough space. This should never
+        happen, since all clists are shorter than 5 character now. */
+        list[2] = code[0];
+        list[3] = code[1];
+        return code;
+        }
+      *clist_dest++ = *clist_src;
+      }
+   while(*clist_src++ != NOTACHAR);
+   /* All characters are stored. The terminating NOTACHAR
+   is copied form the clist itself. */
+   list[0] = (c == OP_PROP) ? OP_CHAR : OP_NOT;
+   return code;
+ #endif
+   case OP_NCLASS:
+   case OP_CLASS:
+ #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
+   case OP_XCLASS:
+   if (c == OP_XCLASS)
+     end = code + GET(code, 0) - 1;
+   else
+ #endif
+     end = code + 32 / sizeof(pcre_uchar);
+   switch(*end)
+     {
+     case OP_CRSTAR:
+     case OP_CRMINSTAR:
+     case OP_CRQUERY:
+     case OP_CRMINQUERY:
+     case OP_CRPOSSTAR:
+     case OP_CRPOSQUERY:
+     list[1] = TRUE;
+     end++;
+     break;
+     case OP_CRPLUS:
+     case OP_CRMINPLUS:
+     case OP_CRPOSPLUS:
+     end++;
+     break;
+     case OP_CRRANGE:
+     case OP_CRMINRANGE:
+     case OP_CRPOSRANGE:
+     list[1] = (GET2(end, 1) == 0);
+     end += 1 + 2 * IMM2_SIZE;
+     break;
+     }
+   list[2] = end - code;
+   return end;
+   }
+ return NULL;    /* Opcode not accepted */
+ }
+ /*************************************************
+ *    Scan further character sets for match       *
+ *************************************************/
+ /* Checks whether the base and the current opcode have a common character, in
+ which case the base cannot be possessified.
+ Arguments:
+   code        points to the byte code
+   utf         TRUE in UTF-8 / UTF-16 / UTF-32 mode
+   cd          static compile data
+   base_list   the data list of the base opcode
+ Returns:      TRUE if the auto-possessification is possible
+ */
+ static BOOL
+ compare_opcodes(const pcre_uchar *code, BOOL utf, const compile_data *cd,
+   const pcre_uint32 *base_list, const pcre_uchar *base_end)
+ {
+ pcre_uchar c;
+ pcre_uint32 list[8];
+ const pcre_uint32 *chr_ptr;
+ const pcre_uint32 *ochr_ptr;
+ const pcre_uint32 *list_ptr;
+ const pcre_uchar *next_code;
+ const pcre_uint8 *class_bitset;
+ const pcre_uint32 *set1, *set2, *set_end;
+ pcre_uint32 chr;
+ BOOL accepted, invert_bits;
+ /* Note: the base_list[1] contains whether the current opcode has greedy
+ (represented by a non-zero value) quantifier. This is a different from
+ other character type lists, which stores here that the character iterator
+ matches to an empty string (also represented by a non-zero value). */
+ for(;;)
+   {
+   /* All operations move the code pointer forward.
+   Therefore infinite recursions are not possible. */
+   c = *code;
+   /* Skip over callouts */
+   if (c == OP_CALLOUT)
+     {
+     code += PRIV(OP_lengths)[c];
+     continue;
+     }
+   if (c == OP_ALT)
+     {
+     do code += GET(code, 1); while (*code == OP_ALT);
+     c = *code;
+     }
+   switch(c)
+     {
+     case OP_END:
+     case OP_KETRPOS:
+     /* TRUE only in greedy case. The non-greedy case could be replaced by
+     an OP_EXACT, but it is probably not worth it. (And note that OP_EXACT
+     uses more memory, which we cannot get at this stage.) */
+     return base_list[1] != 0;
+     case OP_KET:
+     /* If the bracket is capturing, and referenced by an OP_RECURSE, or
+     it is an atomic sub-pattern (assert, once, etc.) the non-greedy case
+     cannot be converted to a possessive form. */
+     if (base_list[1] == 0) return FALSE;
+     switch(*(code - GET(code, 1)))
+       {
+       case OP_ASSERT:
+       case OP_ASSERT_NOT:
+       case OP_ASSERTBACK:
+       case OP_ASSERTBACK_NOT:
+       case OP_ONCE:
+       case OP_ONCE_NC:
+       /* Atomic sub-patterns and assertions can always auto-possessify their
+       last iterator. */
+       return TRUE;
+       }
+     code += PRIV(OP_lengths)[c];
+     continue;
+     case OP_ONCE:
+     case OP_ONCE_NC:
+     case OP_BRA:
+     case OP_CBRA:
+     next_code = code + GET(code, 1);
+     code += PRIV(OP_lengths)[c];
+     while (*next_code == OP_ALT)
+       {
+       if (!compare_opcodes(code, utf, cd, base_list, base_end)) return FALSE;
+       code = next_code + 1 + LINK_SIZE;
+       next_code += GET(next_code, 1);
+       }
+     continue;
+     case OP_BRAZERO:
+     case OP_BRAMINZERO:
+     next_code = code + 1;
+     if (*next_code != OP_BRA && *next_code != OP_CBRA
+         && *next_code != OP_ONCE && *next_code != OP_ONCE_NC) return FALSE;
+     do next_code += GET(next_code, 1); while (*next_code == OP_ALT);
+     /* The bracket content will be checked by the
+     OP_BRA/OP_CBRA case above. */
+     next_code += 1 + LINK_SIZE;
+     if (!compare_opcodes(next_code, utf, cd, base_list, base_end))
+       return FALSE;
+     code += PRIV(OP_lengths)[c];
+     continue;
+     }
+   /* Check for a supported opcode, and load its properties. */
+   code = get_chr_property_list(code, utf, cd->fcc, list);
+   if (code == NULL) return FALSE;    /* Unsupported */
+   /* If either opcode is a small character list, set pointers for comparing
+   characters from that list with another list, or with a property. */
+   if (base_list[0] == OP_CHAR)
+     {
+     chr_ptr = base_list + 2;
+     list_ptr = list;
+     }
+   else if (list[0] == OP_CHAR)
+     {
+     chr_ptr = list + 2;
+     list_ptr = base_list;
+     }
+   /* Character bitsets can also be compared to certain opcodes. */
+   else if (base_list[0] == OP_CLASS || list[0] == OP_CLASS
+ #ifdef COMPILE_PCRE8
+       /* In 8 bit, non-UTF mode, OP_CLASS and OP_NCLASS are the same. */
+       || (!utf && (base_list[0] == OP_NCLASS || list[0] == OP_NCLASS))
+ #endif
+       )
+     {
+ #ifdef COMPILE_PCRE8
+     if (base_list[0] == OP_CLASS || (!utf && base_list[0] == OP_NCLASS))
+ #else
+     if (base_list[0] == OP_CLASS)
+ #endif
+       {
+       set1 = (pcre_uint32 *)(base_end - base_list[2]);
+       list_ptr = list;
+       }
+     else
+       {
+       set1 = (pcre_uint32 *)(code - list[2]);
+       list_ptr = base_list;
+       }
+     invert_bits = FALSE;
+     switch(list_ptr[0])
+       {
+       case OP_CLASS:
+       case OP_NCLASS:
+       set2 = (pcre_uint32 *)
+         ((list_ptr == list ? code : base_end) - list_ptr[2]);
+       break;
+       /* OP_XCLASS cannot be supported here, because its bitset
+       is not necessarily complete. E.g: [a-\0x{200}] is stored
+       as a character range, and the appropriate bits are not set. */
+       case OP_NOT_DIGIT:
+         invert_bits = TRUE;
+         /* Fall through */
+       case OP_DIGIT:
+         set2 = (pcre_uint32 *)(cd->cbits + cbit_digit);
+         break;
+       case OP_NOT_WHITESPACE:
+         invert_bits = TRUE;
+         /* Fall through */
+       case OP_WHITESPACE:
+         set2 = (pcre_uint32 *)(cd->cbits + cbit_space);
+         break;
+       case OP_NOT_WORDCHAR:
+         invert_bits = TRUE;
+         /* Fall through */
+       case OP_WORDCHAR:
+         set2 = (pcre_uint32 *)(cd->cbits + cbit_word);
+         break;
+       default:
+       return FALSE;
+       }
+     /* Compare 4 bytes to improve speed. */
+     set_end = set1 + (32 / 4);
+     if (invert_bits)
+       {
+       do
+         {
+         if ((*set1++ & ~(*set2++)) != 0) return FALSE;
+         }
+       while (set1 < set_end);
+       }
+     else
+       {
+       do
+         {
+         if ((*set1++ & *set2++) != 0) return FALSE;
+         }
+       while (set1 < set_end);
+       }
+     if (list[1] == 0) return TRUE;
+     /* Might be an empty repeat. */
+     continue;
+     }
+   /* Some property combinations also acceptable. Unicode property opcodes are
+   processed specially; the rest can be handled with a lookup table. */
+   else
+     {
+     pcre_uint32 leftop, rightop;
+     leftop = base_list[0];
+     rightop = list[0];
+ #ifdef SUPPORT_UCP
+     accepted = FALSE; /* Always set in non-unicode case. */
+     if (leftop == OP_PROP || leftop == OP_NOTPROP)
+       {
+       if (rightop == OP_EOD)
+         accepted = TRUE;
+       else if (rightop == OP_PROP || rightop == OP_NOTPROP)
+         {
+         int n;
+         const pcre_uint8 *p;
+         BOOL same = leftop == rightop;
+         BOOL lisprop = leftop == OP_PROP;
+         BOOL risprop = rightop == OP_PROP;
+         BOOL bothprop = lisprop && risprop;
+         /* There's a table that specifies how each combination is to be
+         processed:
+  Always return FALSE (never auto-possessify)
+  Character groups are distinct (possessify if both are OP_PROP)
+  Check character categories in the same group (general or particular)
+  Return TRUE if the two opcodes are not the same
+           ... see comments below
+         */
+         n = propposstab[base_list[2]][list[2]];
+         switch(n)
+           {
+           case 0: break;
+           case 1: accepted = bothprop; break;
+           case 2: accepted = (base_list[3] == list[3]) != same; break;
+           case 3: accepted = !same; break;
+           case 4:  /* Left general category, right particular category */
+           accepted = risprop && catposstab[base_list[3]][list[3]] == same;
+           break;
+           case 5:  /* Right general category, left particular category */
+           accepted = lisprop && catposstab[list[3]][base_list[3]] == same;
+           break;
+           /* This code is logically tricky. Think hard before fiddling with it.
+           The posspropstab table has four entries per row. Each row relates to
+           one of PCRE's special properties such as ALNUM or SPACE or WORD.
+           Only WORD actually needs all four entries, but using repeats for the
+           others means they can all use the same code below.
+           The first two entries in each row are Unicode general categories, and
+           apply always, because all the characters they include are part of the
+           PCRE character set. The third and fourth entries are a general and a
+           particular category, respectively, that include one or more relevant
+           characters. One or the other is used, depending on whether the check
+           is for a general or a particular category. However, in both cases the
+           category contains more characters than the specials that are defined
+           for the property being tested against. Therefore, it cannot be used
+           in a NOTPROP case.
+           Example: the row for WORD contains ucp_L, ucp_N, ucp_P, ucp_Po.
+           Underscore is covered by ucp_P or ucp_Po. */
+           case 6:  /* Left alphanum vs right general category */
+           case 7:  /* Left space vs right general category */
+           case 8:  /* Left word vs right general category */
+           p = posspropstab[n-6];
+           accepted = risprop && lisprop ==
+             (list[3] != p[0] &&
+              list[3] != p[1] &&
+             (list[3] != p[2] || !lisprop));
+           break;
+           case 9:   /* Right alphanum vs left general category */
+           case 10:  /* Right space vs left general category */
+           case 11:  /* Right word vs left general category */
+           p = posspropstab[n-9];
+           accepted = lisprop && risprop ==
+             (base_list[3] != p[0] &&
+              base_list[3] != p[1] &&
+             (base_list[3] != p[2] || !risprop));
+           break;
+           case 12:  /* Left alphanum vs right particular category */
+           case 13:  /* Left space vs right particular category */
+           case 14:  /* Left word vs right particular category */
+           p = posspropstab[n-12];
+           accepted = risprop && lisprop ==
+             (catposstab[p[0]][list[3]] &&
+              catposstab[p[1]][list[3]] &&
+             (list[3] != p[3] || !lisprop));
+           break;
+           case 15:  /* Right alphanum vs left particular category */
+           case 16:  /* Right space vs left particular category */
+           case 17:  /* Right word vs left particular category */
+           p = posspropstab[n-15];
+           accepted = lisprop && risprop ==
+             (catposstab[p[0]][base_list[3]] &&
+              catposstab[p[1]][base_list[3]] &&
+             (base_list[3] != p[3] || !risprop));
+           break;
+           }
+         }
+       }
+     else
+ #endif  /* SUPPORT_UCP */
+     accepted = leftop >= FIRST_AUTOTAB_OP && leftop <= LAST_AUTOTAB_LEFT_OP &&
+            rightop >= FIRST_AUTOTAB_OP && rightop <= LAST_AUTOTAB_RIGHT_OP &&
+            autoposstab[leftop - FIRST_AUTOTAB_OP][rightop - FIRST_AUTOTAB_OP];
+     if (!accepted)
+       return FALSE;
+     if (list[1] == 0) return TRUE;
+     /* Might be an empty repeat. */
+     continue;
+     }
+   /* Control reaches here only if one of the items is a small character list.
+   All characters are checked against the other side. */
+   do
+     {
+     chr = *chr_ptr;
+     switch(list_ptr[0])
+       {
+       case OP_CHAR:
+       ochr_ptr = list_ptr + 2;
+       do
+         {
+         if (chr == *ochr_ptr) return FALSE;
+         ochr_ptr++;
+         }
+       while(*ochr_ptr != NOTACHAR);
+       break;
+       case OP_NOT:
+       ochr_ptr = list_ptr + 2;
+       do
+         {
+         if (chr == *ochr_ptr)
+           break;
+         ochr_ptr++;
+         }
+       while(*ochr_ptr != NOTACHAR);
+       if (*ochr_ptr == NOTACHAR) return FALSE;   /* Not found */
+       break;
+       /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not*
+       set. When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
+       case OP_DIGIT:
+       if (chr < 256 && (cd->ctypes[chr] & ctype_digit) != 0) return FALSE;
+       break;
+       case OP_NOT_DIGIT:
+       if (chr > 255 || (cd->ctypes[chr] & ctype_digit) == 0) return FALSE;
+       break;
+       case OP_WHITESPACE:
+       if (chr < 256 && (cd->ctypes[chr] & ctype_space) != 0) return FALSE;
+       break;
+       case OP_NOT_WHITESPACE:
+       if (chr > 255 || (cd->ctypes[chr] & ctype_space) == 0) return FALSE;
+       break;
+       case OP_WORDCHAR:
+       if (chr < 255 && (cd->ctypes[chr] & ctype_word) != 0) return FALSE;
+       break;
+       case OP_NOT_WORDCHAR:
+       if (chr > 255 || (cd->ctypes[chr] & ctype_word) == 0) return FALSE;
+       break;
+       case OP_HSPACE:
+       switch(chr)
+         {
+         HSPACE_CASES: return FALSE;
+         default: break;
+         }
+       break;
+       case OP_NOT_HSPACE:
+       switch(chr)
+         {
+         HSPACE_CASES: break;
+         default: return FALSE;
+         }
+       break;
+       case OP_ANYNL:
+       case OP_VSPACE:
+       switch(chr)
+         {
+         VSPACE_CASES: return FALSE;
+         default: break;
+         }
+       break;
+       case OP_NOT_VSPACE:
+       switch(chr)
+         {
+         VSPACE_CASES: break;
+         default: return FALSE;
+         }
+       break;
+       case OP_DOLL:
+       case OP_EODN:
+       switch (chr)
+         {
+         case CHAR_CR:
+         case CHAR_LF:
+         case CHAR_VT:
+         case CHAR_FF:
+         case CHAR_NEL:
+ #ifndef EBCDIC
+         case 0x2028:
+         case 0x2029:
+ #endif  /* Not EBCDIC */
+         return FALSE;
+         }
+       break;
+       case OP_EOD:    /* Can always possessify before \z */
+       break;
+ #ifdef SUPPORT_UCP
+       case OP_PROP:
+       case OP_NOTPROP:
+       if (!check_char_prop(chr, list_ptr[2], list_ptr[3],
+             list_ptr[0] == OP_NOTPROP))
+         return FALSE;
+       break;
+ #endif
+       case OP_NCLASS:
+       if (chr > 255) return FALSE;
+       /* Fall through */
+       case OP_CLASS:
+       if (chr > 255) break;
+       class_bitset = (pcre_uint8 *)
+         ((list_ptr == list ? code : base_end) - list_ptr[2]);
+       if ((class_bitset[chr >> 3] & (1 << (chr & 7))) != 0) return FALSE;
+       break;
+ #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
+       case OP_XCLASS:
+       if (PRIV(xclass)(chr, (list_ptr == list ? code : base_end) -
+           list_ptr[2] + LINK_SIZE, utf)) return FALSE;
+       break;
+ #endif
+       default:
+       return FALSE;
+       }
+     chr_ptr++;
+     }
+   while(*chr_ptr != NOTACHAR);
+   /* At least one character must be matched from this opcode. */
+   if (list[1] == 0) return TRUE;
+   }
+ return FALSE;
+ }
+ /*************************************************
+ *    Scan compiled regex for auto-possession     *
+ *************************************************/
+ /* Replaces single character iterations with their possessive alternatives
+ if appropriate. This function modifies the compiled opcode!
+ Arguments:
+   code        points to start of the byte code
+   utf         TRUE in UTF-8 / UTF-16 / UTF-32 mode
+   cd          static compile data
+ Returns:      nothing
+ */
+ static void
+ auto_possessify(pcre_uchar *code, BOOL utf, const compile_data *cd)
+ {
+ register pcre_uchar c;
+ const pcre_uchar *end;
+ pcre_uchar *repeat_opcode;
+ pcre_uint32 list[8];
+ for (;;)
+   {
+   c = *code;
+   if (c >= OP_STAR && c <= OP_TYPEPOSUPTO)
+     {
+     c -= get_repeat_base(c) - OP_STAR;
+     end = (c <= OP_MINUPTO) ?
+       get_chr_property_list(code, utf, cd->fcc, list) : NULL;
+     list[1] = c == OP_STAR || c == OP_PLUS || c == OP_QUERY || c == OP_UPTO;
+     if (end != NULL && compare_opcodes(end, utf, cd, list, end))
+       {
+       switch(c)
+         {
+         case OP_STAR:
+         *code += OP_POSSTAR - OP_STAR;
+         break;
+         case OP_MINSTAR:
+         *code += OP_POSSTAR - OP_MINSTAR;
+         break;
+         case OP_PLUS:
+         *code += OP_POSPLUS - OP_PLUS;
+         break;
+         case OP_MINPLUS:
+         *code += OP_POSPLUS - OP_MINPLUS;
+         break;
+         case OP_QUERY:
+         *code += OP_POSQUERY - OP_QUERY;
+         break;
+         case OP_MINQUERY:
+         *code += OP_POSQUERY - OP_MINQUERY;
+         break;
+         case OP_UPTO:
+         *code += OP_POSUPTO - OP_UPTO;
+         break;
+         case OP_MINUPTO:
+         *code += OP_MINUPTO - OP_UPTO;
+         break;
+         }
+       }
+     c = *code;
+     }
+   else if (c == OP_CLASS || c == OP_NCLASS || c == OP_XCLASS)
+     {
+ #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
+     if (c == OP_XCLASS)
+       repeat_opcode = code + GET(code, 1);
+     else
+ #endif
+       repeat_opcode = code + 1 + (32 / sizeof(pcre_uchar));
+     c = *repeat_opcode;
+     if (c >= OP_CRSTAR && c <= OP_CRMINRANGE)
+       {
+       /* end must not be NULL. */
+       end = get_chr_property_list(code, utf, cd->fcc, list);
+       list[1] = (c & 1) == 0;
-     /* Opcodes that must match a character */
+       if (compare_opcodes(end, utf, cd, list, end))
+         {
+         switch (c)
+           {
+           case OP_CRSTAR:
+           case OP_CRMINSTAR:
+           *repeat_opcode = OP_CRPOSSTAR;
+           break;
-     case OP_PROP:
+           case OP_CRPLUS:
-     case OP_NOTPROP:
+           case OP_CRMINPLUS:
-     case OP_EXTUNI:
+           *repeat_opcode = OP_CRPOSPLUS;
-     case OP_NOT_DIGIT:
+           break;
-     case OP_DIGIT:
-     case OP_NOT_WHITESPACE:
-     case OP_WHITESPACE:
-     case OP_NOT_WORDCHAR:
-     case OP_WORDCHAR:
-     case OP_ANY:
-     case OP_ALLANY:
-     case OP_ANYBYTE:
-     case OP_CHAR:
-     case OP_CHARI:
-     case OP_NOT:
-     case OP_NOTI:
-     case OP_PLUS:
-     case OP_MINPLUS:
-     case OP_POSPLUS:
-     case OP_EXACT:
-     case OP_NOTPLUS:
-     case OP_NOTMINPLUS:
-     case OP_NOTPOSPLUS:
-     case OP_NOTEXACT:
-     case OP_TYPEPLUS:
-     case OP_TYPEMINPLUS:
-     case OP_TYPEPOSPLUS:
-     case OP_TYPEEXACT:
-     return FALSE;
-     /* These are going to continue, as they may be empty, but we have to
+           case OP_CRQUERY:
-     fudge the length for the \p and \P cases. */
+           case OP_CRMINQUERY:
+           *repeat_opcode = OP_CRPOSQUERY;
+           break;
+           case OP_CRRANGE:
+           case OP_CRMINRANGE:
+           *repeat_opcode = OP_CRPOSRANGE;
+           break;
+           }
+         }