/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Diff of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 81 by nigel, Sat Feb 24 21:40:59 2007 UTC revision 773 by ph10, Wed Nov 30 18:10:27 2011 UTC
# Line 6  Line 6 
6  and semantics are as close as possible to those of the Perl 5 language.  and semantics are as close as possible to those of the Perl 5 language.
7    
8                         Written by Philip Hazel                         Written by Philip Hazel
9             Copyright (c) 1997-2005 University of Cambridge             Copyright (c) 1997-2011 University of Cambridge
10    
11  -----------------------------------------------------------------------------  -----------------------------------------------------------------------------
12  Redistribution and use in source and binary forms, with or without  Redistribution and use in source and binary forms, with or without
# Line 42  POSSIBILITY OF SUCH DAMAGE. Line 42  POSSIBILITY OF SUCH DAMAGE.
42  supporting internal functions that are not used by other modules. */  supporting internal functions that are not used by other modules. */
43    
44    
45    #ifdef HAVE_CONFIG_H
46    #include "config.h"
47    #endif
48    
49    #define NLBLOCK cd             /* Block containing newline information */
50    #define PSSTART start_pattern  /* Field containing processed string start */
51    #define PSEND   end_pattern    /* Field containing processed string end */
52    
53  #include "pcre_internal.h"  #include "pcre_internal.h"
54    
55    
56    /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
57    also used by pcretest. PCRE_DEBUG is not defined when building a production
58    library. */
59    
60    #ifdef PCRE_DEBUG
61    #include "pcre_printint.src"
62    #endif
63    
64    
65    /* Macro for setting individual bits in class bitmaps. */
66    
67    #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
68    
69    /* Maximum length value to check against when making sure that the integer that
70    holds the compiled pattern length does not overflow. We make it a bit less than
71    INT_MAX to allow for adding in group terminating bytes, so that we don't have
72    to check them every time. */
73    
74    #define OFLOW_MAX (INT_MAX - 20)
75    
76    
77  /*************************************************  /*************************************************
78  *      Code parameters and static tables         *  *      Code parameters and static tables         *
79  *************************************************/  *************************************************/
80    
81  /* Maximum number of items on the nested bracket stacks at compile time. This  /* This value specifies the size of stack workspace that is used during the
82  applies to the nesting of all kinds of parentheses. It does not limit  first pre-compile phase that determines how much memory is required. The regex
83  un-nested, non-capturing parentheses. This number can be made bigger if  is partly compiled into this space, but the compiled parts are discarded as
84  necessary - it is used to dimension one int and one unsigned char vector at  soon as they can be, so that hopefully there will never be an overrun. The code
85  compile time. */  does, however, check for an overrun. The largest amount I've seen used is 218,
86    so this number is very generous.
87    
88    The same workspace is used during the second, actual compile phase for
89    remembering forward references to groups so that they can be filled in at the
90    end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
91    is 4 there is plenty of room for most patterns. However, the memory can get
92    filled up by repetitions of forward references, for example patterns like
93    /(?1){0,1999}(b)/, and one user did hit the limit. The code has been changed so
94    that the workspace is expanded using malloc() in this situation. The value
95    below is therefore a minimum, and we put a maximum on it for safety. The
96    minimum is now also defined in terms of LINK_SIZE so that the use of malloc()
97    kicks in at the same number of forward references in all cases. */
98    
99  #define BRASTACK_SIZE 200  #define COMPILE_WORK_SIZE (2048*LINK_SIZE)
100    #define COMPILE_WORK_SIZE_MAX (100*COMPILE_WORK_SIZE)
101    
102    /* The overrun tests check for a slightly smaller size so that they detect the
103    overrun before it actually does run off the end of the data block. */
104    
105    #define WORK_SIZE_SAFETY_MARGIN (100)
106    
107    
108  /* Table for handling escaped characters in the range '0'-'z'. Positive returns  /* Table for handling escaped characters in the range '0'-'z'. Positive returns
# Line 63  are simple data values; negative values Line 110  are simple data values; negative values
110  on. Zero means further processing is needed (for things like \x), or the escape  on. Zero means further processing is needed (for things like \x), or the escape
111  is invalid. */  is invalid. */
112    
113  #if !EBCDIC   /* This is the "normal" table for ASCII systems */  #ifndef EBCDIC
114    
115    /* This is the "normal" table for ASCII systems or for EBCDIC systems running
116    in UTF-8 mode. */
117    
118  static const short int escapes[] = {  static const short int escapes[] = {
119       0,      0,      0,      0,      0,      0,      0,      0,   /* 0 - 7 */       0,                       0,
120       0,      0,    ':',    ';',    '<',    '=',    '>',    '?',   /* 8 - ? */       0,                       0,
121     '@', -ESC_A, -ESC_B, -ESC_C, -ESC_D, -ESC_E,      0, -ESC_G,   /* @ - G */       0,                       0,
122       0,      0,      0,      0,      0,      0,      0,      0,   /* H - O */       0,                       0,
123  -ESC_P, -ESC_Q,      0, -ESC_S,      0,      0,      0, -ESC_W,   /* P - W */       0,                       0,
124  -ESC_X,      0, -ESC_Z,    '[',   '\\',    ']',    '^',    '_',   /* X - _ */       CHAR_COLON,              CHAR_SEMICOLON,
125     '`',      7, -ESC_b,      0, -ESC_d,  ESC_e,  ESC_f,      0,   /* ` - g */       CHAR_LESS_THAN_SIGN,     CHAR_EQUALS_SIGN,
126       0,      0,      0,      0,      0,      0,  ESC_n,      0,   /* h - o */       CHAR_GREATER_THAN_SIGN,  CHAR_QUESTION_MARK,
127  -ESC_p,      0,  ESC_r, -ESC_s,  ESC_tee,    0,      0, -ESC_w,   /* p - w */       CHAR_COMMERCIAL_AT,      -ESC_A,
128       0,      0, -ESC_z                                            /* x - z */       -ESC_B,                  -ESC_C,
129         -ESC_D,                  -ESC_E,
130         0,                       -ESC_G,
131         -ESC_H,                  0,
132         0,                       -ESC_K,
133         0,                       0,
134         -ESC_N,                  0,
135         -ESC_P,                  -ESC_Q,
136         -ESC_R,                  -ESC_S,
137         0,                       0,
138         -ESC_V,                  -ESC_W,
139         -ESC_X,                  0,
140         -ESC_Z,                  CHAR_LEFT_SQUARE_BRACKET,
141         CHAR_BACKSLASH,          CHAR_RIGHT_SQUARE_BRACKET,
142         CHAR_CIRCUMFLEX_ACCENT,  CHAR_UNDERSCORE,
143         CHAR_GRAVE_ACCENT,       7,
144         -ESC_b,                  0,
145         -ESC_d,                  ESC_e,
146         ESC_f,                   0,
147         -ESC_h,                  0,
148         0,                       -ESC_k,
149         0,                       0,
150         ESC_n,                   0,
151         -ESC_p,                  0,
152         ESC_r,                   -ESC_s,
153         ESC_tee,                 0,
154         -ESC_v,                  -ESC_w,
155         0,                       0,
156         -ESC_z
157  };  };
158    
159  #else         /* This is the "abnormal" table for EBCDIC systems */  #else
160    
161    /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
162    
163  static const short int escapes[] = {  static const short int escapes[] = {
164  /*  48 */     0,     0,      0,     '.',    '<',   '(',    '+',    '|',  /*  48 */     0,     0,      0,     '.',    '<',   '(',    '+',    '|',
165  /*  50 */   '&',     0,      0,       0,      0,     0,      0,      0,  /*  50 */   '&',     0,      0,       0,      0,     0,      0,      0,
# Line 87  static const short int escapes[] = { Line 169  static const short int escapes[] = {
169  /*  70 */     0,     0,      0,       0,      0,     0,      0,      0,  /*  70 */     0,     0,      0,       0,      0,     0,      0,      0,
170  /*  78 */     0,   '`',    ':',     '#',    '@',  '\'',    '=',    '"',  /*  78 */     0,   '`',    ':',     '#',    '@',  '\'',    '=',    '"',
171  /*  80 */     0,     7, -ESC_b,       0, -ESC_d, ESC_e,  ESC_f,      0,  /*  80 */     0,     7, -ESC_b,       0, -ESC_d, ESC_e,  ESC_f,      0,
172  /*  88 */     0,     0,      0,     '{',      0,     0,      0,      0,  /*  88 */-ESC_h,     0,      0,     '{',      0,     0,      0,      0,
173  /*  90 */     0,     0,      0,     'l',      0, ESC_n,      0, -ESC_p,  /*  90 */     0,     0, -ESC_k,     'l',      0, ESC_n,      0, -ESC_p,
174  /*  98 */     0, ESC_r,      0,     '}',      0,     0,      0,      0,  /*  98 */     0, ESC_r,      0,     '}',      0,     0,      0,      0,
175  /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,     0, -ESC_w,      0,  /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,-ESC_v, -ESC_w,      0,
176  /*  A8 */     0,-ESC_z,      0,       0,      0,   '[',      0,      0,  /*  A8 */     0,-ESC_z,      0,       0,      0,   '[',      0,      0,
177  /*  B0 */     0,     0,      0,       0,      0,     0,      0,      0,  /*  B0 */     0,     0,      0,       0,      0,     0,      0,      0,
178  /*  B8 */     0,     0,      0,       0,      0,   ']',    '=',    '-',  /*  B8 */     0,     0,      0,       0,      0,   ']',    '=',    '-',
179  /*  C0 */   '{',-ESC_A, -ESC_B,  -ESC_C, -ESC_D,-ESC_E,      0, -ESC_G,  /*  C0 */   '{',-ESC_A, -ESC_B,  -ESC_C, -ESC_D,-ESC_E,      0, -ESC_G,
180  /*  C8 */     0,     0,      0,       0,      0,     0,      0,      0,  /*  C8 */-ESC_H,     0,      0,       0,      0,     0,      0,      0,
181  /*  D0 */   '}',     0,      0,       0,      0,     0,      0, -ESC_P,  /*  D0 */   '}',     0, -ESC_K,       0,      0,-ESC_N,      0, -ESC_P,
182  /*  D8 */-ESC_Q,     0,      0,       0,      0,     0,      0,      0,  /*  D8 */-ESC_Q,-ESC_R,      0,       0,      0,     0,      0,      0,
183  /*  E0 */  '\\',     0, -ESC_S,       0,      0,     0, -ESC_W, -ESC_X,  /*  E0 */  '\\',     0, -ESC_S,       0,      0,-ESC_V, -ESC_W, -ESC_X,
184  /*  E8 */     0,-ESC_Z,      0,       0,      0,     0,      0,      0,  /*  E8 */     0,-ESC_Z,      0,       0,      0,     0,      0,      0,
185  /*  F0 */     0,     0,      0,       0,      0,     0,      0,      0,  /*  F0 */     0,     0,      0,       0,      0,     0,      0,      0,
186  /*  F8 */     0,     0,      0,       0,      0,     0,      0,      0  /*  F8 */     0,     0,      0,       0,      0,     0,      0,      0
# Line 106  static const short int escapes[] = { Line 188  static const short int escapes[] = {
188  #endif  #endif
189    
190    
191  /* Tables of names of POSIX character classes and their lengths. The list is  /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
192  terminated by a zero length entry. The first three must be alpha, upper, lower,  searched linearly. Put all the names into a single string, in order to reduce
193  as this is assumed for handling case independence. */  the number of relocations when a shared library is dynamically linked. The
194    string is built from string macros so that it works in UTF-8 mode on EBCDIC
195  static const char *const posix_names[] = {  platforms. */
196    "alpha", "lower", "upper",  
197    "alnum", "ascii", "blank", "cntrl", "digit", "graph",  typedef struct verbitem {
198    "print", "punct", "space", "word",  "xdigit" };    int   len;                 /* Length of verb name */
199      int   op;                  /* Op when no arg, or -1 if arg mandatory */
200      int   op_arg;              /* Op when arg present, or -1 if not allowed */
201    } verbitem;
202    
203    static const char verbnames[] =
204      "\0"                       /* Empty name is a shorthand for MARK */
205      STRING_MARK0
206      STRING_ACCEPT0
207      STRING_COMMIT0
208      STRING_F0
209      STRING_FAIL0
210      STRING_PRUNE0
211      STRING_SKIP0
212      STRING_THEN;
213    
214    static const verbitem verbs[] = {
215      { 0, -1,        OP_MARK },
216      { 4, -1,        OP_MARK },
217      { 6, OP_ACCEPT, -1 },
218      { 6, OP_COMMIT, -1 },
219      { 1, OP_FAIL,   -1 },
220      { 4, OP_FAIL,   -1 },
221      { 5, OP_PRUNE,  OP_PRUNE_ARG },
222      { 4, OP_SKIP,   OP_SKIP_ARG  },
223      { 4, OP_THEN,   OP_THEN_ARG  }
224    };
225    
226    static const int verbcount = sizeof(verbs)/sizeof(verbitem);
227    
228    
229    /* Tables of names of POSIX character classes and their lengths. The names are
230    now all in a single string, to reduce the number of relocations when a shared
231    library is dynamically loaded. The list of lengths is terminated by a zero
232    length entry. The first three must be alpha, lower, upper, as this is assumed
233    for handling case independence. */
234    
235    static const char posix_names[] =
236      STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
237      STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
238      STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
239      STRING_word0  STRING_xdigit;
240    
241  static const uschar posix_name_lengths[] = {  static const uschar posix_name_lengths[] = {
242    5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };    5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
243    
244  /* Table of class bit maps for each POSIX class; up to three may be combined  /* Table of class bit maps for each POSIX class. Each class is formed from a
245  to form the class. The table for [:blank:] is dynamically modified to remove  base map, with an optional addition or removal of another map. Then, for some
246  the vertical space characters. */  classes, there is some additional tweaking: for [:blank:] the vertical space
247    characters are removed, and for [:alpha:] and [:alnum:] the underscore
248    character is removed. The triples in the table consist of the base map offset,
249    second map offset or -1 if no second map, and a non-negative value for map
250    addition or a negative value for map subtraction (if there are two maps). The
251    absolute value of the third field has these meanings: 0 => no tweaking, 1 =>
252    remove vertical space characters, 2 => remove underscore. */
253    
254  static const int posix_class_maps[] = {  static const int posix_class_maps[] = {
255    cbit_lower, cbit_upper, -1,             /* alpha */    cbit_word,  cbit_digit, -2,             /* alpha */
256    cbit_lower, -1,         -1,             /* lower */    cbit_lower, -1,          0,             /* lower */
257    cbit_upper, -1,         -1,             /* upper */    cbit_upper, -1,          0,             /* upper */
258    cbit_digit, cbit_lower, cbit_upper,     /* alnum */    cbit_word,  -1,          2,             /* alnum - word without underscore */
259    cbit_print, cbit_cntrl, -1,             /* ascii */    cbit_print, cbit_cntrl,  0,             /* ascii */
260    cbit_space, -1,         -1,             /* blank - a GNU extension */    cbit_space, -1,          1,             /* blank - a GNU extension */
261    cbit_cntrl, -1,         -1,             /* cntrl */    cbit_cntrl, -1,          0,             /* cntrl */
262    cbit_digit, -1,         -1,             /* digit */    cbit_digit, -1,          0,             /* digit */
263    cbit_graph, -1,         -1,             /* graph */    cbit_graph, -1,          0,             /* graph */
264    cbit_print, -1,         -1,             /* print */    cbit_print, -1,          0,             /* print */
265    cbit_punct, -1,         -1,             /* punct */    cbit_punct, -1,          0,             /* punct */
266    cbit_space, -1,         -1,             /* space */    cbit_space, -1,          0,             /* space */
267    cbit_word,  -1,         -1,             /* word - a Perl extension */    cbit_word,  -1,          0,             /* word - a Perl extension */
268    cbit_xdigit,-1,         -1              /* xdigit */    cbit_xdigit,-1,          0              /* xdigit */
269  };  };
270    
271    /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
272    substitutes must be in the order of the names, defined above, and there are
273    both positive and negative cases. NULL means no substitute. */
274    
275  /* The texts of compile-time error messages. These are "char *" because they  #ifdef SUPPORT_UCP
276  are passed to the outside world. */  static const uschar *substitutes[] = {
277      (uschar *)"\\P{Nd}",    /* \D */
278      (uschar *)"\\p{Nd}",    /* \d */
279      (uschar *)"\\P{Xsp}",   /* \S */       /* NOTE: Xsp is Perl space */
280      (uschar *)"\\p{Xsp}",   /* \s */
281      (uschar *)"\\P{Xwd}",   /* \W */
282      (uschar *)"\\p{Xwd}"    /* \w */
283    };
284    
285    static const uschar *posix_substitutes[] = {
286      (uschar *)"\\p{L}",     /* alpha */
287      (uschar *)"\\p{Ll}",    /* lower */
288      (uschar *)"\\p{Lu}",    /* upper */
289      (uschar *)"\\p{Xan}",   /* alnum */
290      NULL,                   /* ascii */
291      (uschar *)"\\h",        /* blank */
292      NULL,                   /* cntrl */
293      (uschar *)"\\p{Nd}",    /* digit */
294      NULL,                   /* graph */
295      NULL,                   /* print */
296      NULL,                   /* punct */
297      (uschar *)"\\p{Xps}",   /* space */    /* NOTE: Xps is POSIX space */
298      (uschar *)"\\p{Xwd}",   /* word */
299      NULL,                   /* xdigit */
300      /* Negated cases */
301      (uschar *)"\\P{L}",     /* ^alpha */
302      (uschar *)"\\P{Ll}",    /* ^lower */
303      (uschar *)"\\P{Lu}",    /* ^upper */
304      (uschar *)"\\P{Xan}",   /* ^alnum */
305      NULL,                   /* ^ascii */
306      (uschar *)"\\H",        /* ^blank */
307      NULL,                   /* ^cntrl */
308      (uschar *)"\\P{Nd}",    /* ^digit */
309      NULL,                   /* ^graph */
310      NULL,                   /* ^print */
311      NULL,                   /* ^punct */
312      (uschar *)"\\P{Xps}",   /* ^space */   /* NOTE: Xps is POSIX space */
313      (uschar *)"\\P{Xwd}",   /* ^word */
314      NULL                    /* ^xdigit */
315    };
316    #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
317    #endif
318    
319    #define STRING(a)  # a
320    #define XSTRING(s) STRING(s)
321    
322  static const char *error_texts[] = {  /* The texts of compile-time error messages. These are "char *" because they
323    "no error",  are passed to the outside world. Do not ever re-use any error number, because
324    "\\ at end of pattern",  they are documented. Always add a new error instead. Messages marked DEAD below
325    "\\c at end of pattern",  are no longer used. This used to be a table of strings, but in order to reduce
326    "unrecognized character follows \\",  the number of relocations needed when a shared library is loaded dynamically,
327    "numbers out of order in {} quantifier",  it is now one long string. We cannot use a table of offsets, because the
328    lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
329    simply count through to the one we want - this isn't a performance issue
330    because these strings are used only when there is a compilation error.
331    
332    Each substring ends with \0 to insert a null character. This includes the final
333    substring, so that the whole string ends with \0\0, which can be detected when
334    counting through. */
335    
336    static const char error_texts[] =
337      "no error\0"
338      "\\ at end of pattern\0"
339      "\\c at end of pattern\0"
340      "unrecognized character follows \\\0"
341      "numbers out of order in {} quantifier\0"
342    /* 5 */    /* 5 */
343    "number too big in {} quantifier",    "number too big in {} quantifier\0"
344    "missing terminating ] for character class",    "missing terminating ] for character class\0"
345    "invalid escape sequence in character class",    "invalid escape sequence in character class\0"
346    "range out of order in character class",    "range out of order in character class\0"
347    "nothing to repeat",    "nothing to repeat\0"
348    /* 10 */    /* 10 */
349    "operand of unlimited repeat could match the empty string",    "operand of unlimited repeat could match the empty string\0"  /** DEAD **/
350    "internal error: unexpected repeat",    "internal error: unexpected repeat\0"
351    "unrecognized character after (?",    "unrecognized character after (? or (?-\0"
352    "POSIX named classes are supported only within a class",    "POSIX named classes are supported only within a class\0"
353    "missing )",    "missing )\0"
354    /* 15 */    /* 15 */
355    "reference to non-existent subpattern",    "reference to non-existent subpattern\0"
356    "erroffset passed as NULL",    "erroffset passed as NULL\0"
357    "unknown option bit(s) set",    "unknown option bit(s) set\0"
358    "missing ) after comment",    "missing ) after comment\0"
359    "parentheses nested too deeply",    "parentheses nested too deeply\0"  /** DEAD **/
360    /* 20 */    /* 20 */
361    "regular expression too large",    "regular expression is too large\0"
362    "failed to get memory",    "failed to get memory\0"
363    "unmatched parentheses",    "unmatched parentheses\0"
364    "internal error: code overflow",    "internal error: code overflow\0"
365    "unrecognized character after (?<",    "unrecognized character after (?<\0"
366    /* 25 */    /* 25 */
367    "lookbehind assertion is not fixed length",    "lookbehind assertion is not fixed length\0"
368    "malformed number after (?(",    "malformed number or name after (?(\0"
369    "conditional group contains more than two branches",    "conditional group contains more than two branches\0"
370    "assertion expected after (?(",    "assertion expected after (?(\0"
371    "(?R or (?digits must be followed by )",    "(?R or (?[+-]digits must be followed by )\0"
372    /* 30 */    /* 30 */
373    "unknown POSIX class name",    "unknown POSIX class name\0"
374    "POSIX collating elements are not supported",    "POSIX collating elements are not supported\0"
375    "this version of PCRE is not compiled with PCRE_UTF8 support",    "this version of PCRE is not compiled with PCRE_UTF8 support\0"
376    "spare error",    "spare error\0"  /** DEAD **/
377    "character value in \\x{...} sequence is too large",    "character value in \\x{...} sequence is too large\0"
378    /* 35 */    /* 35 */
379    "invalid condition (?(0)",    "invalid condition (?(0)\0"
380    "\\C not allowed in lookbehind assertion",    "\\C not allowed in lookbehind assertion\0"
381    "PCRE does not support \\L, \\l, \\N, \\U, or \\u",    "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
382    "number after (?C is > 255",    "number after (?C is > 255\0"
383    "closing ) for (?C expected",    "closing ) for (?C expected\0"
384    /* 40 */    /* 40 */
385    "recursive call could loop indefinitely",    "recursive call could loop indefinitely\0"
386    "unrecognized character after (?P",    "unrecognized character after (?P\0"
387    "syntax error after (?P",    "syntax error in subpattern name (missing terminator)\0"
388    "two named groups have the same name",    "two named subpatterns have the same name\0"
389    "invalid UTF-8 string",    "invalid UTF-8 string\0"
390    /* 45 */    /* 45 */
391    "support for \\P, \\p, and \\X has not been compiled",    "support for \\P, \\p, and \\X has not been compiled\0"
392    "malformed \\P or \\p sequence",    "malformed \\P or \\p sequence\0"
393    "unknown property name after \\P or \\p"    "unknown property name after \\P or \\p\0"
394  };    "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
395      "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
396      /* 50 */
397      "repeated subpattern is too long\0"    /** DEAD **/
398      "octal value is greater than \\377 (not in UTF-8 mode)\0"
399      "internal error: overran compiling workspace\0"
400      "internal error: previously-checked referenced subpattern not found\0"
401      "DEFINE group contains more than one branch\0"
402      /* 55 */
403      "repeating a DEFINE group is not allowed\0"  /** DEAD **/
404      "inconsistent NEWLINE options\0"
405      "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
406      "a numbered reference must not be zero\0"
407      "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
408      /* 60 */
409      "(*VERB) not recognized\0"
410      "number is too big\0"
411      "subpattern name expected\0"
412      "digit expected after (?+\0"
413      "] is an invalid data character in JavaScript compatibility mode\0"
414      /* 65 */
415      "different names for subpatterns of the same number are not allowed\0"
416      "(*MARK) must have an argument\0"
417      "this version of PCRE is not compiled with PCRE_UCP support\0"
418      "\\c must be followed by an ASCII character\0"
419      "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
420      /* 70 */
421      "internal error: unknown opcode in find_fixedlength()\0"
422      "\\N is not supported in a class\0"
423      "too many forward references\0"
424      ;
425    
426  /* Table to identify digits and hex digits. This is used when compiling  /* Table to identify digits and hex digits. This is used when compiling
427  patterns. Note that the tables in chartables are dependent on the locale, and  patterns. Note that the tables in chartables are dependent on the locale, and
# Line 220  For convenience, we use the same bit def Line 439  For convenience, we use the same bit def
439    
440  Then we can use ctype_digit and ctype_xdigit in the code. */  Then we can use ctype_digit and ctype_xdigit in the code. */
441    
442  #if !EBCDIC    /* This is the "normal" case, for ASCII systems */  #ifndef EBCDIC
443    
444    /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
445    UTF-8 mode. */
446    
447  static const unsigned char digitab[] =  static const unsigned char digitab[] =
448    {    {
449    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7 */
# Line 256  static const unsigned char digitab[] = Line 479  static const unsigned char digitab[] =
479    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
480    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
481    
482  #else          /* This is the "abnormal" case, for EBCDIC systems */  #else
483    
484    /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
485    
486  static const unsigned char digitab[] =  static const unsigned char digitab[] =
487    {    {
488    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7  0 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7  0 */
# Line 270  static const unsigned char digitab[] = Line 496  static const unsigned char digitab[] =
496    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 40 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 40 */
497    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  72- |     */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  72- |     */
498    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 50 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 50 */
499    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  88-     */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  88- 95    */
500    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 60 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 60 */
501    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ?     */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ?     */
502    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
# Line 304  static const unsigned char ebcdic_charta Line 530  static const unsigned char ebcdic_charta
530    0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 */    0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 */
531    0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /*  72- |  */    0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /*  72- |  */
532    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 */
533    0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /*  88-  */    0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /*  88- 95 */
534    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 */
535    0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ?  */    0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ?  */
536    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
# Line 331  static const unsigned char ebcdic_charta Line 557  static const unsigned char ebcdic_charta
557  /* Definition to allow mutual recursion */  /* Definition to allow mutual recursion */
558    
559  static BOOL  static BOOL
560    compile_regex(int, int, int *, uschar **, const uschar **, int *, BOOL, int,    compile_regex(int, uschar **, const uschar **, int *, BOOL, BOOL, int, int,
561      int *, int *, branch_chain *, compile_data *);      int *, int *, branch_chain *, compile_data *, int *);
562    
563    
564    
565    /*************************************************
566    *            Find an error text                  *
567    *************************************************/
568    
569    /* The error texts are now all in one long string, to save on relocations. As
570    some of the text is of unknown length, we can't use a table of offsets.
571    Instead, just count through the strings. This is not a performance issue
572    because it happens only when there has been a compilation error.
573    
574    Argument:   the error number
575    Returns:    pointer to the error string
576    */
577    
578    static const char *
579    find_error_text(int n)
580    {
581    const char *s = error_texts;
582    for (; n > 0; n--)
583      {
584      while (*s++ != 0) {};
585      if (*s == 0) return "Error text not found (please report)";
586      }
587    return s;
588    }
589    
590    
591    /*************************************************
592    *           Expand the workspace                 *
593    *************************************************/
594    
595    /* This function is called during the second compiling phase, if the number of
596    forward references fills the existing workspace, which is originally a block on
597    the stack. A larger block is obtained from malloc() unless the ultimate limit
598    has been reached or the increase will be rather small.
599    
600    Argument: pointer to the compile data block
601    Returns:  0 if all went well, else an error number
602    */
603    
604    static int
605    expand_workspace(compile_data *cd)
606    {
607    uschar *newspace;
608    int newsize = cd->workspace_size * 2;
609    
610    if (newsize > COMPILE_WORK_SIZE_MAX) newsize = COMPILE_WORK_SIZE_MAX;
611    if (cd->workspace_size >= COMPILE_WORK_SIZE_MAX ||
612        newsize - cd->workspace_size < WORK_SIZE_SAFETY_MARGIN)
613     return ERR72;
614    
615    newspace = (pcre_malloc)(newsize);
616    if (newspace == NULL) return ERR21;
617    
618    memcpy(newspace, cd->start_workspace, cd->workspace_size);
619    cd->hwm = (uschar *)newspace + (cd->hwm - cd->start_workspace);
620    if (cd->workspace_size > COMPILE_WORK_SIZE)
621      (pcre_free)((void *)cd->start_workspace);
622    cd->start_workspace = newspace;
623    cd->workspace_size = newsize;
624    return 0;
625    }
626    
627    
628    
629    /*************************************************
630    *            Check for counted repeat            *
631    *************************************************/
632    
633    /* This function is called when a '{' is encountered in a place where it might
634    start a quantifier. It looks ahead to see if it really is a quantifier or not.
635    It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
636    where the ddds are digits.
637    
638    Arguments:
639      p         pointer to the first char after '{'
640    
641    Returns:    TRUE or FALSE
642    */
643    
644    static BOOL
645    is_counted_repeat(const uschar *p)
646    {
647    if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
648    while ((digitab[*p] & ctype_digit) != 0) p++;
649    if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
650    
651    if (*p++ != CHAR_COMMA) return FALSE;
652    if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
653    
654    if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
655    while ((digitab[*p] & ctype_digit) != 0) p++;
656    
657    return (*p == CHAR_RIGHT_CURLY_BRACKET);
658    }
659    
660    
661    
# Line 342  static BOOL Line 665  static BOOL
665    
666  /* This function is called when a \ has been encountered. It either returns a  /* This function is called when a \ has been encountered. It either returns a
667  positive value for a simple escape such as \n, or a negative value which  positive value for a simple escape such as \n, or a negative value which
668  encodes one of the more complicated things such as \d. When UTF-8 is enabled,  encodes one of the more complicated things such as \d. A backreference to group
669  a positive value greater than 255 may be returned. On entry, ptr is pointing at  n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
670  the \. On exit, it is on the final character of the escape sequence.  UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
671    ptr is pointing at the \. On exit, it is on the final character of the escape
672    sequence.
673    
674  Arguments:  Arguments:
675    ptrptr         points to the pattern position pointer    ptrptr         points to the pattern position pointer
# Line 355  Arguments: Line 680  Arguments:
680    
681  Returns:         zero or positive => a data character  Returns:         zero or positive => a data character
682                   negative => a special escape sequence                   negative => a special escape sequence
683                   on error, errorptr is set                   on error, errorcodeptr is set
684  */  */
685    
686  static int  static int
687  check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,  check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,
688    int options, BOOL isclass)    int options, BOOL isclass)
689  {  {
690  const uschar *ptr = *ptrptr;  BOOL utf8 = (options & PCRE_UTF8) != 0;
691    const uschar *ptr = *ptrptr + 1;
692  int c, i;  int c, i;
693    
694    GETCHARINCTEST(c, ptr);           /* Get character value, increment pointer */
695    ptr--;                            /* Set pointer back to the last byte */
696    
697  /* If backslash is at the end of the pattern, it's an error. */  /* If backslash is at the end of the pattern, it's an error. */
698    
 c = *(++ptr);  
699  if (c == 0) *errorcodeptr = ERR1;  if (c == 0) *errorcodeptr = ERR1;
700    
701  /* Non-alphamerics are literals. For digits or letters, do an initial lookup in  /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
702  a table. A non-zero result is something that can be returned immediately.  in a table. A non-zero result is something that can be returned immediately.
703  Otherwise further processing may be required. */  Otherwise further processing may be required. */
704    
705  #if !EBCDIC    /* ASCII coding */  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
706  else if (c < '0' || c > 'z') {}                           /* Not alphameric */  else if (c < CHAR_0 || c > CHAR_z) {}                     /* Not alphanumeric */
707  else if ((i = escapes[c - '0']) != 0) c = i;  else if ((i = escapes[c - CHAR_0]) != 0) c = i;
708    
709  #else          /* EBCDIC coding */  #else           /* EBCDIC coding */
710  else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphameric */  else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphanumeric */
711  else if ((i = escapes[c - 0x48]) != 0)  c = i;  else if ((i = escapes[c - 0x48]) != 0)  c = i;
712  #endif  #endif
713    
# Line 388  else if ((i = escapes[c - 0x48]) != 0) Line 716  else if ((i = escapes[c - 0x48]) != 0)
716  else  else
717    {    {
718    const uschar *oldptr;    const uschar *oldptr;
719      BOOL braced, negated;
720    
721    switch (c)    switch (c)
722      {      {
723      /* A number of Perl escapes are not handled by PCRE. We give an explicit      /* A number of Perl escapes are not handled by PCRE. We give an explicit
724      error. */      error. */
725    
726      case 'l':      case CHAR_l:
727      case 'L':      case CHAR_L:
     case 'N':  
     case 'u':  
     case 'U':  
728      *errorcodeptr = ERR37;      *errorcodeptr = ERR37;
729      break;      break;
730    
731        case CHAR_u:
732        if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
733          {
734          /* In JavaScript, \u must be followed by four hexadecimal numbers.
735          Otherwise it is a lowercase u letter. */
736          if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0
737               && (digitab[ptr[3]] & ctype_xdigit) != 0 && (digitab[ptr[4]] & ctype_xdigit) != 0)
738            {
739            c = 0;
740            for (i = 0; i < 4; ++i)
741              {
742              register int cc = *(++ptr);
743    #ifndef EBCDIC  /* ASCII/UTF-8 coding */
744              if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
745              c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
746    #else           /* EBCDIC coding */
747              if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
748              c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
749    #endif
750              }
751            }
752          }
753        else
754          *errorcodeptr = ERR37;
755        break;
756    
757        case CHAR_U:
758        /* In JavaScript, \U is an uppercase U letter. */
759        if ((options & PCRE_JAVASCRIPT_COMPAT) == 0) *errorcodeptr = ERR37;
760        break;
761    
762        /* In a character class, \g is just a literal "g". Outside a character
763        class, \g must be followed by one of a number of specific things:
764    
765        (1) A number, either plain or braced. If positive, it is an absolute
766        backreference. If negative, it is a relative backreference. This is a Perl
767        5.10 feature.
768    
769        (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
770        is part of Perl's movement towards a unified syntax for back references. As
771        this is synonymous with \k{name}, we fudge it up by pretending it really
772        was \k.
773    
774        (3) For Oniguruma compatibility we also support \g followed by a name or a
775        number either in angle brackets or in single quotes. However, these are
776        (possibly recursive) subroutine calls, _not_ backreferences. Just return
777        the -ESC_g code (cf \k). */
778    
779        case CHAR_g:
780        if (isclass) break;
781        if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
782          {
783          c = -ESC_g;
784          break;
785          }
786    
787        /* Handle the Perl-compatible cases */
788    
789        if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
790          {
791          const uschar *p;
792          for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
793            if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
794          if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
795            {
796            c = -ESC_k;
797            break;
798            }
799          braced = TRUE;
800          ptr++;
801          }
802        else braced = FALSE;
803    
804        if (ptr[1] == CHAR_MINUS)
805          {
806          negated = TRUE;
807          ptr++;
808          }
809        else negated = FALSE;
810    
811        c = 0;
812        while ((digitab[ptr[1]] & ctype_digit) != 0)
813          c = c * 10 + *(++ptr) - CHAR_0;
814    
815        if (c < 0)   /* Integer overflow */
816          {
817          *errorcodeptr = ERR61;
818          break;
819          }
820    
821        if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
822          {
823          *errorcodeptr = ERR57;
824          break;
825          }
826    
827        if (c == 0)
828          {
829          *errorcodeptr = ERR58;
830          break;
831          }
832    
833        if (negated)
834          {
835          if (c > bracount)
836            {
837            *errorcodeptr = ERR15;
838            break;
839            }
840          c = bracount - (c - 1);
841          }
842    
843        c = -(ESC_REF + c);
844        break;
845    
846      /* The handling of escape sequences consisting of a string of digits      /* The handling of escape sequences consisting of a string of digits
847      starting with one that is not zero is not straightforward. By experiment,      starting with one that is not zero is not straightforward. By experiment,
848      the way Perl works seems to be as follows:      the way Perl works seems to be as follows:
# Line 413  else Line 855  else
855      value is greater than 377, the least significant 8 bits are taken. Inside a      value is greater than 377, the least significant 8 bits are taken. Inside a
856      character class, \ followed by a digit is always an octal number. */      character class, \ followed by a digit is always an octal number. */
857    
858      case '1': case '2': case '3': case '4': case '5':      case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
859      case '6': case '7': case '8': case '9':      case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
860    
861      if (!isclass)      if (!isclass)
862        {        {
863        oldptr = ptr;        oldptr = ptr;
864        c -= '0';        c -= CHAR_0;
865        while ((digitab[ptr[1]] & ctype_digit) != 0)        while ((digitab[ptr[1]] & ctype_digit) != 0)
866          c = c * 10 + *(++ptr) - '0';          c = c * 10 + *(++ptr) - CHAR_0;
867          if (c < 0)    /* Integer overflow */
868            {
869            *errorcodeptr = ERR61;
870            break;
871            }
872        if (c < 10 || c <= bracount)        if (c < 10 || c <= bracount)
873          {          {
874          c = -(ESC_REF + c);          c = -(ESC_REF + c);
# Line 434  else Line 881  else
881      generates a binary zero byte and treats the digit as a following literal.      generates a binary zero byte and treats the digit as a following literal.
882      Thus we have to pull back the pointer by one. */      Thus we have to pull back the pointer by one. */
883    
884      if ((c = *ptr) >= '8')      if ((c = *ptr) >= CHAR_8)
885        {        {
886        ptr--;        ptr--;
887        c = 0;        c = 0;
# Line 442  else Line 889  else
889        }        }
890    
891      /* \0 always starts an octal number, but we may drop through to here with a      /* \0 always starts an octal number, but we may drop through to here with a
892      larger first octal digit. */      larger first octal digit. The original code used just to take the least
893        significant 8 bits of octal numbers (I think this is what early Perls used
894      case '0':      to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
895      c -= '0';      than 3 octal digits. */
896      while(i++ < 2 && ptr[1] >= '0' && ptr[1] <= '7')  
897          c = c * 8 + *(++ptr) - '0';      case CHAR_0:
898      c &= 255;     /* Take least significant 8 bits */      c -= CHAR_0;
899        while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
900            c = c * 8 + *(++ptr) - CHAR_0;
901        if (!utf8 && c > 255) *errorcodeptr = ERR51;
902      break;      break;
903    
904      /* \x is complicated when UTF-8 is enabled. \x{ddd} is a character number      /* \x is complicated. \x{ddd} is a character number which can be greater
905      which can be greater than 0xff, but only if the ddd are hex digits. */      than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
906        treated as a data character. */
907    
908        case CHAR_x:
909        if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
910          {
911          /* In JavaScript, \x must be followed by two hexadecimal numbers.
912          Otherwise it is a lowercase x letter. */
913          if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0)
914            {
915            c = 0;
916            for (i = 0; i < 2; ++i)
917              {
918              register int cc = *(++ptr);
919    #ifndef EBCDIC  /* ASCII/UTF-8 coding */
920              if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
921              c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
922    #else           /* EBCDIC coding */
923              if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
924              c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
925    #endif
926              }
927            }
928          break;
929          }
930    
931      case 'x':      if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
 #ifdef SUPPORT_UTF8  
     if (ptr[1] == '{' && (options & PCRE_UTF8) != 0)  
932        {        {
933        const uschar *pt = ptr + 2;        const uschar *pt = ptr + 2;
934        register int count = 0;        int count = 0;
935    
936        c = 0;        c = 0;
937        while ((digitab[*pt] & ctype_xdigit) != 0)        while ((digitab[*pt] & ctype_xdigit) != 0)
938          {          {
939          int cc = *pt++;          register int cc = *pt++;
940            if (c == 0 && cc == CHAR_0) continue;     /* Leading zeroes */
941          count++;          count++;
942  #if !EBCDIC    /* ASCII coding */  
943          if (cc >= 'a') cc -= 32;               /* Convert to upper case */  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
944          c = c * 16 + cc - ((cc < 'A')? '0' : ('A' - 10));          if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
945  #else          /* EBCDIC coding */          c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
946          if (cc >= 'a' && cc <= 'z') cc += 64;  /* Convert to upper case */  #else           /* EBCDIC coding */
947          c = c * 16 + cc - ((cc >= '0')? '0' : ('A' - 10));          if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
948            c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
949  #endif  #endif
950          }          }
951        if (*pt == '}')  
952          if (*pt == CHAR_RIGHT_CURLY_BRACKET)
953          {          {
954          if (c < 0 || count > 8) *errorcodeptr = ERR34;          if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
955          ptr = pt;          ptr = pt;
956          break;          break;
957          }          }
958    
959        /* If the sequence of hex digits does not end with '}', then we don't        /* If the sequence of hex digits does not end with '}', then we don't
960        recognize this construct; fall through to the normal \x handling. */        recognize this construct; fall through to the normal \x handling. */
961        }        }
 #endif  
962    
963      /* Read just a single hex char */      /* Read just a single-byte hex-defined char */
964    
965      c = 0;      c = 0;
966      while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)      while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
967        {        {
968        int cc;                               /* Some compilers don't like ++ */        int cc;                                  /* Some compilers don't like */
969        cc = *(++ptr);                        /* in initializers */        cc = *(++ptr);                           /* ++ in initializers */
970  #if !EBCDIC    /* ASCII coding */  #ifndef EBCDIC  /* ASCII/UTF-8 coding */
971        if (cc >= 'a') cc -= 32;              /* Convert to upper case */        if (cc >= CHAR_a) cc -= 32;              /* Convert to upper case */
972        c = c * 16 + cc - ((cc < 'A')? '0' : ('A' - 10));        c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
973  #else          /* EBCDIC coding */  #else           /* EBCDIC coding */
974        if (cc <= 'z') cc += 64;              /* Convert to upper case */        if (cc <= CHAR_z) cc += 64;              /* Convert to upper case */
975        c = c * 16 + cc - ((cc >= '0')? '0' : ('A' - 10));        c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
976  #endif  #endif
977        }        }
978      break;      break;
979    
980      /* Other special escapes not starting with a digit are straightforward */      /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
981        An error is given if the byte following \c is not an ASCII character. This
982        coding is ASCII-specific, but then the whole concept of \cx is
983        ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
984    
985      case 'c':      case CHAR_c:
986      c = *(++ptr);      c = *(++ptr);
987      if (c == 0)      if (c == 0)
988        {        {
989        *errorcodeptr = ERR2;        *errorcodeptr = ERR2;
990        return 0;        break;
991        }        }
992    #ifndef EBCDIC    /* ASCII/UTF-8 coding */
993      /* A letter is upper-cased; then the 0x40 bit is flipped. This coding      if (c > 127)  /* Excludes all non-ASCII in either mode */
994      is ASCII-specific, but then the whole concept of \cx is ASCII-specific.        {
995      (However, an EBCDIC equivalent has now been added.) */        *errorcodeptr = ERR68;
996          break;
997  #if !EBCDIC    /* ASCII coding */        }
998      if (c >= 'a' && c <= 'z') c -= 32;      if (c >= CHAR_a && c <= CHAR_z) c -= 32;
999      c ^= 0x40;      c ^= 0x40;
1000  #else          /* EBCDIC coding */  #else             /* EBCDIC coding */
1001      if (c >= 'a' && c <= 'z') c += 64;      if (c >= CHAR_a && c <= CHAR_z) c += 64;
1002      c ^= 0xC0;      c ^= 0xC0;
1003  #endif  #endif
1004      break;      break;
1005    
1006      /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any      /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
1007      other alphameric following \ is an error if PCRE_EXTRA was set; otherwise,      other alphanumeric following \ is an error if PCRE_EXTRA was set;
1008      for Perl compatibility, it is a literal. This code looks a bit odd, but      otherwise, for Perl compatibility, it is a literal. This code looks a bit
1009      there used to be some cases other than the default, and there may be again      odd, but there used to be some cases other than the default, and there may
1010      in future, so I haven't "optimized" it. */      be again in future, so I haven't "optimized" it. */
1011    
1012      default:      default:
1013      if ((options & PCRE_EXTRA) != 0) switch(c)      if ((options & PCRE_EXTRA) != 0) switch(c)
# Line 541  else Line 1020  else
1020      }      }
1021    }    }
1022    
1023    /* Perl supports \N{name} for character names, as well as plain \N for "not
1024    newline". PCRE does not support \N{name}. However, it does support
1025    quantification such as \N{2,3}. */
1026    
1027    if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
1028         !is_counted_repeat(ptr+2))
1029      *errorcodeptr = ERR37;
1030    
1031    /* If PCRE_UCP is set, we change the values for \d etc. */
1032    
1033    if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
1034      c -= (ESC_DU - ESC_D);
1035    
1036    /* Set the pointer to the final character before returning. */
1037    
1038  *ptrptr = ptr;  *ptrptr = ptr;
1039  return c;  return c;
1040  }  }
# Line 560  escape sequence. Line 1054  escape sequence.
1054  Argument:  Argument:
1055    ptrptr         points to the pattern position pointer    ptrptr         points to the pattern position pointer
1056    negptr         points to a boolean that is set TRUE for negation else FALSE    negptr         points to a boolean that is set TRUE for negation else FALSE
1057      dptr           points to an int that is set to the detailed property value
1058    errorcodeptr   points to the error code variable    errorcodeptr   points to the error code variable
1059    
1060  Returns:     value from ucp_type_table, or -1 for an invalid type  Returns:         type value from ucp_type_table, or -1 for an invalid type
1061  */  */
1062    
1063  static int  static int
1064  get_ucp(const uschar **ptrptr, BOOL *negptr, int *errorcodeptr)  get_ucp(const uschar **ptrptr, BOOL *negptr, int *dptr, int *errorcodeptr)
1065  {  {
1066  int c, i, bot, top;  int c, i, bot, top;
1067  const uschar *ptr = *ptrptr;  const uschar *ptr = *ptrptr;
1068  char name[4];  char name[32];
1069    
1070  c = *(++ptr);  c = *(++ptr);
1071  if (c == 0) goto ERROR_RETURN;  if (c == 0) goto ERROR_RETURN;
1072    
1073  *negptr = FALSE;  *negptr = FALSE;
1074    
1075  /* \P or \p can be followed by a one- or two-character name in {}, optionally  /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
1076  preceded by ^ for negation. */  negation. */
1077    
1078  if (c == '{')  if (c == CHAR_LEFT_CURLY_BRACKET)
1079    {    {
1080    if (ptr[1] == '^')    if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1081      {      {
1082      *negptr = TRUE;      *negptr = TRUE;
1083      ptr++;      ptr++;
1084      }      }
1085    for (i = 0; i <= 2; i++)    for (i = 0; i < (int)sizeof(name) - 1; i++)
1086      {      {
1087      c = *(++ptr);      c = *(++ptr);
1088      if (c == 0) goto ERROR_RETURN;      if (c == 0) goto ERROR_RETURN;
1089      if (c == '}') break;      if (c == CHAR_RIGHT_CURLY_BRACKET) break;
1090      name[i] = c;      name[i] = c;
1091      }      }
1092    if (c !='}')   /* Try to distinguish error cases */    if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
     {  
     while (*(++ptr) != 0 && *ptr != '}');  
     if (*ptr == '}') goto UNKNOWN_RETURN; else goto ERROR_RETURN;  
     }  
1093    name[i] = 0;    name[i] = 0;
1094    }    }
1095    
# Line 619  top = _pcre_utt_size; Line 1110  top = _pcre_utt_size;
1110    
1111  while (bot < top)  while (bot < top)
1112    {    {
1113    i = (bot + top)/2;    i = (bot + top) >> 1;
1114    c = strcmp(name, _pcre_utt[i].name);    c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
1115    if (c == 0) return _pcre_utt[i].value;    if (c == 0)
1116        {
1117        *dptr = _pcre_utt[i].value;
1118        return _pcre_utt[i].type;
1119        }
1120    if (c > 0) bot = i + 1; else top = i;    if (c > 0) bot = i + 1; else top = i;
1121    }    }
1122    
 UNKNOWN_RETURN:  
1123  *errorcodeptr = ERR47;  *errorcodeptr = ERR47;
1124  *ptrptr = ptr;  *ptrptr = ptr;
1125  return -1;  return -1;
# Line 641  return -1; Line 1135  return -1;
1135    
1136    
1137  /*************************************************  /*************************************************
 *            Check for counted repeat            *  
 *************************************************/  
   
 /* This function is called when a '{' is encountered in a place where it might  
 start a quantifier. It looks ahead to see if it really is a quantifier or not.  
 It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}  
 where the ddds are digits.  
   
 Arguments:  
   p         pointer to the first char after '{'  
   
 Returns:    TRUE or FALSE  
 */  
   
 static BOOL  
 is_counted_repeat(const uschar *p)  
 {  
 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;  
 while ((digitab[*p] & ctype_digit) != 0) p++;  
 if (*p == '}') return TRUE;  
   
 if (*p++ != ',') return FALSE;  
 if (*p == '}') return TRUE;  
   
 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;  
 while ((digitab[*p] & ctype_digit) != 0) p++;  
   
 return (*p == '}');  
 }  
   
   
   
 /*************************************************  
1138  *         Read repeat counts                     *  *         Read repeat counts                     *
1139  *************************************************/  *************************************************/
1140    
# Line 701  int max = -1; Line 1162  int max = -1;
1162  /* Read the minimum value and do a paranoid check: a negative value indicates  /* Read the minimum value and do a paranoid check: a negative value indicates
1163  an integer overflow. */  an integer overflow. */
1164    
1165  while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';  while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
1166  if (min < 0 || min > 65535)  if (min < 0 || min > 65535)
1167    {    {
1168    *errorcodeptr = ERR5;    *errorcodeptr = ERR5;
# Line 711  if (min < 0 || min > 65535) Line 1172  if (min < 0 || min > 65535)
1172  /* Read the maximum value if there is one, and again do a paranoid on its size.  /* Read the maximum value if there is one, and again do a paranoid on its size.
1173  Also, max must not be less than min. */  Also, max must not be less than min. */
1174    
1175  if (*p == '}') max = min; else  if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
1176    {    {
1177    if (*(++p) != '}')    if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
1178      {      {
1179      max = 0;      max = 0;
1180      while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';      while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
1181      if (max < 0 || max > 65535)      if (max < 0 || max > 65535)
1182        {        {
1183        *errorcodeptr = ERR5;        *errorcodeptr = ERR5;
# Line 741  return p; Line 1202  return p;
1202    
1203    
1204  /*************************************************  /*************************************************
1205  *      Find first significant op code            *  *  Subroutine for finding forward reference      *
1206  *************************************************/  *************************************************/
1207    
1208  /* This is called by several functions that scan a compiled expression looking  /* This recursive function is called only from find_parens() below. The
1209  for a fixed first character, or an anchoring op code etc. It skips over things  top-level call starts at the beginning of the pattern. All other calls must
1210  that do not influence this. For some calls, a change of option is important.  start at a parenthesis. It scans along a pattern's text looking for capturing
1211  For some calls, it makes sense to skip negative forward and all backward  subpatterns, and counting them. If it finds a named pattern that matches the
1212  assertions, and also the \b assertion; for others it does not.  name it is given, it returns its number. Alternatively, if the name is NULL, it
1213    returns when it reaches a given numbered subpattern. Recursion is used to keep
1214    track of subpatterns that reset the capturing group numbers - the (?| feature.
1215    
1216    This function was originally called only from the second pass, in which we know
1217    that if (?< or (?' or (?P< is encountered, the name will be correctly
1218    terminated because that is checked in the first pass. There is now one call to
1219    this function in the first pass, to check for a recursive back reference by
1220    name (so that we can make the whole group atomic). In this case, we need check
1221    only up to the current position in the pattern, and that is still OK because
1222    and previous occurrences will have been checked. To make this work, the test
1223    for "end of pattern" is a check against cd->end_pattern in the main loop,
1224    instead of looking for a binary zero. This means that the special first-pass
1225    call can adjust cd->end_pattern temporarily. (Checks for binary zero while
1226    processing items within the loop are OK, because afterwards the main loop will
1227    terminate.)
1228    
1229  Arguments:  Arguments:
1230    code         pointer to the start of the group    ptrptr       address of the current character pointer (updated)
1231    options      pointer to external options    cd           compile background data
1232    optbit       the option bit whose changing is significant, or    name         name to seek, or NULL if seeking a numbered subpattern
1233                   zero if none are    lorn         name length, or subpattern number if name is NULL
1234    skipassert   TRUE if certain assertions are to be skipped    xmode        TRUE if we are in /x mode
1235      utf8         TRUE if we are in UTF-8 mode
1236      count        pointer to the current capturing subpattern number (updated)
1237    
1238  Returns:       pointer to the first significant opcode  Returns:       the number of the named subpattern, or -1 if not found
1239  */  */
1240    
1241  static const uschar*  static int
1242  first_significant_code(const uschar *code, int *options, int optbit,  find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
1243    BOOL skipassert)    BOOL xmode, BOOL utf8, int *count)
1244  {  {
1245  for (;;)  uschar *ptr = *ptrptr;
1246    int start_count = *count;
1247    int hwm_count = start_count;
1248    BOOL dup_parens = FALSE;
1249    
1250    /* If the first character is a parenthesis, check on the type of group we are
1251    dealing with. The very first call may not start with a parenthesis. */
1252    
1253    if (ptr[0] == CHAR_LEFT_PARENTHESIS)
1254    {    {
1255    switch ((int)*code)    /* Handle specials such as (*SKIP) or (*UTF8) etc. */
1256    
1257      if (ptr[1] == CHAR_ASTERISK) ptr += 2;
1258    
1259      /* Handle a normal, unnamed capturing parenthesis. */
1260    
1261      else if (ptr[1] != CHAR_QUESTION_MARK)
1262      {      {
1263      case OP_OPT:      *count += 1;
1264      if (optbit > 0 && ((int)code[1] & optbit) != (*options & optbit))      if (name == NULL && *count == lorn) return *count;
1265        *options = (int)code[1];      ptr++;
1266      code += 2;      }
     break;  
1267    
1268      case OP_ASSERT_NOT:    /* All cases now have (? at the start. Remember when we are in a group
1269      case OP_ASSERTBACK:    where the parenthesis numbers are duplicated. */
     case OP_ASSERTBACK_NOT:  
     if (!skipassert) return code;  
     do code += GET(code, 1); while (*code == OP_ALT);  
     code += _pcre_OP_lengths[*code];  
     break;  
1270    
1271      case OP_WORD_BOUNDARY:    else if (ptr[2] == CHAR_VERTICAL_LINE)
1272      case OP_NOT_WORD_BOUNDARY:      {
1273      if (!skipassert) return code;      ptr += 3;
1274      /* Fall through */      dup_parens = TRUE;
1275        }
1276    
1277      case OP_CALLOUT:    /* Handle comments; all characters are allowed until a ket is reached. */
     case OP_CREF:  
     case OP_BRANUMBER:  
     code += _pcre_OP_lengths[*code];  
     break;  
1278    
1279      default:    else if (ptr[2] == CHAR_NUMBER_SIGN)
1280      return code;      {
1281        for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
1282        goto FAIL_EXIT;
1283      }      }
   }  
 /* Control never reaches here */  
 }  
1284    
1285      /* Handle a condition. If it is an assertion, just carry on so that it
1286      is processed as normal. If not, skip to the closing parenthesis of the
1287      condition (there can't be any nested parens). */
1288    
1289      else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
1290        {
1291        ptr += 2;
1292        if (ptr[1] != CHAR_QUESTION_MARK)
1293          {
1294          while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
1295          if (*ptr != 0) ptr++;
1296          }
1297        }
1298    
1299      /* Start with (? but not a condition. */
1300    
1301  /*************************************************    else
1302  *        Find the fixed length of a pattern      *      {
1303  *************************************************/      ptr += 2;
1304        if (*ptr == CHAR_P) ptr++;                      /* Allow optional P */
1305    
1306  /* Scan a pattern and compute the fixed length of subject that will match it,      /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
1307  if the length is fixed. This is needed for dealing with backward assertions.  
1308  In UTF8 mode, the result is in characters rather than bytes.      if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
1309            ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
1310          {
1311          int term;
1312          const uschar *thisname;
1313          *count += 1;
1314          if (name == NULL && *count == lorn) return *count;
1315          term = *ptr++;
1316          if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
1317          thisname = ptr;
1318          while (*ptr != term) ptr++;
1319          if (name != NULL && lorn == ptr - thisname &&
1320              strncmp((const char *)name, (const char *)thisname, lorn) == 0)
1321            return *count;
1322          term++;
1323          }
1324        }
1325      }
1326    
1327    /* Past any initial parenthesis handling, scan for parentheses or vertical
1328    bars. Stop if we get to cd->end_pattern. Note that this is important for the
1329    first-pass call when this value is temporarily adjusted to stop at the current
1330    position. So DO NOT change this to a test for binary zero. */
1331    
1332    for (; ptr < cd->end_pattern; ptr++)
1333      {
1334      /* Skip over backslashed characters and also entire \Q...\E */
1335    
1336      if (*ptr == CHAR_BACKSLASH)
1337        {
1338        if (*(++ptr) == 0) goto FAIL_EXIT;
1339        if (*ptr == CHAR_Q) for (;;)
1340          {
1341          while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1342          if (*ptr == 0) goto FAIL_EXIT;
1343          if (*(++ptr) == CHAR_E) break;
1344          }
1345        continue;
1346        }
1347    
1348      /* Skip over character classes; this logic must be similar to the way they
1349      are handled for real. If the first character is '^', skip it. Also, if the
1350      first few characters (either before or after ^) are \Q\E or \E we skip them
1351      too. This makes for compatibility with Perl. Note the use of STR macros to
1352      encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
1353    
1354      if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
1355        {
1356        BOOL negate_class = FALSE;
1357        for (;;)
1358          {
1359          if (ptr[1] == CHAR_BACKSLASH)
1360            {
1361            if (ptr[2] == CHAR_E)
1362              ptr+= 2;
1363            else if (strncmp((const char *)ptr+2,
1364                     STR_Q STR_BACKSLASH STR_E, 3) == 0)
1365              ptr += 4;
1366            else
1367              break;
1368            }
1369          else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1370            {
1371            negate_class = TRUE;
1372            ptr++;
1373            }
1374          else break;
1375          }
1376    
1377        /* If the next character is ']', it is a data character that must be
1378        skipped, except in JavaScript compatibility mode. */
1379    
1380        if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
1381            (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
1382          ptr++;
1383    
1384        while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
1385          {
1386          if (*ptr == 0) return -1;
1387          if (*ptr == CHAR_BACKSLASH)
1388            {
1389            if (*(++ptr) == 0) goto FAIL_EXIT;
1390            if (*ptr == CHAR_Q) for (;;)
1391              {
1392              while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1393              if (*ptr == 0) goto FAIL_EXIT;
1394              if (*(++ptr) == CHAR_E) break;
1395              }
1396            continue;
1397            }
1398          }
1399        continue;
1400        }
1401    
1402      /* Skip comments in /x mode */
1403    
1404      if (xmode && *ptr == CHAR_NUMBER_SIGN)
1405        {
1406        ptr++;
1407        while (*ptr != 0)
1408          {
1409          if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
1410          ptr++;
1411    #ifdef SUPPORT_UTF8
1412          if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
1413    #endif
1414          }
1415        if (*ptr == 0) goto FAIL_EXIT;
1416        continue;
1417        }
1418    
1419      /* Check for the special metacharacters */
1420    
1421      if (*ptr == CHAR_LEFT_PARENTHESIS)
1422        {
1423        int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
1424        if (rc > 0) return rc;
1425        if (*ptr == 0) goto FAIL_EXIT;
1426        }
1427    
1428      else if (*ptr == CHAR_RIGHT_PARENTHESIS)
1429        {
1430        if (dup_parens && *count < hwm_count) *count = hwm_count;
1431        goto FAIL_EXIT;
1432        }
1433    
1434      else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
1435        {
1436        if (*count > hwm_count) hwm_count = *count;
1437        *count = start_count;
1438        }
1439      }
1440    
1441    FAIL_EXIT:
1442    *ptrptr = ptr;
1443    return -1;
1444    }
1445    
1446    
1447    
1448    
1449    /*************************************************
1450    *       Find forward referenced subpattern       *
1451    *************************************************/
1452    
1453    /* This function scans along a pattern's text looking for capturing
1454    subpatterns, and counting them. If it finds a named pattern that matches the
1455    name it is given, it returns its number. Alternatively, if the name is NULL, it
1456    returns when it reaches a given numbered subpattern. This is used for forward
1457    references to subpatterns. We used to be able to start this scan from the
1458    current compiling point, using the current count value from cd->bracount, and
1459    do it all in a single loop, but the addition of the possibility of duplicate
1460    subpattern numbers means that we have to scan from the very start, in order to
1461    take account of such duplicates, and to use a recursive function to keep track
1462    of the different types of group.
1463    
1464  Arguments:  Arguments:
1465    code     points to the start of the pattern (the bracket)    cd           compile background data
1466    options  the compiling options    name         name to seek, or NULL if seeking a numbered subpattern
1467      lorn         name length, or subpattern number if name is NULL
1468      xmode        TRUE if we are in /x mode
1469      utf8         TRUE if we are in UTF-8 mode
1470    
1471    Returns:       the number of the found subpattern, or -1 if not found
1472    */
1473    
1474    static int
1475    find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
1476      BOOL utf8)
1477    {
1478    uschar *ptr = (uschar *)cd->start_pattern;
1479    int count = 0;
1480    int rc;
1481    
1482    /* If the pattern does not start with an opening parenthesis, the first call
1483    to find_parens_sub() will scan right to the end (if necessary). However, if it
1484    does start with a parenthesis, find_parens_sub() will return when it hits the
1485    matching closing parens. That is why we have to have a loop. */
1486    
1487    for (;;)
1488      {
1489      rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
1490      if (rc > 0 || *ptr++ == 0) break;
1491      }
1492    
1493    return rc;
1494    }
1495    
1496    
1497    
1498    
1499    /*************************************************
1500    *      Find first significant op code            *
1501    *************************************************/
1502    
1503    /* This is called by several functions that scan a compiled expression looking
1504    for a fixed first character, or an anchoring op code etc. It skips over things
1505    that do not influence this. For some calls, it makes sense to skip negative
1506    forward and all backward assertions, and also the \b assertion; for others it
1507    does not.
1508    
1509    Arguments:
1510      code         pointer to the start of the group
1511      skipassert   TRUE if certain assertions are to be skipped
1512    
1513    Returns:       pointer to the first significant opcode
1514    */
1515    
1516    static const uschar*
1517    first_significant_code(const uschar *code, BOOL skipassert)
1518    {
1519    for (;;)
1520      {
1521      switch ((int)*code)
1522        {
1523        case OP_ASSERT_NOT:
1524        case OP_ASSERTBACK:
1525        case OP_ASSERTBACK_NOT:
1526        if (!skipassert) return code;
1527        do code += GET(code, 1); while (*code == OP_ALT);
1528        code += _pcre_OP_lengths[*code];
1529        break;
1530    
1531        case OP_WORD_BOUNDARY:
1532        case OP_NOT_WORD_BOUNDARY:
1533        if (!skipassert) return code;
1534        /* Fall through */
1535    
1536        case OP_CALLOUT:
1537        case OP_CREF:
1538        case OP_NCREF:
1539        case OP_RREF:
1540        case OP_NRREF:
1541        case OP_DEF:
1542        code += _pcre_OP_lengths[*code];
1543        break;
1544    
1545        default:
1546        return code;
1547        }
1548      }
1549    /* Control never reaches here */
1550    }
1551    
1552    
1553    
1554  Returns:   the fixed length, or -1 if there is no fixed length,  
1555               or -2 if \C was encountered  /*************************************************
1556    *        Find the fixed length of a branch       *
1557    *************************************************/
1558    
1559    /* Scan a branch and compute the fixed length of subject that will match it,
1560    if the length is fixed. This is needed for dealing with backward assertions.
1561    In UTF8 mode, the result is in characters rather than bytes. The branch is
1562    temporarily terminated with OP_END when this function is called.
1563    
1564    This function is called when a backward assertion is encountered, so that if it
1565    fails, the error message can point to the correct place in the pattern.
1566    However, we cannot do this when the assertion contains subroutine calls,
1567    because they can be forward references. We solve this by remembering this case
1568    and doing the check at the end; a flag specifies which mode we are running in.
1569    
1570    Arguments:
1571      code     points to the start of the pattern (the bracket)
1572      utf8     TRUE in UTF-8 mode
1573      atend    TRUE if called when the pattern is complete
1574      cd       the "compile data" structure
1575    
1576    Returns:   the fixed length,
1577                 or -1 if there is no fixed length,
1578                 or -2 if \C was encountered (in UTF-8 mode only)
1579                 or -3 if an OP_RECURSE item was encountered and atend is FALSE
1580                 or -4 if an unknown opcode was encountered (internal error)
1581  */  */
1582    
1583  static int  static int
1584  find_fixedlength(uschar *code, int options)  find_fixedlength(uschar *code, BOOL utf8, BOOL atend, compile_data *cd)
1585  {  {
1586  int length = -1;  int length = -1;
1587    
# Line 833  branch, check the length against that of Line 1594  branch, check the length against that of
1594  for (;;)  for (;;)
1595    {    {
1596    int d;    int d;
1597      uschar *ce, *cs;
1598    register int op = *cc;    register int op = *cc;
   if (op >= OP_BRA) op = OP_BRA;  
   
1599    switch (op)    switch (op)
1600      {      {
1601        /* We only need to continue for OP_CBRA (normal capturing bracket) and
1602        OP_BRA (normal non-capturing bracket) because the other variants of these
1603        opcodes are all concerned with unlimited repeated groups, which of course
1604        are not of fixed length. */
1605    
1606        case OP_CBRA:
1607      case OP_BRA:      case OP_BRA:
1608      case OP_ONCE:      case OP_ONCE:
1609        case OP_ONCE_NC:
1610      case OP_COND:      case OP_COND:
1611      d = find_fixedlength(cc, options);      d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), utf8, atend, cd);
1612      if (d < 0) return d;      if (d < 0) return d;
1613      branchlength += d;      branchlength += d;
1614      do cc += GET(cc, 1); while (*cc == OP_ALT);      do cc += GET(cc, 1); while (*cc == OP_ALT);
1615      cc += 1 + LINK_SIZE;      cc += 1 + LINK_SIZE;
1616      break;      break;
1617    
1618      /* Reached end of a branch; if it's a ket it is the end of a nested      /* Reached end of a branch; if it's a ket it is the end of a nested call.
1619      call. If it's ALT it is an alternation in a nested call. If it is      If it's ALT it is an alternation in a nested call. An ACCEPT is effectively
1620      END it's the end of the outer call. All can be handled by the same code. */      an ALT. If it is END it's the end of the outer call. All can be handled by
1621        the same code. Note that we must not include the OP_KETRxxx opcodes here,
1622        because they all imply an unlimited repeat. */
1623    
1624      case OP_ALT:      case OP_ALT:
1625      case OP_KET:      case OP_KET:
     case OP_KETRMAX:  
     case OP_KETRMIN:  
1626      case OP_END:      case OP_END:
1627        case OP_ACCEPT:
1628        case OP_ASSERT_ACCEPT:
1629      if (length < 0) length = branchlength;      if (length < 0) length = branchlength;
1630        else if (length != branchlength) return -1;        else if (length != branchlength) return -1;
1631      if (*cc != OP_ALT) return length;      if (*cc != OP_ALT) return length;
# Line 864  for (;;) Line 1633  for (;;)
1633      branchlength = 0;      branchlength = 0;
1634      break;      break;
1635    
1636        /* A true recursion implies not fixed length, but a subroutine call may
1637        be OK. If the subroutine is a forward reference, we can't deal with
1638        it until the end of the pattern, so return -3. */
1639    
1640        case OP_RECURSE:
1641        if (!atend) return -3;
1642        cs = ce = (uschar *)cd->start_code + GET(cc, 1);  /* Start subpattern */
1643        do ce += GET(ce, 1); while (*ce == OP_ALT);       /* End subpattern */
1644        if (cc > cs && cc < ce) return -1;                /* Recursion */
1645        d = find_fixedlength(cs + 2, utf8, atend, cd);
1646        if (d < 0) return d;
1647        branchlength += d;
1648        cc += 1 + LINK_SIZE;
1649        break;
1650    
1651      /* Skip over assertive subpatterns */      /* Skip over assertive subpatterns */
1652    
1653      case OP_ASSERT:      case OP_ASSERT:
# Line 875  for (;;) Line 1659  for (;;)
1659    
1660      /* Skip over things that don't match chars */      /* Skip over things that don't match chars */
1661    
1662      case OP_REVERSE:      case OP_MARK:
1663      case OP_BRANUMBER:      case OP_PRUNE_ARG:
1664      case OP_CREF:      case OP_SKIP_ARG:
1665      case OP_OPT:      case OP_THEN_ARG:
1666        cc += cc[1] + _pcre_OP_lengths[*cc];
1667        break;
1668    
1669      case OP_CALLOUT:      case OP_CALLOUT:
     case OP_SOD:  
     case OP_SOM:  
     case OP_EOD:  
     case OP_EODN:  
1670      case OP_CIRC:      case OP_CIRC:
1671        case OP_CIRCM:
1672        case OP_CLOSE:
1673        case OP_COMMIT:
1674        case OP_CREF:
1675        case OP_DEF:
1676      case OP_DOLL:      case OP_DOLL:
1677        case OP_DOLLM:
1678        case OP_EOD:
1679        case OP_EODN:
1680        case OP_FAIL:
1681        case OP_NCREF:
1682        case OP_NRREF:
1683      case OP_NOT_WORD_BOUNDARY:      case OP_NOT_WORD_BOUNDARY:
1684        case OP_PRUNE:
1685        case OP_REVERSE:
1686        case OP_RREF:
1687        case OP_SET_SOM:
1688        case OP_SKIP:
1689        case OP_SOD:
1690        case OP_SOM:
1691        case OP_THEN:
1692      case OP_WORD_BOUNDARY:      case OP_WORD_BOUNDARY:
1693      cc += _pcre_OP_lengths[*cc];      cc += _pcre_OP_lengths[*cc];
1694      break;      break;
# Line 894  for (;;) Line 1696  for (;;)
1696      /* Handle literal characters */      /* Handle literal characters */
1697    
1698      case OP_CHAR:      case OP_CHAR:
1699      case OP_CHARNC:      case OP_CHARI:
1700        case OP_NOT:
1701        case OP_NOTI:
1702      branchlength++;      branchlength++;
1703      cc += 2;      cc += 2;
1704  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
1705      if ((options & PCRE_UTF8) != 0)      if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
       {  
       while ((*cc & 0xc0) == 0x80) cc++;  
       }  
1706  #endif  #endif
1707      break;      break;
1708    
# Line 909  for (;;) Line 1710  for (;;)
1710      need to skip over a multibyte character in UTF8 mode.  */      need to skip over a multibyte character in UTF8 mode.  */
1711    
1712      case OP_EXACT:      case OP_EXACT:
1713        case OP_EXACTI:
1714        case OP_NOTEXACT:
1715        case OP_NOTEXACTI:
1716      branchlength += GET2(cc,1);      branchlength += GET2(cc,1);
1717      cc += 4;      cc += 4;
1718  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
1719      if ((options & PCRE_UTF8) != 0)      if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
       {  
       while((*cc & 0x80) == 0x80) cc++;  
       }  
1720  #endif  #endif
1721      break;      break;
1722    
1723      case OP_TYPEEXACT:      case OP_TYPEEXACT:
1724      branchlength += GET2(cc,1);      branchlength += GET2(cc,1);
1725        if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
1726      cc += 4;      cc += 4;
1727      break;      break;
1728    
# Line 928  for (;;) Line 1730  for (;;)
1730    
1731      case OP_PROP:      case OP_PROP:
1732      case OP_NOTPROP:      case OP_NOTPROP:
1733      cc++;      cc += 2;
1734      /* Fall through */      /* Fall through */
1735    
1736        case OP_HSPACE:
1737        case OP_VSPACE:
1738        case OP_NOT_HSPACE:
1739        case OP_NOT_VSPACE:
1740      case OP_NOT_DIGIT:      case OP_NOT_DIGIT:
1741      case OP_DIGIT:      case OP_DIGIT:
1742      case OP_NOT_WHITESPACE:      case OP_NOT_WHITESPACE:
# Line 938  for (;;) Line 1744  for (;;)
1744      case OP_NOT_WORDCHAR:      case OP_NOT_WORDCHAR:
1745      case OP_WORDCHAR:      case OP_WORDCHAR:
1746      case OP_ANY:      case OP_ANY:
1747        case OP_ALLANY:
1748      branchlength++;      branchlength++;
1749      cc++;      cc++;
1750      break;      break;
1751    
1752      /* The single-byte matcher isn't allowed */      /* The single-byte matcher isn't allowed. This only happens in UTF-8 mode;
1753        otherwise \C is coded as OP_ALLANY. */
1754    
1755      case OP_ANYBYTE:      case OP_ANYBYTE:
1756      return -2;      return -2;
# Line 961  for (;;) Line 1769  for (;;)
1769    
1770      switch (*cc)      switch (*cc)
1771        {        {
1772          case OP_CRPLUS:
1773          case OP_CRMINPLUS:
1774        case OP_CRSTAR:        case OP_CRSTAR:
1775        case OP_CRMINSTAR:        case OP_CRMINSTAR:
1776        case OP_CRQUERY:        case OP_CRQUERY:
# Line 981  for (;;) Line 1791  for (;;)
1791    
1792      /* Anything else is variable length */      /* Anything else is variable length */
1793    
1794      default:      case OP_ANYNL:
1795        case OP_BRAMINZERO:
1796        case OP_BRAPOS:
1797        case OP_BRAPOSZERO:
1798        case OP_BRAZERO:
1799        case OP_CBRAPOS:
1800        case OP_EXTUNI:
1801        case OP_KETRMAX:
1802        case OP_KETRMIN:
1803        case OP_KETRPOS:
1804        case OP_MINPLUS:
1805        case OP_MINPLUSI:
1806        case OP_MINQUERY:
1807        case OP_MINQUERYI:
1808        case OP_MINSTAR:
1809        case OP_MINSTARI:
1810        case OP_MINUPTO:
1811        case OP_MINUPTOI:
1812        case OP_NOTMINPLUS:
1813        case OP_NOTMINPLUSI:
1814        case OP_NOTMINQUERY:
1815        case OP_NOTMINQUERYI:
1816        case OP_NOTMINSTAR:
1817        case OP_NOTMINSTARI:
1818        case OP_NOTMINUPTO:
1819        case OP_NOTMINUPTOI:
1820        case OP_NOTPLUS:
1821        case OP_NOTPLUSI:
1822        case OP_NOTPOSPLUS:
1823        case OP_NOTPOSPLUSI:
1824        case OP_NOTPOSQUERY:
1825        case OP_NOTPOSQUERYI:
1826        case OP_NOTPOSSTAR:
1827        case OP_NOTPOSSTARI:
1828        case OP_NOTPOSUPTO:
1829        case OP_NOTPOSUPTOI:
1830        case OP_NOTQUERY:
1831        case OP_NOTQUERYI:
1832        case OP_NOTSTAR:
1833        case OP_NOTSTARI:
1834        case OP_NOTUPTO:
1835        case OP_NOTUPTOI:
1836        case OP_PLUS:
1837        case OP_PLUSI:
1838        case OP_POSPLUS:
1839        case OP_POSPLUSI:
1840        case OP_POSQUERY:
1841        case OP_POSQUERYI:
1842        case OP_POSSTAR:
1843        case OP_POSSTARI:
1844        case OP_POSUPTO:
1845        case OP_POSUPTOI:
1846        case OP_QUERY:
1847        case OP_QUERYI:
1848        case OP_REF:
1849        case OP_REFI:
1850        case OP_SBRA:
1851        case OP_SBRAPOS:
1852        case OP_SCBRA:
1853        case OP_SCBRAPOS:
1854        case OP_SCOND:
1855        case OP_SKIPZERO:
1856        case OP_STAR:
1857        case OP_STARI:
1858        case OP_TYPEMINPLUS:
1859        case OP_TYPEMINQUERY:
1860        case OP_TYPEMINSTAR:
1861        case OP_TYPEMINUPTO:
1862        case OP_TYPEPLUS:
1863        case OP_TYPEPOSPLUS:
1864        case OP_TYPEPOSQUERY:
1865        case OP_TYPEPOSSTAR:
1866        case OP_TYPEPOSUPTO:
1867        case OP_TYPEQUERY:
1868        case OP_TYPESTAR:
1869        case OP_TYPEUPTO:
1870        case OP_UPTO:
1871        case OP_UPTOI:
1872      return -1;      return -1;
1873    
1874        /* Catch unrecognized opcodes so that when new ones are added they
1875        are not forgotten, as has happened in the past. */
1876    
1877        default:
1878        return -4;
1879      }      }
1880    }    }
1881  /* Control never gets here */  /* Control never gets here */
# Line 992  for (;;) Line 1885  for (;;)
1885    
1886    
1887  /*************************************************  /*************************************************
1888  *    Scan compiled regex for numbered bracket    *  *    Scan compiled regex for specific bracket    *
1889  *************************************************/  *************************************************/
1890    
1891  /* This little function scans through a compiled pattern until it finds a  /* This little function scans through a compiled pattern until it finds a
1892  capturing bracket with the given number.  capturing bracket with the given number, or, if the number is negative, an
1893    instance of OP_REVERSE for a lookbehind. The function is global in the C sense
1894    so that it can be called from pcre_study() when finding the minimum matching
1895    length.
1896    
1897  Arguments:  Arguments:
1898    code        points to start of expression    code        points to start of expression
1899    utf8        TRUE in UTF-8 mode    utf8        TRUE in UTF-8 mode
1900    number      the required bracket number    number      the required bracket number or negative to find a lookbehind
1901    
1902  Returns:      pointer to the opcode for the bracket, or NULL if not found  Returns:      pointer to the opcode for the bracket, or NULL if not found
1903  */  */
1904    
1905  static const uschar *  const uschar *
1906  find_bracket(const uschar *code, BOOL utf8, int number)  _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
1907  {  {
 #ifndef SUPPORT_UTF8  
 utf8 = utf8;               /* Stop pedantic compilers complaining */  
 #endif  
   
1908  for (;;)  for (;;)
1909    {    {
1910    register int c = *code;    register int c = *code;
1911    
1912    if (c == OP_END) return NULL;    if (c == OP_END) return NULL;
1913    else if (c > OP_BRA)  
1914      /* XCLASS is used for classes that cannot be represented just by a bit
1915      map. This includes negated single high-valued characters. The length in
1916      the table is zero; the actual length is stored in the compiled code. */
1917    
1918      if (c == OP_XCLASS) code += GET(code, 1);
1919    
1920      /* Handle recursion */
1921    
1922      else if (c == OP_REVERSE)
1923        {
1924        if (number < 0) return (uschar *)code;
1925        code += _pcre_OP_lengths[c];
1926        }
1927    
1928      /* Handle capturing bracket */
1929    
1930      else if (c == OP_CBRA || c == OP_SCBRA ||
1931               c == OP_CBRAPOS || c == OP_SCBRAPOS)
1932      {      {
1933      int n = c - OP_BRA;      int n = GET2(code, 1+LINK_SIZE);
     if (n > EXTRACT_BASIC_MAX) n = GET2(code, 2+LINK_SIZE);  
1934      if (n == number) return (uschar *)code;      if (n == number) return (uschar *)code;
1935      code += _pcre_OP_lengths[OP_BRA];      code += _pcre_OP_lengths[c];
1936      }      }
1937    
1938      /* Otherwise, we can get the item's length from the table, except that for
1939      repeated character types, we have to test for \p and \P, which have an extra
1940      two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1941      must add in its length. */
1942    
1943    else    else
1944      {      {
1945      code += _pcre_OP_lengths[c];      switch(c)
1946          {
1947          case OP_TYPESTAR:
1948          case OP_TYPEMINSTAR:
1949          case OP_TYPEPLUS:
1950          case OP_TYPEMINPLUS:
1951          case OP_TYPEQUERY:
1952          case OP_TYPEMINQUERY:
1953          case OP_TYPEPOSSTAR:
1954          case OP_TYPEPOSPLUS:
1955          case OP_TYPEPOSQUERY:
1956          if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1957          break;
1958    
1959  #ifdef SUPPORT_UTF8        case OP_TYPEUPTO:
1960          case OP_TYPEMINUPTO:
1961          case OP_TYPEEXACT:
1962          case OP_TYPEPOSUPTO:
1963          if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1964          break;
1965    
1966      /* In UTF-8 mode, opcodes that are followed by a character may be followed        case OP_MARK:
1967      by a multi-byte character. The length in the table is a minimum, so we have        case OP_PRUNE_ARG:
1968      to scan along to skip the extra bytes. All opcodes are less than 128, so we        case OP_SKIP_ARG:
1969      can use relatively efficient code. */        code += code[1];
1970          break;
1971    
1972          case OP_THEN_ARG:
1973          code += code[1];
1974          break;
1975          }
1976    
1977        /* Add in the fixed length from the table */
1978    
1979        code += _pcre_OP_lengths[c];
1980    
1981      /* In UTF-8 mode, opcodes that are followed by a character may be followed by
1982      a multi-byte character. The length in the table is a minimum, so we have to
1983      arrange to skip the extra bytes. */
1984    
1985    #ifdef SUPPORT_UTF8
1986      if (utf8) switch(c)      if (utf8) switch(c)
1987        {        {
1988        case OP_CHAR:        case OP_CHAR:
1989        case OP_CHARNC:        case OP_CHARI:
1990        case OP_EXACT:        case OP_EXACT:
1991          case OP_EXACTI:
1992        case OP_UPTO:        case OP_UPTO:
1993          case OP_UPTOI:
1994        case OP_MINUPTO:        case OP_MINUPTO:
1995          case OP_MINUPTOI:
1996          case OP_POSUPTO:
1997          case OP_POSUPTOI:
1998        case OP_STAR:        case OP_STAR:
1999          case OP_STARI:
2000        case OP_MINSTAR:        case OP_MINSTAR:
2001          case OP_MINSTARI:
2002          case OP_POSSTAR:
2003          case OP_POSSTARI:
2004        case OP_PLUS:        case OP_PLUS:
2005          case OP_PLUSI:
2006        case OP_MINPLUS:        case OP_MINPLUS:
2007          case OP_MINPLUSI:
2008          case OP_POSPLUS:
2009          case OP_POSPLUSI:
2010        case OP_QUERY:        case OP_QUERY:
2011          case OP_QUERYI:
2012        case OP_MINQUERY:        case OP_MINQUERY:
2013        while ((*code & 0xc0) == 0x80) code++;        case OP_MINQUERYI:
2014        break;        case OP_POSQUERY:
2015          case OP_POSQUERYI:
2016        /* XCLASS is used for classes that cannot be represented just by a bit        if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
       map. This includes negated single high-valued characters. The length in  
       the table is zero; the actual length is stored in the compiled code. */  
   
       case OP_XCLASS:  
       code += GET(code, 1) + 1;  
2017        break;        break;
2018        }        }
2019    #else
2020        (void)(utf8);  /* Keep compiler happy by referencing function argument */
2021  #endif  #endif
2022      }      }
2023    }    }
# Line 1083  Returns:      pointer to the opcode for Line 2042  Returns:      pointer to the opcode for
2042  static const uschar *  static const uschar *
2043  find_recurse(const uschar *code, BOOL utf8)  find_recurse(const uschar *code, BOOL utf8)
2044  {  {
 #ifndef SUPPORT_UTF8  
 utf8 = utf8;               /* Stop pedantic compilers complaining */  
 #endif  
   
2045  for (;;)  for (;;)
2046    {    {
2047    register int c = *code;    register int c = *code;
2048    if (c == OP_END) return NULL;    if (c == OP_END) return NULL;
2049    else if (c == OP_RECURSE) return code;    if (c == OP_RECURSE) return code;
2050    else if (c > OP_BRA)  
2051      {    /* XCLASS is used for classes that cannot be represented just by a bit
2052      code += _pcre_OP_lengths[OP_BRA];    map. This includes negated single high-valued characters. The length in
2053      }    the table is zero; the actual length is stored in the compiled code. */
2054    
2055      if (c == OP_XCLASS) code += GET(code, 1);
2056    
2057      /* Otherwise, we can get the item's length from the table, except that for
2058      repeated character types, we have to test for \p and \P, which have an extra
2059      two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
2060      must add in its length. */
2061    
2062    else    else
2063      {      {
2064      code += _pcre_OP_lengths[c];      switch(c)
2065          {
2066          case OP_TYPESTAR:
2067          case OP_TYPEMINSTAR:
2068          case OP_TYPEPLUS:
2069          case OP_TYPEMINPLUS:
2070          case OP_TYPEQUERY:
2071          case OP_TYPEMINQUERY:
2072          case OP_TYPEPOSSTAR:
2073          case OP_TYPEPOSPLUS:
2074          case OP_TYPEPOSQUERY:
2075          if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2076          break;
2077    
2078  #ifdef SUPPORT_UTF8        case OP_TYPEPOSUPTO:
2079          case OP_TYPEUPTO:
2080          case OP_TYPEMINUPTO:
2081          case OP_TYPEEXACT:
2082          if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2083          break;
2084    
2085          case OP_MARK:
2086          case OP_PRUNE_ARG:
2087          case OP_SKIP_ARG:
2088          code += code[1];
2089          break;
2090    
2091          case OP_THEN_ARG:
2092          code += code[1];
2093          break;
2094          }
2095    
2096        /* Add in the fixed length from the table */
2097    
2098        code += _pcre_OP_lengths[c];
2099    
2100      /* In UTF-8 mode, opcodes that are followed by a character may be followed      /* In UTF-8 mode, opcodes that are followed by a character may be followed
2101      by a multi-byte character. The length in the table is a minimum, so we have      by a multi-byte character. The length in the table is a minimum, so we have
2102      to scan along to skip the extra bytes. All opcodes are less than 128, so we      to arrange to skip the extra bytes. */
     can use relatively efficient code. */  
2103    
2104    #ifdef SUPPORT_UTF8
2105      if (utf8) switch(c)      if (utf8) switch(c)
2106        {        {
2107        case OP_CHAR:        case OP_CHAR:
2108        case OP_CHARNC:        case OP_CHARI:
2109        case OP_EXACT:        case OP_EXACT:
2110          case OP_EXACTI:
2111        case OP_UPTO:        case OP_UPTO:
2112          case OP_UPTOI:
2113        case OP_MINUPTO:        case OP_MINUPTO:
2114          case OP_MINUPTOI:
2115          case OP_POSUPTO:
2116          case OP_POSUPTOI:
2117        case OP_STAR:        case OP_STAR:
2118          case OP_STARI:
2119        case OP_MINSTAR:        case OP_MINSTAR:
2120          case OP_MINSTARI:
2121          case OP_POSSTAR:
2122          case OP_POSSTARI:
2123        case OP_PLUS:        case OP_PLUS:
2124          case OP_PLUSI:
2125        case OP_MINPLUS:        case OP_MINPLUS:
2126          case OP_MINPLUSI:
2127          case OP_POSPLUS:
2128          case OP_POSPLUSI:
2129        case OP_QUERY:        case OP_QUERY:
2130          case OP_QUERYI:
2131        case OP_MINQUERY:        case OP_MINQUERY:
2132        while ((*code & 0xc0) == 0x80) code++;        case OP_MINQUERYI:
2133        break;        case OP_POSQUERY:
2134          case OP_POSQUERYI:
2135        /* XCLASS is used for classes that cannot be represented just by a bit        if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
       map. This includes negated single high-valued characters. The length in  
       the table is zero; the actual length is stored in the compiled code. */  
   
       case OP_XCLASS:  
       code += GET(code, 1) + 1;  
2136        break;        break;
2137        }        }
2138    #else
2139        (void)(utf8);  /* Keep compiler happy by referencing function argument */
2140  #endif  #endif
2141      }      }
2142    }    }
# Line 1143  for (;;) Line 2149  for (;;)
2149  *************************************************/  *************************************************/
2150    
2151  /* This function scans through a branch of a compiled pattern to see whether it  /* This function scans through a branch of a compiled pattern to see whether it
2152  can match the empty string or not. It is called only from could_be_empty()  can match the empty string or not. It is called from could_be_empty()
2153  below. Note that first_significant_code() skips over assertions. If we hit an  below and from compile_branch() when checking for an unlimited repeat of a
2154  unclosed bracket, we return "empty" - this means we've struck an inner bracket  group that can match nothing. Note that first_significant_code() skips over
2155  whose current branch will already have been scanned.  backward and negative forward assertions when its final argument is TRUE. If we
2156    hit an unclosed bracket, we return "empty" - this means we've struck an inner
2157    bracket whose current branch will already have been scanned.
2158    
2159  Arguments:  Arguments:
2160    code        points to start of search    code        points to start of search
2161    endcode     points to where to stop    endcode     points to where to stop
2162    utf8        TRUE if in UTF8 mode    utf8        TRUE if in UTF8 mode
2163      cd          contains pointers to tables etc.
2164    
2165  Returns:      TRUE if what is matched could be empty  Returns:      TRUE if what is matched could be empty
2166  */  */
2167    
2168  static BOOL  static BOOL
2169  could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8)  could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
2170      compile_data *cd)
2171  {  {
2172  register int c;  register int c;
2173  for (code = first_significant_code(code + 1 + LINK_SIZE, NULL, 0, TRUE);  for (code = first_significant_code(code + _pcre_OP_lengths[*code], TRUE);
2174       code < endcode;       code < endcode;
2175       code = first_significant_code(code + _pcre_OP_lengths[c], NULL, 0, TRUE))       code = first_significant_code(code + _pcre_OP_lengths[c], TRUE))
2176    {    {
2177    const uschar *ccode;    const uschar *ccode;
2178    
2179    c = *code;    c = *code;
2180    
2181    if (c >= OP_BRA)    /* Skip over forward assertions; the other assertions are skipped by
2182      first_significant_code() with a TRUE final argument. */
2183    
2184      if (c == OP_ASSERT)
2185        {
2186        do code += GET(code, 1); while (*code == OP_ALT);
2187        c = *code;
2188        continue;
2189        }
2190    
2191      /* For a recursion/subroutine call, if its end has been reached, which
2192      implies a backward reference subroutine call, we can scan it. If it's a
2193      forward reference subroutine call, we can't. To detect forward reference
2194      we have to scan up the list that is kept in the workspace. This function is
2195      called only when doing the real compile, not during the pre-compile that
2196      measures the size of the compiled pattern. */
2197    
2198      if (c == OP_RECURSE)
2199      {      {
2200        const uschar *scode;
2201      BOOL empty_branch;      BOOL empty_branch;
     if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */  
2202    
2203      /* Scan a closed bracket */      /* Test for forward reference */
2204    
2205        for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
2206          if (GET(scode, 0) == code + 1 - cd->start_code) return TRUE;
2207    
2208        /* Not a forward reference, test for completed backward reference */
2209    
2210      empty_branch = FALSE;      empty_branch = FALSE;
2211        scode = cd->start_code + GET(code, 1);
2212        if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
2213    
2214        /* Completed backwards reference */
2215    
2216      do      do
2217        {        {
2218        if (!empty_branch && could_be_empty_branch(code, endcode, utf8))        if (could_be_empty_branch(scode, endcode, utf8, cd))
2219            {
2220          empty_branch = TRUE;          empty_branch = TRUE;
2221            break;
2222            }
2223          scode += GET(scode, 1);
2224          }
2225        while (*scode == OP_ALT);
2226    
2227        if (!empty_branch) return FALSE;  /* All branches are non-empty */
2228        continue;
2229        }
2230    
2231      /* Groups with zero repeats can of course be empty; skip them. */
2232    
2233      if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
2234          c == OP_BRAPOSZERO)
2235        {
2236        code += _pcre_OP_lengths[c];
2237        do code += GET(code, 1); while (*code == OP_ALT);
2238        c = *code;
2239        continue;
2240        }
2241    
2242      /* A nested group that is already marked as "could be empty" can just be
2243      skipped. */
2244    
2245      if (c == OP_SBRA  || c == OP_SBRAPOS ||
2246          c == OP_SCBRA || c == OP_SCBRAPOS)
2247        {
2248        do code += GET(code, 1); while (*code == OP_ALT);
2249        c = *code;
2250        continue;
2251        }
2252    
2253      /* For other groups, scan the branches. */
2254    
2255      if (c == OP_BRA  || c == OP_BRAPOS ||
2256          c == OP_CBRA || c == OP_CBRAPOS ||
2257          c == OP_ONCE || c == OP_ONCE_NC ||
2258          c == OP_COND)
2259        {
2260        BOOL empty_branch;
2261        if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */
2262    
2263        /* If a conditional group has only one branch, there is a second, implied,
2264        empty branch, so just skip over the conditional, because it could be empty.
2265        Otherwise, scan the individual branches of the group. */
2266    
2267        if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
2268        code += GET(code, 1);        code += GET(code, 1);
2269        else
2270          {
2271          empty_branch = FALSE;
2272          do
2273            {
2274            if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
2275              empty_branch = TRUE;
2276            code += GET(code, 1);
2277            }
2278          while (*code == OP_ALT);
2279          if (!empty_branch) return FALSE;   /* All branches are non-empty */
2280        }        }
2281      while (*code == OP_ALT);  
     if (!empty_branch) return FALSE;   /* All branches are non-empty */  
     code += 1 + LINK_SIZE;  
2282      c = *code;      c = *code;
2283        continue;
2284      }      }
2285    
2286    else switch (c)    /* Handle the other opcodes */
2287    
2288      switch (c)
2289      {      {
2290      /* Check for quantifiers after a class */      /* Check for quantifiers after a class. XCLASS is used for classes that
2291        cannot be represented just by a bit map. This includes negated single
2292        high-valued characters. The length in _pcre_OP_lengths[] is zero; the
2293        actual length is stored in the compiled code, so we must update "code"
2294        here. */
2295    
2296  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
2297      case OP_XCLASS:      case OP_XCLASS:
2298      ccode = code + GET(code, 1);      ccode = code += GET(code, 1);
2299      goto CHECK_CLASS_REPEAT;      goto CHECK_CLASS_REPEAT;
2300  #endif  #endif
2301    
# Line 1238  for (code = first_significant_code(code Line 2339  for (code = first_significant_code(code
2339      case OP_NOT_WORDCHAR:      case OP_NOT_WORDCHAR:
2340      case OP_WORDCHAR:      case OP_WORDCHAR:
2341      case OP_ANY:      case OP_ANY:
2342        case OP_ALLANY:
2343      case OP_ANYBYTE:      case OP_ANYBYTE:
2344      case OP_CHAR:      case OP_CHAR:
2345      case OP_CHARNC:      case OP_CHARI:
2346      case OP_NOT:      case OP_NOT:
2347        case OP_NOTI:
2348      case OP_PLUS:      case OP_PLUS:
2349      case OP_MINPLUS:      case OP_MINPLUS:
2350        case OP_POSPLUS:
2351      case OP_EXACT:      case OP_EXACT:
2352      case OP_NOTPLUS:      case OP_NOTPLUS:
2353      case OP_NOTMINPLUS:      case OP_NOTMINPLUS:
2354        case OP_NOTPOSPLUS:
2355      case OP_NOTEXACT:      case OP_NOTEXACT:
2356      case OP_TYPEPLUS:      case OP_TYPEPLUS:
2357      case OP_TYPEMINPLUS:      case OP_TYPEMINPLUS:
2358        case OP_TYPEPOSPLUS:
2359      case OP_TYPEEXACT:      case OP_TYPEEXACT:
2360      return FALSE;      return FALSE;
2361    
2362        /* These are going to continue, as they may be empty, but we have to
2363        fudge the length for the \p and \P cases. */
2364    
2365        case OP_TYPESTAR:
2366        case OP_TYPEMINSTAR:
2367        case OP_TYPEPOSSTAR:
2368        case OP_TYPEQUERY:
2369        case OP_TYPEMINQUERY:
2370        case OP_TYPEPOSQUERY:
2371        if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2372        break;
2373    
2374        /* Same for these */
2375    
2376        case OP_TYPEUPTO:
2377        case OP_TYPEMINUPTO:
2378        case OP_TYPEPOSUPTO:
2379        if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2380        break;
2381    
2382      /* End of branch */      /* End of branch */
2383    
2384      case OP_KET:      case OP_KET:
2385      case OP_KETRMAX:      case OP_KETRMAX:
2386      case OP_KETRMIN:      case OP_KETRMIN:
2387        case OP_KETRPOS:
2388      case OP_ALT:      case OP_ALT:
2389      return TRUE;      return TRUE;
2390    
2391      /* In UTF-8 mode, STAR, MINSTAR, QUERY, MINQUERY, UPTO, and MINUPTO  may be      /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
2392      followed by a multibyte character */      MINUPTO, and POSUPTO may be followed by a multibyte character */
2393    
2394  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
2395      case OP_STAR:      case OP_STAR:
2396        case OP_STARI:
2397      case OP_MINSTAR:      case OP_MINSTAR:
2398        case OP_MINSTARI:
2399        case OP_POSSTAR:
2400        case OP_POSSTARI:
2401      case OP_QUERY:      case OP_QUERY:
2402        case OP_QUERYI:
2403      case OP_MINQUERY:      case OP_MINQUERY:
2404        case OP_MINQUERYI:
2405        case OP_POSQUERY:
2406        case OP_POSQUERYI:
2407        if (utf8 && code[1] >= 0xc0) code += _pcre_utf8_table4[code[1] & 0x3f];
2408        break;
2409    
2410      case OP_UPTO:      case OP_UPTO:
2411        case OP_UPTOI:
2412      case OP_MINUPTO:      case OP_MINUPTO:
2413      if (utf8) while ((code[2] & 0xc0) == 0x80) code++;      case OP_MINUPTOI:
2414        case OP_POSUPTO:
2415        case OP_POSUPTOI:
2416        if (utf8 && code[3] >= 0xc0) code += _pcre_utf8_table4[code[3] & 0x3f];
2417      break;      break;
2418  #endif  #endif
2419    
2420        /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
2421        string. */
2422    
2423        case OP_MARK:
2424        case OP_PRUNE_ARG:
2425        case OP_SKIP_ARG:
2426        code += code[1];
2427        break;
2428    
2429        case OP_THEN_ARG:
2430        code += code[1];
2431        break;
2432    
2433        /* None of the remaining opcodes are required to match a character. */
2434    
2435        default:
2436        break;
2437      }      }
2438    }    }
2439    
# Line 1290  return TRUE; Line 2450  return TRUE;
2450  the current branch of the current pattern to see if it could match the empty  the current branch of the current pattern to see if it could match the empty
2451  string. If it could, we must look outwards for branches at other levels,  string. If it could, we must look outwards for branches at other levels,
2452  stopping when we pass beyond the bracket which is the subject of the recursion.  stopping when we pass beyond the bracket which is the subject of the recursion.
2453    This function is called only during the real compile, not during the
2454    pre-compile.
2455    
2456  Arguments:  Arguments:
2457    code        points to start of the recursion    code        points to start of the recursion
2458    endcode     points to where to stop (current RECURSE item)    endcode     points to where to stop (current RECURSE item)
2459    bcptr       points to the chain of current (unclosed) branch starts    bcptr       points to the chain of current (unclosed) branch starts
2460    utf8        TRUE if in UTF-8 mode    utf8        TRUE if in UTF-8 mode
2461      cd          pointers to tables etc
2462    
2463  Returns:      TRUE if what is matched could be empty  Returns:      TRUE if what is matched could be empty
2464  */  */
2465    
2466  static BOOL  static BOOL
2467  could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,  could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,
2468    BOOL utf8)    BOOL utf8, compile_data *cd)
2469  {  {
2470  while (bcptr != NULL && bcptr->current >= code)  while (bcptr != NULL && bcptr->current_branch >= code)
2471    {    {
2472    if (!could_be_empty_branch(bcptr->current, endcode, utf8)) return FALSE;    if (!could_be_empty_branch(bcptr->current_branch, endcode, utf8, cd))
2473        return FALSE;
2474    bcptr = bcptr->outer;    bcptr = bcptr->outer;
2475    }    }
2476  return TRUE;  return TRUE;
# Line 1319  return TRUE; Line 2483  return TRUE;
2483  *************************************************/  *************************************************/
2484    
2485  /* This function is called when the sequence "[:" or "[." or "[=" is  /* This function is called when the sequence "[:" or "[." or "[=" is
2486  encountered in a character class. It checks whether this is followed by an  encountered in a character class. It checks whether this is followed by a
2487  optional ^ and then a sequence of letters, terminated by a matching ":]" or  sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
2488  ".]" or "=]".  reach an unescaped ']' without the special preceding character, return FALSE.
2489    
2490    Originally, this function only recognized a sequence of letters between the
2491    terminators, but it seems that Perl recognizes any sequence of characters,
2492    though of course unknown POSIX names are subsequently rejected. Perl gives an
2493    "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
2494    didn't consider this to be a POSIX class. Likewise for [:1234:].
2495    
2496    The problem in trying to be exactly like Perl is in the handling of escapes. We
2497    have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
2498    class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
2499    below handles the special case of \], but does not try to do any other escape
2500    processing. This makes it different from Perl for cases such as [:l\ower:]
2501    where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
2502    "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
2503    I think.
2504    
2505    A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
2506    It seems that the appearance of a nested POSIX class supersedes an apparent
2507    external class. For example, [:a[:digit:]b:] matches "a", "b", ":", or
2508    a digit.
2509    
2510    In Perl, unescaped square brackets may also appear as part of class names. For
2511    example, [:a[:abc]b:] gives unknown POSIX class "[:abc]b:]". However, for
2512    [:a[:abc]b][b:] it gives unknown POSIX class "[:abc]b][b:]", which does not
2513    seem right at all. PCRE does not allow closing square brackets in POSIX class
2514    names.
2515    
2516  Argument:  Arguments:
2517    ptr      pointer to the initial [    ptr      pointer to the initial [
2518    endptr   where to return the end pointer    endptr   where to return the end pointer
   cd       pointer to compile data  
2519    
2520  Returns:   TRUE or FALSE  Returns:   TRUE or FALSE
2521  */  */
2522    
2523  static BOOL  static BOOL
2524  check_posix_syntax(const uschar *ptr, const uschar **endptr, compile_data *cd)  check_posix_syntax(const uschar *ptr, const uschar **endptr)
2525  {  {
2526  int terminator;          /* Don't combine these lines; the Solaris cc */  int terminator;          /* Don't combine these lines; the Solaris cc */
2527  terminator = *(++ptr);   /* compiler warns about "non-constant" initializer. */  terminator = *(++ptr);   /* compiler warns about "non-constant" initializer. */
2528  if (*(++ptr) == '^') ptr++;  for (++ptr; *ptr != 0; ptr++)
 while ((cd->ctypes[*ptr] & ctype_letter) != 0) ptr++;  
 if (*ptr == terminator && ptr[1] == ']')  
2529    {    {
2530    *endptr = ptr;    if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2531    return TRUE;      ptr++;
2532      else if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
2533      else
2534        {
2535        if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2536          {
2537          *endptr = ptr;
2538          return TRUE;
2539          }
2540        if (*ptr == CHAR_LEFT_SQUARE_BRACKET &&
2541             (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
2542              ptr[1] == CHAR_EQUALS_SIGN) &&
2543            check_posix_syntax(ptr, endptr))
2544          return FALSE;
2545        }
2546    }    }
2547  return FALSE;  return FALSE;
2548  }  }
# Line 1366  Returns:     a value representing the na Line 2567  Returns:     a value representing the na
2567  static int  static int
2568  check_posix_name(const uschar *ptr, int len)  check_posix_name(const uschar *ptr, int len)
2569  {  {
2570    const char *pn = posix_names;
2571  register int yield = 0;  register int yield = 0;
2572  while (posix_name_lengths[yield] != 0)  while (posix_name_lengths[yield] != 0)
2573    {    {
2574    if (len == posix_name_lengths[yield] &&    if (len == posix_name_lengths[yield] &&
2575      strncmp((const char *)ptr, posix_names[yield], len) == 0) return yield;      strncmp((const char *)ptr, pn, len) == 0) return yield;
2576      pn += posix_name_lengths[yield] + 1;
2577    yield++;    yield++;
2578    }    }
2579  return -1;  return -1;
# Line 1385  return -1; Line 2588  return -1;
2588  that is referenced. This means that groups can be replicated for fixed  that is referenced. This means that groups can be replicated for fixed
2589  repetition simply by copying (because the recursion is allowed to refer to  repetition simply by copying (because the recursion is allowed to refer to
2590  earlier groups that are outside the current group). However, when a group is  earlier groups that are outside the current group). However, when a group is
2591  optional (i.e. the minimum quantifier is zero), OP_BRAZERO is inserted before  optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
2592  it, after it has been compiled. This means that any OP_RECURSE items within it  inserted before it, after it has been compiled. This means that any OP_RECURSE
2593  that refer to the group itself or any contained groups have to have their  items within it that refer to the group itself or any contained groups have to
2594  offsets adjusted. That is the job of this function. Before it is called, the  have their offsets adjusted. That one of the jobs of this function. Before it
2595  partially compiled regex must be temporarily terminated with OP_END.  is called, the partially compiled regex must be temporarily terminated with
2596    OP_END.
2597    
2598    This function has been extended with the possibility of forward references for
2599    recursions and subroutine calls. It must also check the list of such references
2600    for the group we are dealing with. If it finds that one of the recursions in
2601    the current group is on this list, it adjusts the offset in the list, not the
2602    value in the reference (which is a group number).
2603    
2604  Arguments:  Arguments:
2605    group      points to the start of the group    group      points to the start of the group
2606    adjust     the amount by which the group is to be moved    adjust     the amount by which the group is to be moved
2607    utf8       TRUE in UTF-8 mode    utf8       TRUE in UTF-8 mode
2608    cd         contains pointers to tables etc.    cd         contains pointers to tables etc.
2609      save_hwm   the hwm forward reference pointer at the start of the group
2610    
2611  Returns:     nothing  Returns:     nothing
2612  */  */
2613    
2614  static void  static void
2615  adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd)  adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd,
2616      uschar *save_hwm)
2617  {  {
2618  uschar *ptr = group;  uschar *ptr = group;
2619    
2620  while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)  while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
2621    {    {
2622    int offset = GET(ptr, 1);    int offset;
2623    if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);    uschar *hc;
2624    
2625      /* See if this recursion is on the forward reference list. If so, adjust the
2626      reference. */
2627    
2628      for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
2629        {
2630        offset = GET(hc, 0);
2631        if (cd->start_code + offset == ptr + 1)
2632          {
2633          PUT(hc, 0, offset + adjust);
2634          break;
2635          }
2636        }
2637    
2638      /* Otherwise, adjust the recursion offset if it's after the start of this
2639      group. */
2640    
2641      if (hc >= cd->hwm)
2642        {
2643        offset = GET(ptr, 1);
2644        if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
2645        }
2646    
2647    ptr += 1 + LINK_SIZE;    ptr += 1 + LINK_SIZE;
2648    }    }
2649  }  }
# Line 1434  auto_callout(uschar *code, const uschar Line 2670  auto_callout(uschar *code, const uschar
2670  {  {
2671  *code++ = OP_CALLOUT;  *code++ = OP_CALLOUT;
2672  *code++ = 255;  *code++ = 255;
2673  PUT(code, 0, ptr - cd->start_pattern);  /* Pattern offset */  PUT(code, 0, (int)(ptr - cd->start_pattern));  /* Pattern offset */
2674  PUT(code, LINK_SIZE, 0);                /* Default length */  PUT(code, LINK_SIZE, 0);                       /* Default length */
2675  return code + 2*LINK_SIZE;  return code + 2*LINK_SIZE;
2676  }  }
2677    
# Line 1460  Returns:             nothing Line 2696  Returns:             nothing
2696  static void  static void
2697  complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)  complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)
2698  {  {
2699  int length = ptr - cd->start_pattern - GET(previous_callout, 2);  int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
2700  PUT(previous_callout, 2 + LINK_SIZE, length);  PUT(previous_callout, 2 + LINK_SIZE, length);
2701  }  }
2702    
# Line 1486  Yield:        TRUE when range returned; Line 2722  Yield:        TRUE when range returned;
2722  */  */
2723    
2724  static BOOL  static BOOL
2725  get_othercase_range(int *cptr, int d, int *ocptr, int *odptr)  get_othercase_range(unsigned int *cptr, unsigned int d, unsigned int *ocptr,
2726      unsigned int *odptr)
2727  {  {
2728  int c, chartype, othercase, next;  unsigned int c, othercase, next;
2729    
2730  for (c = *cptr; c <= d; c++)  for (c = *cptr; c <= d; c++)
2731    {    { if ((othercase = UCD_OTHERCASE(c)) != c) break; }
   if (_pcre_ucp_findchar(c, &chartype, &othercase) == ucp_L && othercase != 0)  
     break;  
   }  
2732    
2733  if (c > d) return FALSE;  if (c > d) return FALSE;
2734    
# Line 1503  next = othercase + 1; Line 2737  next = othercase + 1;
2737    
2738  for (++c; c <= d; c++)  for (++c; c <= d; c++)
2739    {    {
2740    if (_pcre_ucp_findchar(c, &chartype, &othercase) != ucp_L ||    if (UCD_OTHERCASE(c) != next) break;
         othercase != next)  
     break;  
2741    next++;    next++;
2742    }    }
2743    
# Line 1514  for (++c; c <= d; c++) Line 2746  for (++c; c <= d; c++)
2746    
2747  return TRUE;  return TRUE;
2748  }  }
2749  #endif  /* SUPPORT_UCP */  
2750    
2751    
2752  /*************************************************  /*************************************************
2753  *           Compile one branch                   *  *        Check a character and a property        *
2754  *************************************************/  *************************************************/
2755    
2756  /* Scan the pattern, compiling it into the code vector. If the options are  /* This function is called by check_auto_possessive() when a property item
2757  changed during the branch, the pointer is used to change the external options  is adjacent to a fixed character.
 bits.  
2758    
2759  Arguments:  Arguments:
2760    optionsptr     pointer to the option bits    c            the character
2761    brackets       points to number of extracting brackets used    ptype        the property type
2762    codeptr        points to the pointer to the current code point    pdata        the data for the type
2763    ptrptr         points to the current pattern pointer    negated      TRUE if it's a negated property (\P or \p{^)
   errorcodeptr   points to error code variable  
   firstbyteptr   set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)  
   reqbyteptr     set to the last literal character required, else < 0  
   bcptr          points to current branch chain  
   cd             contains pointers to tables etc.  
2764    
2765  Returns:         TRUE on success  Returns:       TRUE if auto-possessifying is OK
                  FALSE, with *errorcodeptr set non-zero on error  
2766  */  */
2767    
2768  static BOOL  static BOOL
2769  compile_branch(int *optionsptr, int *brackets, uschar **codeptr,  check_char_prop(int c, int ptype, int pdata, BOOL negated)
   const uschar **ptrptr, int *errorcodeptr, int *firstbyteptr,  
   int *reqbyteptr, branch_chain *bcptr, compile_data *cd)  
2770  {  {
2771  int repeat_type, op_type;  const ucd_record *prop = GET_UCD(c);
2772  int repeat_min = 0, repeat_max = 0;      /* To please picky compilers */  switch(ptype)
2773  int bravalue = 0;    {
2774  int greedy_default, greedy_non_default;    case PT_LAMP:
2775  int firstbyte, reqbyte;    return (prop->chartype == ucp_Lu ||
2776  int zeroreqbyte, zerofirstbyte;            prop->chartype == ucp_Ll ||
2777  int req_caseopt, reqvary, tempreqvary;            prop->chartype == ucp_Lt) == negated;
2778  int condcount = 0;  
2779  int options = *optionsptr;    case PT_GC:
2780  int after_manual_callout = 0;    return (pdata == _pcre_ucp_gentype[prop->chartype]) == negated;
2781  register int c;  
2782  register uschar *code = *codeptr;    case PT_PC:
2783  uschar *tempcode;    return (pdata == prop->chartype) == negated;
2784  BOOL inescq = FALSE;  
2785  BOOL groupsetfirstbyte = FALSE;    case PT_SC:
2786  const uschar *ptr = *ptrptr;    return (pdata == prop->script) == negated;
2787  const uschar *tempptr;  
2788  uschar *previous = NULL;    /* These are specials */
2789  uschar *previous_callout = NULL;  
2790  uschar classbits[32];    case PT_ALNUM:
2791      return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2792              _pcre_ucp_gentype[prop->chartype] == ucp_N) == negated;
2793    
2794      case PT_SPACE:    /* Perl space */
2795      return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2796              c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
2797              == negated;
2798    
2799      case PT_PXSPACE:  /* POSIX space */
2800      return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2801              c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
2802              c == CHAR_FF || c == CHAR_CR)
2803              == negated;
2804    
2805      case PT_WORD:
2806      return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2807              _pcre_ucp_gentype[prop->chartype] == ucp_N ||
2808              c == CHAR_UNDERSCORE) == negated;
2809      }
2810    return FALSE;
2811    }
2812    #endif  /* SUPPORT_UCP */
2813    
 #ifdef SUPPORT_UTF8  
 BOOL class_utf8;  
 BOOL utf8 = (options & PCRE_UTF8) != 0;  
 uschar *class_utf8data;  
 uschar utf8_char[6];  
 #else  
 BOOL utf8 = FALSE;  
 #endif  
2814    
 /* Set up the default and non-default settings for greediness */  
2815    
2816  greedy_default = ((options & PCRE_UNGREEDY) != 0);  /*************************************************
2817  greedy_non_default = greedy_default ^ 1;  *     Check if auto-possessifying is possible    *
2818    *************************************************/
2819    
2820  /* Initialize no first byte, no required byte. REQ_UNSET means "no char  /* This function is called for unlimited repeats of certain items, to see
2821  matching encountered yet". It gets changed to REQ_NONE if we hit something that  whether the next thing could possibly match the repeated item. If not, it makes
2822  matches a non-fixed char first char; reqbyte just remains unset if we never  sense to automatically possessify the repeated item.
 find one.  
2823    
2824  When we hit a repeat whose minimum is zero, we may have to adjust these values  Arguments:
2825  to take the zero repeat into account. This is implemented by setting them to    previous      pointer to the repeated opcode
2826  zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual    utf8          TRUE in UTF-8 mode
2827  item types that can be repeated set these backoff variables appropriately. */    ptr           next character in pattern
2828      options       options bits
2829      cd            contains pointers to tables etc.
2830    
2831  firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;  Returns:        TRUE if possessifying is wanted
2832    */
2833    
2834  /* The variable req_caseopt contains either the REQ_CASELESS value or zero,  static BOOL
2835  according to the current setting of the caseless flag. REQ_CASELESS is a bit  check_auto_possessive(const uschar *previous, BOOL utf8, const uschar *ptr,
2836  value > 255. It is added into the firstbyte or reqbyte variables to record the    int options, compile_data *cd)
2837  case status of the value. This is used only for ASCII characters. */  {
2838    int c, next;
2839    int op_code = *previous++;
2840    
2841  req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;  /* Skip whitespace and comments in extended mode */
2842    
2843  /* Switch on next character until the end of the branch */  if ((options & PCRE_EXTENDED) != 0)
2844      {
2845      for (;;)
2846        {
2847        while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2848        if (*ptr == CHAR_NUMBER_SIGN)
2849          {
2850          ptr++;
2851          while (*ptr != 0)
2852            {
2853            if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2854            ptr++;
2855    #ifdef SUPPORT_UTF8
2856            if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2857    #endif
2858            }
2859          }
2860        else break;
2861        }
2862      }
2863    
2864  for (;; ptr++)  /* If the next item is one that we can handle, get its value. A non-negative
2865    value is a character, a negative value is an escape value. */
2866    
2867    if (*ptr == CHAR_BACKSLASH)
2868    {    {
2869    BOOL negate_class;    int temperrorcode = 0;
2870    BOOL possessive_quantifier;    next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
2871    BOOL is_quantifier;    if (temperrorcode != 0) return FALSE;
2872    int class_charcount;    ptr++;    /* Point after the escape sequence */
2873    int class_lastchar;    }
   int newoptions;  
   int recno;  
   int skipbytes;  
   int subreqbyte;  
   int subfirstbyte;  
   int mclength;  
   uschar mcbuffer[8];  
2874    
2875    /* Next byte in the pattern */  else if ((cd->ctypes[*ptr] & ctype_meta) == 0)
2876      {
2877    #ifdef SUPPORT_UTF8
2878      if (utf8) { GETCHARINC(next, ptr); } else
2879    #endif
2880      next = *ptr++;
2881      }
2882    
2883    c = *ptr;  else return FALSE;
2884    
2885    /* If in \Q...\E, check for the end; if not, we have a literal */  /* Skip whitespace and comments in extended mode */
2886    
2887    if (inescq && c != 0)  if ((options & PCRE_EXTENDED) != 0)
2888      {
2889      for (;;)
2890      {      {
2891      if (c == '\\' && ptr[1] == 'E')      while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2892        if (*ptr == CHAR_NUMBER_SIGN)
2893        {        {
       inescq = FALSE;  
2894        ptr++;        ptr++;
2895        continue;        while (*ptr != 0)
       }  
     else  
       {  
       if (previous_callout != NULL)  
         {  
         complete_callout(previous_callout, ptr, cd);  
         previous_callout = NULL;  
         }  
       if ((options & PCRE_AUTO_CALLOUT) != 0)  
2896          {          {
2897          previous_callout = code;          if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2898          code = auto_callout(code, ptr, cd);          ptr++;
2899    #ifdef SUPPORT_UTF8
2900            if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2901    #endif
2902          }          }
       goto NORMAL_CHAR;  
2903        }        }
2904        else break;
2905      }      }
2906      }
2907    
2908    /* Fill in length of a previous callout, except when the next thing is  /* If the next thing is itself optional, we have to give up. */
   a quantifier. */  
2909    
2910    is_quantifier = c == '*' || c == '+' || c == '?' ||  if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2911      (c == '{' && is_counted_repeat(ptr+1));    strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2912        return FALSE;
2913    
2914    if (!is_quantifier && previous_callout != NULL &&  /* Now compare the next item with the previous opcode. First, handle cases when
2915         after_manual_callout-- <= 0)  the next item is a character. */
2916      {  
2917      complete_callout(previous_callout, ptr, cd);  if (next >= 0) switch(op_code)
2918      previous_callout = NULL;    {
2919      }    case OP_CHAR:
2920    #ifdef SUPPORT_UTF8
2921      GETCHARTEST(c, previous);
2922    #else
2923      c = *previous;
2924    #endif
2925      return c != next;
2926    
2927    /* In extended mode, skip white space and comments */    /* For CHARI (caseless character) we must check the other case. If we have
2928      Unicode property support, we can use it to test the other case of
2929      high-valued characters. */
2930    
2931    if ((options & PCRE_EXTENDED) != 0)    case OP_CHARI:
2932    #ifdef SUPPORT_UTF8
2933      GETCHARTEST(c, previous);
2934    #else
2935      c = *previous;
2936    #endif
2937      if (c == next) return FALSE;
2938    #ifdef SUPPORT_UTF8
2939      if (utf8)
2940      {      {
2941      if ((cd->ctypes[c] & ctype_space) != 0) continue;      unsigned int othercase;
2942      if (c == '#')      if (next < 128) othercase = cd->fcc[next]; else
2943        {  #ifdef SUPPORT_UCP
2944        /* The space before the ; is to avoid a warning on a silly compiler      othercase = UCD_OTHERCASE((unsigned int)next);
2945        on the Macintosh. */  #else
2946        while ((c = *(++ptr)) != 0 && c != NEWLINE) ;      othercase = NOTACHAR;
2947        if (c != 0) continue;   /* Else fall through to handle end of string */  #endif
2948        }      return (unsigned int)c != othercase;
2949      }      }
2950      else
2951    #endif  /* SUPPORT_UTF8 */
2952      return (c != cd->fcc[next]);  /* Non-UTF-8 mode */
2953    
2954    /* No auto callout for quantifiers. */    /* For OP_NOT and OP_NOTI, the data is always a single-byte character. These
2955      opcodes are not used for multi-byte characters, because they are coded using
2956      an XCLASS instead. */
2957    
2958    if ((options & PCRE_AUTO_CALLOUT) != 0 && !is_quantifier)    case OP_NOT:
2959      return (c = *previous) == next;
2960    
2961      case OP_NOTI:
2962      if ((c = *previous) == next) return TRUE;
2963    #ifdef SUPPORT_UTF8
2964      if (utf8)
2965      {      {
2966      previous_callout = code;      unsigned int othercase;
2967      code = auto_callout(code, ptr, cd);      if (next < 128) othercase = cd->fcc[next]; else
2968    #ifdef SUPPORT_UCP
2969        othercase = UCD_OTHERCASE(next);
2970    #else
2971        othercase = NOTACHAR;
2972    #endif
2973        return (unsigned int)c == othercase;
2974      }      }
2975      else
2976    #endif  /* SUPPORT_UTF8 */
2977      return (c == cd->fcc[next]);  /* Non-UTF-8 mode */
2978    
2979    switch(c)    /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
2980      {    When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
     /* The branch terminates at end of string, |, or ). */  
2981    
2982      case 0:    case OP_DIGIT:
2983      case '|':    return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
     case ')':  
     *firstbyteptr = firstbyte;  
     *reqbyteptr = reqbyte;  
     *codeptr = code;  
     *ptrptr = ptr;  
     return TRUE;  
   
     /* Handle single-character metacharacters. In multiline mode, ^ disables  
     the setting of any following char as a first character. */  
2984    
2985      case '^':    case OP_NOT_DIGIT:
2986      if ((options & PCRE_MULTILINE) != 0)    return next <= 127 && (cd->ctypes[next] & ctype_digit) != 0;
       {  
       if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;  
       }  
     previous = NULL;  
     *code++ = OP_CIRC;  
     break;  
   
     case '$':  
     previous = NULL;  
     *code++ = OP_DOLL;  
     break;  
2987    
2988      /* There can never be a first char if '.' is first, whatever happens about    case OP_WHITESPACE:
2989      repeats. The value of reqbyte doesn't change either. */    return next > 127 || (cd->ctypes[next] & ctype_space) == 0;
2990    
2991      case '.':    case OP_NOT_WHITESPACE:
2992      if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;    return next <= 127 && (cd->ctypes[next] & ctype_space) != 0;
     zerofirstbyte = firstbyte;  
     zeroreqbyte = reqbyte;  
     previous = code;  
     *code++ = OP_ANY;  
     break;  
2993    
2994      /* Character classes. If the included characters are all < 255 in value, we    case OP_WORDCHAR:
2995      build a 32-byte bitmap of the permitted characters, except in the special    return next > 127 || (cd->ctypes[next] & ctype_word) == 0;
     case where there is only one such character. For negated classes, we build  
     the map as usual, then invert it at the end. However, we use a different  
     opcode so that data characters > 255 can be handled correctly.  
2996    
2997      If the class contains characters outside the 0-255 range, a different    case OP_NOT_WORDCHAR:
2998      opcode is compiled. It may optionally have a bit map for characters < 256,    return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
     but those above are are explicitly listed afterwards. A flag byte tells  
     whether the bitmap is present, and whether this is a negated class or not.  
     */  
2999    
3000      case '[':    case OP_HSPACE:
3001      previous = code;    case OP_NOT_HSPACE:
3002      switch(next)
3003        {
3004        case 0x09:
3005        case 0x20:
3006        case 0xa0:
3007        case 0x1680:
3008        case 0x180e:
3009        case 0x2000:
3010        case 0x2001:
3011        case 0x2002:
3012        case 0x2003:
3013        case 0x2004:
3014        case 0x2005:
3015        case 0x2006:
3016        case 0x2007:
3017        case 0x2008:
3018        case 0x2009:
3019        case 0x200A:
3020        case 0x202f:
3021        case 0x205f:
3022        case 0x3000:
3023        return op_code == OP_NOT_HSPACE;
3024        default:
3025        return op_code != OP_NOT_HSPACE;
3026        }
3027    
3028      /* PCRE supports POSIX class stuff inside a class. Perl gives an error if    case OP_ANYNL:
3029      they are encountered at the top level, so we'll do that too. */    case OP_VSPACE:
3030      case OP_NOT_VSPACE:
3031      switch(next)
3032        {
3033        case 0x0a:
3034        case 0x0b:
3035        case 0x0c:
3036        case 0x0d:
3037        case 0x85:
3038        case 0x2028:
3039        case 0x2029:
3040        return op_code == OP_NOT_VSPACE;
3041        default:
3042        return op_code != OP_NOT_VSPACE;
3043        }
3044    
3045      if ((ptr[1] == ':' || ptr[1] == '.' || ptr[1] == '=') &&  #ifdef SUPPORT_UCP
3046          check_posix_syntax(ptr, &tempptr, cd))    case OP_PROP:
3047        {    return check_char_prop(next, previous[0], previous[1], FALSE);
       *errorcodeptr = (ptr[1] == ':')? ERR13 : ERR31;  
       goto FAILED;  
       }  
3048    
3049      /* If the first character is '^', set the negation flag and skip it. */    case OP_NOTPROP:
3050      return check_char_prop(next, previous[0], previous[1], TRUE);
3051    #endif
3052    
3053      if ((c = *(++ptr)) == '^')    default:
3054        {    return FALSE;
3055        negate_class = TRUE;    }
       c = *(++ptr);  
       }  
     else  
       {  
       negate_class = FALSE;  
       }  
3056    
     /* Keep a count of chars with values < 256 so that we can optimize the case  
     of just a single character (as long as it's < 256). For higher valued UTF-8  
     characters, we don't yet do any optimization. */  
3057    
3058      class_charcount = 0;  /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
3059      class_lastchar = -1;  is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
3060    generated only when PCRE_UCP is *not* set, that is, when only ASCII
3061    characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
3062    replaced by OP_PROP codes when PCRE_UCP is set. */
3063    
3064    switch(op_code)
3065      {
3066      case OP_CHAR:
3067      case OP_CHARI:
3068  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
3069      class_utf8 = FALSE;                       /* No chars >= 256 */    GETCHARTEST(c, previous);
3070      class_utf8data = code + LINK_SIZE + 34;   /* For UTF-8 items */  #else
3071      c = *previous;
3072  #endif  #endif
3073      switch(-next)
3074        {
3075        case ESC_d:
3076        return c > 127 || (cd->ctypes[c] & ctype_digit) == 0;
3077    
3078      /* Initialize the 32-char bit map to all zeros. We have to build the      case ESC_D:
3079      map in a temporary bit of store, in case the class contains only 1      return c <= 127 && (cd->ctypes[c] & ctype_digit) != 0;
     character (< 256), because in that case the compiled code doesn't use the  
     bit map. */  
3080    
3081      memset(classbits, 0, 32 * sizeof(uschar));      case ESC_s:
3082        return c > 127 || (cd->ctypes[c] & ctype_space) == 0;
3083    
3084      /* Process characters until ] is reached. By writing this as a "do" it      case ESC_S:
3085      means that an initial ] is taken as a data character. The first pass      return c <= 127 && (cd->ctypes[c] & ctype_space) != 0;
3086      through the regex checked the overall syntax, so we don't need to be very  
3087      strict here. At the start of the loop, c contains the first byte of the      case ESC_w:
3088      character. */      return c > 127 || (cd->ctypes[c] & ctype_word) == 0;
3089    
3090        case ESC_W:
3091        return c <= 127 && (cd->ctypes[c] & ctype_word) != 0;
3092    
3093        case ESC_h:
3094        case ESC_H:
3095        switch(c)
3096          {
3097          case 0x09:
3098          case 0x20:
3099          case 0xa0:
3100          case 0x1680:
3101          case 0x180e:
3102          case 0x2000:
3103          case 0x2001:
3104          case 0x2002:
3105          case 0x2003:
3106          case 0x2004:
3107          case 0x2005:
3108          case 0x2006:
3109          case 0x2007:
3110          case 0x2008:
3111          case 0x2009:
3112          case 0x200A:
3113          case 0x202f:
3114          case 0x205f:
3115          case 0x3000:
3116          return -next != ESC_h;
3117          default:
3118          return -next == ESC_h;
3119          }
3120    
3121      do      case ESC_v:
3122        {      case ESC_V:
3123  #ifdef SUPPORT_UTF8      switch(c)
3124        if (utf8 && c > 127)        {
3125          {                           /* Braces are required because the */        case 0x0a:
3126          GETCHARLEN(c, ptr, ptr);    /* macro generates multiple statements */        case 0x0b:
3127          }        case 0x0c:
3128  #endif        case 0x0d:
3129          case 0x85:
3130          case 0x2028:
3131          case 0x2029:
3132          return -next != ESC_v;
3133          default:
3134          return -next == ESC_v;
3135          }
3136    
3137        /* Inside \Q...\E everything is literal except \E */      /* When PCRE_UCP is set, these values get generated for \d etc. Find
3138        their substitutions and process them. The result will always be either
3139        -ESC_p or -ESC_P. Then fall through to process those values. */
3140    
3141        if (inescq)  #ifdef SUPPORT_UCP
3142          {      case ESC_du:
3143          if (c == '\\' && ptr[1] == 'E')      case ESC_DU:
3144            {      case ESC_wu:
3145            inescq = FALSE;      case ESC_WU:
3146            ptr++;      case ESC_su:
3147            continue;      case ESC_SU:
3148            }        {
3149          else goto LONE_SINGLE_CHARACTER;        int temperrorcode = 0;
3150          }        ptr = substitutes[-next - ESC_DU];
3151          next = check_escape(&ptr, &temperrorcode, 0, options, FALSE);
3152          if (temperrorcode != 0) return FALSE;
3153          ptr++;    /* For compatibility */
3154          }
3155        /* Fall through */
3156    
3157        /* Handle POSIX class names. Perl allows a negation extension of the      case ESC_p:
3158        form [:^name:]. A square bracket that doesn't match the syntax is      case ESC_P:
3159        treated as a literal. We also recognize the POSIX constructions        {
3160        [.ch.] and [=ch=] ("collating elements") and fault them, as Perl        int ptype, pdata, errorcodeptr;
3161        5.6 and 5.8 do. */        BOOL negated;
3162    
3163        if (c == '[' &&        ptr--;      /* Make ptr point at the p or P */
3164            (ptr[1] == ':' || ptr[1] == '.' || ptr[1] == '=') &&        ptype = get_ucp(&ptr, &negated, &pdata, &errorcodeptr);
3165            check_posix_syntax(ptr, &tempptr, cd))        if (ptype < 0) return FALSE;
3166          {        ptr++;      /* Point past the final curly ket */
3167          BOOL local_negate = FALSE;  
3168          int posix_class, i;        /* If the property item is optional, we have to give up. (When generated
3169          register const uschar *cbits = cd->cbits;        from \d etc by PCRE_UCP, this test will have been applied much earlier,
3170          to the original \d etc. At this point, ptr will point to a zero byte. */
3171    
3172          if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
3173            strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
3174              return FALSE;
3175    
3176          if (ptr[1] != ':')        /* Do the property check. */
           {  
           *errorcodeptr = ERR31;  
           goto FAILED;  
           }  
3177    
3178          ptr += 2;        return check_char_prop(c, ptype, pdata, (next == -ESC_P) != negated);
3179          if (*ptr == '^')        }
3180            {  #endif
           local_negate = TRUE;  
           ptr++;  
           }  
3181    
3182          posix_class = check_posix_name(ptr, tempptr - ptr);      default:
3183          if (posix_class < 0)      return FALSE;
3184            {      }
           *errorcodeptr = ERR30;  
           goto FAILED;  
           }  
3185    
3186          /* If matching is caseless, upper and lower are converted to    /* In principle, support for Unicode properties should be integrated here as
3187          alpha. This relies on the fact that the class table starts with    well. It means re-organizing the above code so as to get hold of the property
3188          alpha, lower, upper as the first 3 entries. */    values before switching on the op-code. However, I wonder how many patterns
3189      combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
3190      these op-codes are never generated.) */
3191    
3192          if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)    case OP_DIGIT:
3193            posix_class = 0;    return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
3194             next == -ESC_h || next == -ESC_v || next == -ESC_R;
3195    
3196          /* Or into the map we are building up to 3 of the static class    case OP_NOT_DIGIT:
3197          tables, or their negations. The [:blank:] class sets up the same    return next == -ESC_d;
         chars as the [:space:] class (all white space). We remove the vertical  
         white space chars afterwards. */  
3198    
3199          posix_class *= 3;    case OP_WHITESPACE:
3200          for (i = 0; i < 3; i++)    return next == -ESC_S || next == -ESC_d || next == -ESC_w || next == -ESC_R;
           {  
           BOOL blankclass = strncmp((char *)ptr, "blank", 5) == 0;  
           int taboffset = posix_class_maps[posix_class + i];  
           if (taboffset < 0) break;  
           if (local_negate)  
             {  
             if (i == 0)  
               for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+taboffset];  
             else  
               for (c = 0; c < 32; c++) classbits[c] &= ~cbits[c+taboffset];  
             if (blankclass) classbits[1] |= 0x3c;  
             }  
           else  
             {  
             for (c = 0; c < 32; c++) classbits[c] |= cbits[c+taboffset];  
             if (blankclass) classbits[1] &= ~0x3c;  
             }  
           }  
3201    
3202          ptr = tempptr + 1;    case OP_NOT_WHITESPACE:
3203          class_charcount = 10;  /* Set > 1; assumes more than 1 per class */    return next == -ESC_s || next == -ESC_h || next == -ESC_v;
         continue;    /* End of POSIX syntax handling */  
         }  
3204    
3205        /* Backslash may introduce a single character, or it may introduce one    case OP_HSPACE:
3206        of the specials, which just set a flag. Escaped items are checked for    return next == -ESC_S || next == -ESC_H || next == -ESC_d ||
3207        validity in the pre-compiling pass. The sequence \b is a special case.           next == -ESC_w || next == -ESC_v || next == -ESC_R;
       Inside a class (and only there) it is treated as backspace. Elsewhere  
       it marks a word boundary. Other escapes have preset maps ready to  
       or into the one we are building. We assume they have more than one  
       character in them, so set class_charcount bigger than one. */  
3208    
3209        if (c == '\\')    case OP_NOT_HSPACE:
3210          {    return next == -ESC_h;
         c = check_escape(&ptr, errorcodeptr, *brackets, options, TRUE);  
3211    
3212          if (-c == ESC_b) c = '\b';       /* \b is backslash in a class */    /* Can't have \S in here because VT matches \S (Perl anomaly) */
3213          else if (-c == ESC_X) c = 'X';   /* \X is literal X in a class */    case OP_ANYNL:
3214          else if (-c == ESC_Q)            /* Handle start of quoted string */    case OP_VSPACE:
3215            {    return next == -ESC_V || next == -ESC_d || next == -ESC_w;
           if (ptr[1] == '\\' && ptr[2] == 'E')  
             {  
             ptr += 2; /* avoid empty string */  
             }  
           else inescq = TRUE;  
           continue;  
           }  
3216    
3217          if (c < 0)    case OP_NOT_VSPACE:
3218            {    return next == -ESC_v || next == -ESC_R;
           register const uschar *cbits = cd->cbits;  
           class_charcount += 2;     /* Greater than 1 is what matters */  
           switch (-c)  
             {  
             case ESC_d:  
             for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];  
             continue;  
3219    
3220              case ESC_D:    case OP_WORDCHAR:
3221              for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];    return next == -ESC_W || next == -ESC_s || next == -ESC_h ||
3222              continue;           next == -ESC_v || next == -ESC_R;
3223    
3224              case ESC_w:    case OP_NOT_WORDCHAR:
3225              for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_word];    return next == -ESC_w || next == -ESC_d;
             continue;  
3226    
3227              case ESC_W:    default:
3228              for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];    return FALSE;
3229              continue;    }
3230    
3231              case ESC_s:  /* Control does not reach here */
3232              for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_space];  }
             classbits[1] &= ~0x08;   /* Perl 5.004 onwards omits VT from \s */  
             continue;  
3233    
             case ESC_S:  
             for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];  
             classbits[1] |= 0x08;    /* Perl 5.004 onwards omits VT from \s */  
             continue;  
3234    
 #ifdef SUPPORT_UCP  
             case ESC_p:  
             case ESC_P:  
               {  
               BOOL negated;  
               int property = get_ucp(&ptr, &negated, errorcodeptr);  
               if (property < 0) goto FAILED;  
               class_utf8 = TRUE;  
               *class_utf8data++ = ((-c == ESC_p) != negated)?  
                 XCL_PROP : XCL_NOTPROP;  
               *class_utf8data++ = property;  
               class_charcount -= 2;   /* Not a < 256 character */  
               }  
             continue;  
 #endif  
3235    
3236              /* Unrecognized escapes are faulted if PCRE is running in its  /*************************************************
3237              strict mode. By default, for compatibility with Perl, they are  *           Compile one branch                   *
3238              treated as literals. */  *************************************************/
3239    
3240              default:  /* Scan the pattern, compiling it into the a vector. If the options are
3241              if ((options & PCRE_EXTRA) != 0)  changed during the branch, the pointer is used to change the external options
3242                {  bits. This function is used during the pre-compile phase when we are trying
3243                *errorcodeptr = ERR7;  to find out the amount of memory needed, as well as during the real compile
3244                goto FAILED;  phase. The value of lengthptr distinguishes the two phases.
               }  
             c = *ptr;              /* The final character */  
             class_charcount -= 2;  /* Undo the default count from above */  
             }  
           }  
3245    
3246          /* Fall through if we have a single character (c >= 0). This may be  Arguments:
3247          > 256 in UTF-8 mode. */    optionsptr     pointer to the option bits
3248      codeptr        points to the pointer to the current code point
3249      ptrptr         points to the current pattern pointer
3250      errorcodeptr   points to error code variable
3251      firstbyteptr   set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
3252      reqbyteptr     set to the last literal character required, else < 0
3253      bcptr          points to current branch chain
3254      cond_depth     conditional nesting depth
3255      cd             contains pointers to tables etc.
3256      lengthptr      NULL during the real compile phase
3257                     points to length accumulator during pre-compile phase
3258    
3259          }   /* End of backslash handling */  Returns:         TRUE on success
3260                     FALSE, with *errorcodeptr set non-zero on error
3261    */
3262    
3263        /* A single character may be followed by '-' to form a range. However,  static BOOL
3264        Perl does not permit ']' to be the end of the range. A '-' character  compile_branch(int *optionsptr, uschar **codeptr, const uschar **ptrptr,
3265        here is treated as a literal. */    int *errorcodeptr, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
3266      int cond_depth, compile_data *cd, int *lengthptr)
3267    {
3268    int repeat_type, op_type;
3269    int repeat_min = 0, repeat_max = 0;      /* To please picky compilers */
3270    int bravalue = 0;
3271    int greedy_default, greedy_non_default;
3272    int firstbyte, reqbyte;
3273    int zeroreqbyte, zerofirstbyte;
3274    int req_caseopt, reqvary, tempreqvary;
3275    int options = *optionsptr;               /* May change dynamically */
3276    int after_manual_callout = 0;
3277    int length_prevgroup = 0;
3278    register int c;
3279    register uschar *code = *codeptr;
3280    uschar *last_code = code;
3281    uschar *orig_code = code;
3282    uschar *tempcode;
3283    BOOL inescq = FALSE;
3284    BOOL groupsetfirstbyte = FALSE;
3285    const uschar *ptr = *ptrptr;
3286    const uschar *tempptr;
3287    const uschar *nestptr = NULL;
3288    uschar *previous = NULL;
3289    uschar *previous_callout = NULL;
3290    uschar *save_hwm = NULL;
3291    uschar classbits[32];
3292    
3293        if (ptr[1] == '-' && ptr[2] != ']')  /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
3294          {  must not do this for other options (e.g. PCRE_EXTENDED) because they may change
3295          int d;  dynamically as we process the pattern. */
         ptr += 2;  
3296    
3297  #ifdef SUPPORT_UTF8  #ifdef SUPPORT_UTF8
3298          if (utf8)  BOOL class_utf8;
3299            {                           /* Braces are required because the */  BOOL utf8 = (options & PCRE_UTF8) != 0;
3300            GETCHARLEN(d, ptr, ptr);    /* macro generates multiple statements */  uschar *class_utf8data;
3301            }  uschar *class_utf8data_base;
3302          else  uschar utf8_char[6];
3303    #else
3304    BOOL utf8 = FALSE;
3305  #endif  #endif
         d = *ptr;  /* Not UTF-8 mode */  
3306    
3307          /* The second part of a range can be a single-character escape, but  #ifdef PCRE_DEBUG
3308          not any of the other escapes. Perl 5.6 treats a hyphen as a literal  if (lengthptr != NULL) DPRINTF((">> start branch\n"));
3309          in such circumstances. */  #endif
3310    
3311          if (d == '\\')  /* Set up the default and non-default settings for greediness */
           {  
           const uschar *oldptr = ptr;  
           d = check_escape(&ptr, errorcodeptr, *brackets, options, TRUE);  
3312    
3313            /* \b is backslash; \X is literal X; any other special means the '-'  greedy_default = ((options & PCRE_UNGREEDY) != 0);
3314            was literal */  greedy_non_default = greedy_default ^ 1;
3315    
3316            if (d < 0)  /* Initialize no first byte, no required byte. REQ_UNSET means "no char
3317              {  matching encountered yet". It gets changed to REQ_NONE if we hit something that
3318              if (d == -ESC_b) d = '\b';  matches a non-fixed char first char; reqbyte just remains unset if we never
3319              else if (d == -ESC_X) d = 'X'; else  find one.
3320                {  
3321                ptr = oldptr - 2;  When we hit a repeat whose minimum is zero, we may have to adjust these values
3322                goto LONE_SINGLE_CHARACTER;  /* A few lines below */  to take the zero repeat into account. This is implemented by setting them to
3323                }  zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
3324              }  item types that can be repeated set these backoff variables appropriately. */
3325    
3326    firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
3327    
3328    /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
3329    according to the current setting of the caseless flag. REQ_CASELESS is a bit
3330    value > 255. It is added into the firstbyte or reqbyte variables to record the
3331    case status of the value. This is used only for ASCII characters. */
3332    
3333    req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
3334    
3335    /* Switch on next character until the end of the branch */
3336    
3337    for (;; ptr++)
3338      {
3339      BOOL negate_class;
3340      BOOL should_flip_negation;
3341      BOOL possessive_quantifier;
3342      BOOL is_quantifier;
3343      BOOL is_recurse;
3344      BOOL reset_bracount;
3345      int class_charcount;
3346      int class_lastchar;
3347      int newoptions;
3348      int recno;
3349      int refsign;
3350      int skipbytes;
3351      int subreqbyte;
3352      int subfirstbyte;
3353      int terminator;
3354      int mclength;
3355      int tempbracount;
3356      uschar mcbuffer[8];
3357    
3358      /* Get next byte in the pattern */
3359    
3360      c = *ptr;
3361    
3362      /* If we are at the end of a nested substitution, revert to the outer level
3363      string. Nesting only happens one level deep. */
3364    
3365      if (c == 0 && nestptr != NULL)
3366        {
3367        ptr = nestptr;
3368        nestptr = NULL;
3369        c = *ptr;
3370        }
3371    
3372      /* If we are in the pre-compile phase, accumulate the length used for the
3373      previous cycle of this loop. */
3374    
3375      if (lengthptr != NULL)
3376        {
3377    #ifdef PCRE_DEBUG
3378        if (code > cd->hwm) cd->hwm = code;                 /* High water info */
3379    #endif
3380        if (code > cd->start_workspace + cd->workspace_size -
3381            WORK_SIZE_SAFETY_MARGIN)                       /* Check for overrun */
3382          {
3383          *errorcodeptr = ERR52;
3384          goto FAILED;
3385          }
3386    
3387        /* There is at least one situation where code goes backwards: this is the
3388        case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
3389        the class is simply eliminated. However, it is created first, so we have to
3390        allow memory for it. Therefore, don't ever reduce the length at this point.
3391        */
3392    
3393        if (code < last_code) code = last_code;
3394    
3395        /* Paranoid check for integer overflow */
3396    
3397        if (OFLOW_MAX - *lengthptr < code - last_code)
3398          {
3399          *errorcodeptr = ERR20;
3400          goto FAILED;
3401          }
3402    
3403        *lengthptr += (int)(code - last_code);
3404        DPRINTF(("length=%d added %d c=%c\n", *lengthptr, (int)(code - last_code),
3405          c));
3406    
3407        /* If "previous" is set and it is not at the start of the work space, move
3408        it back to there, in order to avoid filling up the work space. Otherwise,
3409        if "previous" is NULL, reset the current code pointer to the start. */
3410    
3411        if (previous != NULL)
3412          {
3413          if (previous > orig_code)
3414            {
3415            memmove(orig_code, previous, code - previous);
3416            code -= previous - orig_code;
3417            previous = orig_code;
3418            }
3419          }
3420        else code = orig_code;
3421    
3422        /* Remember where this code item starts so we can pick up the length
3423        next time round. */
3424    
3425        last_code = code;
3426        }
3427