/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Contents of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1148 - (show annotations)
Sat Oct 20 20:52:52 2012 UTC (6 years, 11 months ago) by zherczeg
File MIME type: text/plain
File size: 276044 byte(s)
Refactor the solution of the unsigned overflow.
1 /*************************************************
2 * Perl-Compatible Regular Expressions *
3 *************************************************/
4
5 /* PCRE is a library of functions to support regular expressions whose syntax
6 and semantics are as close as possible to those of the Perl 5 language.
7
8 Written by Philip Hazel
9 Copyright (c) 1997-2012 University of Cambridge
10
11 -----------------------------------------------------------------------------
12 Redistribution and use in source and binary forms, with or without
13 modification, are permitted provided that the following conditions are met:
14
15 * Redistributions of source code must retain the above copyright notice,
16 this list of conditions and the following disclaimer.
17
18 * Redistributions in binary form must reproduce the above copyright
19 notice, this list of conditions and the following disclaimer in the
20 documentation and/or other materials provided with the distribution.
21
22 * Neither the name of the University of Cambridge nor the names of its
23 contributors may be used to endorse or promote products derived from
24 this software without specific prior written permission.
25
26 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
27 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
30 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
37 -----------------------------------------------------------------------------
38 */
39
40
41 /* This module contains the external function pcre_compile(), along with
42 supporting internal functions that are not used by other modules. */
43
44
45 #ifdef HAVE_CONFIG_H
46 #include "config.h"
47 #endif
48
49 #define NLBLOCK cd /* Block containing newline information */
50 #define PSSTART start_pattern /* Field containing processed string start */
51 #define PSEND end_pattern /* Field containing processed string end */
52
53 #include "pcre_internal.h"
54
55
56 /* When PCRE_DEBUG is defined, we need the pcre(16|32)_printint() function, which
57 is also used by pcretest. PCRE_DEBUG is not defined when building a production
58 library. We do not need to select pcre16_printint.c specially, because the
59 COMPILE_PCREx macro will already be appropriately set. */
60
61 #ifdef PCRE_DEBUG
62 /* pcre_printint.c should not include any headers */
63 #define PCRE_INCLUDED
64 #include "pcre_printint.c"
65 #undef PCRE_INCLUDED
66 #endif
67
68
69 /* Macro for setting individual bits in class bitmaps. */
70
71 #define SETBIT(a,b) a[(b)/8] |= (1 << ((b)&7))
72
73 /* Maximum length value to check against when making sure that the integer that
74 holds the compiled pattern length does not overflow. We make it a bit less than
75 INT_MAX to allow for adding in group terminating bytes, so that we don't have
76 to check them every time. */
77
78 #define OFLOW_MAX (INT_MAX - 20)
79
80 /* Definitions to allow mutual recursion */
81
82 static int
83 add_list_to_class(pcre_uint8 *, pcre_uchar **, int, compile_data *,
84 const pcre_uint32 *, unsigned int);
85
86 static BOOL
87 compile_regex(int, pcre_uchar **, const pcre_uchar **, int *, BOOL, BOOL, int, int,
88 pcre_uint32 *, pcre_int32 *, pcre_uint32 *, pcre_int32 *, branch_chain *,
89 compile_data *, int *);
90
91
92
93 /*************************************************
94 * Code parameters and static tables *
95 *************************************************/
96
97 /* This value specifies the size of stack workspace that is used during the
98 first pre-compile phase that determines how much memory is required. The regex
99 is partly compiled into this space, but the compiled parts are discarded as
100 soon as they can be, so that hopefully there will never be an overrun. The code
101 does, however, check for an overrun. The largest amount I've seen used is 218,
102 so this number is very generous.
103
104 The same workspace is used during the second, actual compile phase for
105 remembering forward references to groups so that they can be filled in at the
106 end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
107 is 4 there is plenty of room for most patterns. However, the memory can get
108 filled up by repetitions of forward references, for example patterns like
109 /(?1){0,1999}(b)/, and one user did hit the limit. The code has been changed so
110 that the workspace is expanded using malloc() in this situation. The value
111 below is therefore a minimum, and we put a maximum on it for safety. The
112 minimum is now also defined in terms of LINK_SIZE so that the use of malloc()
113 kicks in at the same number of forward references in all cases. */
114
115 #define COMPILE_WORK_SIZE (2048*LINK_SIZE)
116 #define COMPILE_WORK_SIZE_MAX (100*COMPILE_WORK_SIZE)
117
118 /* The overrun tests check for a slightly smaller size so that they detect the
119 overrun before it actually does run off the end of the data block. */
120
121 #define WORK_SIZE_SAFETY_MARGIN (100)
122
123 /* Private flags added to firstchar and reqchar. */
124
125 #define REQ_CASELESS (1 << 0) /* Indicates caselessness */
126 #define REQ_VARY (1 << 1) /* Reqchar followed non-literal item */
127 /* Negative values for the firstchar and reqchar flags */
128 #define REQ_UNSET (-2)
129 #define REQ_NONE (-1)
130
131 /* Repeated character flags. */
132
133 #define UTF_LENGTH 0x10000000l /* The char contains its length. */
134
135 /* Table for handling escaped characters in the range '0'-'z'. Positive returns
136 are simple data values; negative values are for special things like \d and so
137 on. Zero means further processing is needed (for things like \x), or the escape
138 is invalid. */
139
140 #ifndef EBCDIC
141
142 /* This is the "normal" table for ASCII systems or for EBCDIC systems running
143 in UTF-8 mode. */
144
145 static const short int escapes[] = {
146 0, 0,
147 0, 0,
148 0, 0,
149 0, 0,
150 0, 0,
151 CHAR_COLON, CHAR_SEMICOLON,
152 CHAR_LESS_THAN_SIGN, CHAR_EQUALS_SIGN,
153 CHAR_GREATER_THAN_SIGN, CHAR_QUESTION_MARK,
154 CHAR_COMMERCIAL_AT, -ESC_A,
155 -ESC_B, -ESC_C,
156 -ESC_D, -ESC_E,
157 0, -ESC_G,
158 -ESC_H, 0,
159 0, -ESC_K,
160 0, 0,
161 -ESC_N, 0,
162 -ESC_P, -ESC_Q,
163 -ESC_R, -ESC_S,
164 0, 0,
165 -ESC_V, -ESC_W,
166 -ESC_X, 0,
167 -ESC_Z, CHAR_LEFT_SQUARE_BRACKET,
168 CHAR_BACKSLASH, CHAR_RIGHT_SQUARE_BRACKET,
169 CHAR_CIRCUMFLEX_ACCENT, CHAR_UNDERSCORE,
170 CHAR_GRAVE_ACCENT, 7,
171 -ESC_b, 0,
172 -ESC_d, ESC_e,
173 ESC_f, 0,
174 -ESC_h, 0,
175 0, -ESC_k,
176 0, 0,
177 ESC_n, 0,
178 -ESC_p, 0,
179 ESC_r, -ESC_s,
180 ESC_tee, 0,
181 -ESC_v, -ESC_w,
182 0, 0,
183 -ESC_z
184 };
185
186 #else
187
188 /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
189
190 static const short int escapes[] = {
191 /* 48 */ 0, 0, 0, '.', '<', '(', '+', '|',
192 /* 50 */ '&', 0, 0, 0, 0, 0, 0, 0,
193 /* 58 */ 0, 0, '!', '$', '*', ')', ';', '~',
194 /* 60 */ '-', '/', 0, 0, 0, 0, 0, 0,
195 /* 68 */ 0, 0, '|', ',', '%', '_', '>', '?',
196 /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0,
197 /* 78 */ 0, '`', ':', '#', '@', '\'', '=', '"',
198 /* 80 */ 0, 7, -ESC_b, 0, -ESC_d, ESC_e, ESC_f, 0,
199 /* 88 */-ESC_h, 0, 0, '{', 0, 0, 0, 0,
200 /* 90 */ 0, 0, -ESC_k, 'l', 0, ESC_n, 0, -ESC_p,
201 /* 98 */ 0, ESC_r, 0, '}', 0, 0, 0, 0,
202 /* A0 */ 0, '~', -ESC_s, ESC_tee, 0,-ESC_v, -ESC_w, 0,
203 /* A8 */ 0,-ESC_z, 0, 0, 0, '[', 0, 0,
204 /* B0 */ 0, 0, 0, 0, 0, 0, 0, 0,
205 /* B8 */ 0, 0, 0, 0, 0, ']', '=', '-',
206 /* C0 */ '{',-ESC_A, -ESC_B, -ESC_C, -ESC_D,-ESC_E, 0, -ESC_G,
207 /* C8 */-ESC_H, 0, 0, 0, 0, 0, 0, 0,
208 /* D0 */ '}', 0, -ESC_K, 0, 0,-ESC_N, 0, -ESC_P,
209 /* D8 */-ESC_Q,-ESC_R, 0, 0, 0, 0, 0, 0,
210 /* E0 */ '\\', 0, -ESC_S, 0, 0,-ESC_V, -ESC_W, -ESC_X,
211 /* E8 */ 0,-ESC_Z, 0, 0, 0, 0, 0, 0,
212 /* F0 */ 0, 0, 0, 0, 0, 0, 0, 0,
213 /* F8 */ 0, 0, 0, 0, 0, 0, 0, 0
214 };
215 #endif
216
217
218 /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
219 searched linearly. Put all the names into a single string, in order to reduce
220 the number of relocations when a shared library is dynamically linked. The
221 string is built from string macros so that it works in UTF-8 mode on EBCDIC
222 platforms. */
223
224 typedef struct verbitem {
225 int len; /* Length of verb name */
226 int op; /* Op when no arg, or -1 if arg mandatory */
227 int op_arg; /* Op when arg present, or -1 if not allowed */
228 } verbitem;
229
230 static const char verbnames[] =
231 "\0" /* Empty name is a shorthand for MARK */
232 STRING_MARK0
233 STRING_ACCEPT0
234 STRING_COMMIT0
235 STRING_F0
236 STRING_FAIL0
237 STRING_PRUNE0
238 STRING_SKIP0
239 STRING_THEN;
240
241 static const verbitem verbs[] = {
242 { 0, -1, OP_MARK },
243 { 4, -1, OP_MARK },
244 { 6, OP_ACCEPT, -1 },
245 { 6, OP_COMMIT, -1 },
246 { 1, OP_FAIL, -1 },
247 { 4, OP_FAIL, -1 },
248 { 5, OP_PRUNE, OP_PRUNE_ARG },
249 { 4, OP_SKIP, OP_SKIP_ARG },
250 { 4, OP_THEN, OP_THEN_ARG }
251 };
252
253 static const int verbcount = sizeof(verbs)/sizeof(verbitem);
254
255
256 /* Tables of names of POSIX character classes and their lengths. The names are
257 now all in a single string, to reduce the number of relocations when a shared
258 library is dynamically loaded. The list of lengths is terminated by a zero
259 length entry. The first three must be alpha, lower, upper, as this is assumed
260 for handling case independence. */
261
262 static const char posix_names[] =
263 STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
264 STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
265 STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
266 STRING_word0 STRING_xdigit;
267
268 static const pcre_uint8 posix_name_lengths[] = {
269 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
270
271 /* Table of class bit maps for each POSIX class. Each class is formed from a
272 base map, with an optional addition or removal of another map. Then, for some
273 classes, there is some additional tweaking: for [:blank:] the vertical space
274 characters are removed, and for [:alpha:] and [:alnum:] the underscore
275 character is removed. The triples in the table consist of the base map offset,
276 second map offset or -1 if no second map, and a non-negative value for map
277 addition or a negative value for map subtraction (if there are two maps). The
278 absolute value of the third field has these meanings: 0 => no tweaking, 1 =>
279 remove vertical space characters, 2 => remove underscore. */
280
281 static const int posix_class_maps[] = {
282 cbit_word, cbit_digit, -2, /* alpha */
283 cbit_lower, -1, 0, /* lower */
284 cbit_upper, -1, 0, /* upper */
285 cbit_word, -1, 2, /* alnum - word without underscore */
286 cbit_print, cbit_cntrl, 0, /* ascii */
287 cbit_space, -1, 1, /* blank - a GNU extension */
288 cbit_cntrl, -1, 0, /* cntrl */
289 cbit_digit, -1, 0, /* digit */
290 cbit_graph, -1, 0, /* graph */
291 cbit_print, -1, 0, /* print */
292 cbit_punct, -1, 0, /* punct */
293 cbit_space, -1, 0, /* space */
294 cbit_word, -1, 0, /* word - a Perl extension */
295 cbit_xdigit,-1, 0 /* xdigit */
296 };
297
298 /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
299 substitutes must be in the order of the names, defined above, and there are
300 both positive and negative cases. NULL means no substitute. */
301
302 #ifdef SUPPORT_UCP
303 static const pcre_uchar string_PNd[] = {
304 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
305 CHAR_N, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
306 static const pcre_uchar string_pNd[] = {
307 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
308 CHAR_N, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
309 static const pcre_uchar string_PXsp[] = {
310 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
311 CHAR_X, CHAR_s, CHAR_p, CHAR_RIGHT_CURLY_BRACKET, '\0' };
312 static const pcre_uchar string_pXsp[] = {
313 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
314 CHAR_X, CHAR_s, CHAR_p, CHAR_RIGHT_CURLY_BRACKET, '\0' };
315 static const pcre_uchar string_PXwd[] = {
316 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
317 CHAR_X, CHAR_w, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
318 static const pcre_uchar string_pXwd[] = {
319 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
320 CHAR_X, CHAR_w, CHAR_d, CHAR_RIGHT_CURLY_BRACKET, '\0' };
321
322 static const pcre_uchar *substitutes[] = {
323 string_PNd, /* \D */
324 string_pNd, /* \d */
325 string_PXsp, /* \S */ /* NOTE: Xsp is Perl space */
326 string_pXsp, /* \s */
327 string_PXwd, /* \W */
328 string_pXwd /* \w */
329 };
330
331 static const pcre_uchar string_pL[] = {
332 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
333 CHAR_L, CHAR_RIGHT_CURLY_BRACKET, '\0' };
334 static const pcre_uchar string_pLl[] = {
335 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
336 CHAR_L, CHAR_l, CHAR_RIGHT_CURLY_BRACKET, '\0' };
337 static const pcre_uchar string_pLu[] = {
338 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
339 CHAR_L, CHAR_u, CHAR_RIGHT_CURLY_BRACKET, '\0' };
340 static const pcre_uchar string_pXan[] = {
341 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
342 CHAR_X, CHAR_a, CHAR_n, CHAR_RIGHT_CURLY_BRACKET, '\0' };
343 static const pcre_uchar string_h[] = {
344 CHAR_BACKSLASH, CHAR_h, '\0' };
345 static const pcre_uchar string_pXps[] = {
346 CHAR_BACKSLASH, CHAR_p, CHAR_LEFT_CURLY_BRACKET,
347 CHAR_X, CHAR_p, CHAR_s, CHAR_RIGHT_CURLY_BRACKET, '\0' };
348 static const pcre_uchar string_PL[] = {
349 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
350 CHAR_L, CHAR_RIGHT_CURLY_BRACKET, '\0' };
351 static const pcre_uchar string_PLl[] = {
352 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
353 CHAR_L, CHAR_l, CHAR_RIGHT_CURLY_BRACKET, '\0' };
354 static const pcre_uchar string_PLu[] = {
355 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
356 CHAR_L, CHAR_u, CHAR_RIGHT_CURLY_BRACKET, '\0' };
357 static const pcre_uchar string_PXan[] = {
358 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
359 CHAR_X, CHAR_a, CHAR_n, CHAR_RIGHT_CURLY_BRACKET, '\0' };
360 static const pcre_uchar string_H[] = {
361 CHAR_BACKSLASH, CHAR_H, '\0' };
362 static const pcre_uchar string_PXps[] = {
363 CHAR_BACKSLASH, CHAR_P, CHAR_LEFT_CURLY_BRACKET,
364 CHAR_X, CHAR_p, CHAR_s, CHAR_RIGHT_CURLY_BRACKET, '\0' };
365
366 static const pcre_uchar *posix_substitutes[] = {
367 string_pL, /* alpha */
368 string_pLl, /* lower */
369 string_pLu, /* upper */
370 string_pXan, /* alnum */
371 NULL, /* ascii */
372 string_h, /* blank */
373 NULL, /* cntrl */
374 string_pNd, /* digit */
375 NULL, /* graph */
376 NULL, /* print */
377 NULL, /* punct */
378 string_pXps, /* space */ /* NOTE: Xps is POSIX space */
379 string_pXwd, /* word */
380 NULL, /* xdigit */
381 /* Negated cases */
382 string_PL, /* ^alpha */
383 string_PLl, /* ^lower */
384 string_PLu, /* ^upper */
385 string_PXan, /* ^alnum */
386 NULL, /* ^ascii */
387 string_H, /* ^blank */
388 NULL, /* ^cntrl */
389 string_PNd, /* ^digit */
390 NULL, /* ^graph */
391 NULL, /* ^print */
392 NULL, /* ^punct */
393 string_PXps, /* ^space */ /* NOTE: Xps is POSIX space */
394 string_PXwd, /* ^word */
395 NULL /* ^xdigit */
396 };
397 #define POSIX_SUBSIZE (sizeof(posix_substitutes) / sizeof(pcre_uchar *))
398 #endif
399
400 #define STRING(a) # a
401 #define XSTRING(s) STRING(s)
402
403 /* The texts of compile-time error messages. These are "char *" because they
404 are passed to the outside world. Do not ever re-use any error number, because
405 they are documented. Always add a new error instead. Messages marked DEAD below
406 are no longer used. This used to be a table of strings, but in order to reduce
407 the number of relocations needed when a shared library is loaded dynamically,
408 it is now one long string. We cannot use a table of offsets, because the
409 lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
410 simply count through to the one we want - this isn't a performance issue
411 because these strings are used only when there is a compilation error.
412
413 Each substring ends with \0 to insert a null character. This includes the final
414 substring, so that the whole string ends with \0\0, which can be detected when
415 counting through. */
416
417 static const char error_texts[] =
418 "no error\0"
419 "\\ at end of pattern\0"
420 "\\c at end of pattern\0"
421 "unrecognized character follows \\\0"
422 "numbers out of order in {} quantifier\0"
423 /* 5 */
424 "number too big in {} quantifier\0"
425 "missing terminating ] for character class\0"
426 "invalid escape sequence in character class\0"
427 "range out of order in character class\0"
428 "nothing to repeat\0"
429 /* 10 */
430 "operand of unlimited repeat could match the empty string\0" /** DEAD **/
431 "internal error: unexpected repeat\0"
432 "unrecognized character after (? or (?-\0"
433 "POSIX named classes are supported only within a class\0"
434 "missing )\0"
435 /* 15 */
436 "reference to non-existent subpattern\0"
437 "erroffset passed as NULL\0"
438 "unknown option bit(s) set\0"
439 "missing ) after comment\0"
440 "parentheses nested too deeply\0" /** DEAD **/
441 /* 20 */
442 "regular expression is too large\0"
443 "failed to get memory\0"
444 "unmatched parentheses\0"
445 "internal error: code overflow\0"
446 "unrecognized character after (?<\0"
447 /* 25 */
448 "lookbehind assertion is not fixed length\0"
449 "malformed number or name after (?(\0"
450 "conditional group contains more than two branches\0"
451 "assertion expected after (?(\0"
452 "(?R or (?[+-]digits must be followed by )\0"
453 /* 30 */
454 "unknown POSIX class name\0"
455 "POSIX collating elements are not supported\0"
456 "this version of PCRE is compiled without UTF support\0"
457 "spare error\0" /** DEAD **/
458 "character value in \\x{...} sequence is too large\0"
459 /* 35 */
460 "invalid condition (?(0)\0"
461 "\\C not allowed in lookbehind assertion\0"
462 "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
463 "number after (?C is > 255\0"
464 "closing ) for (?C expected\0"
465 /* 40 */
466 "recursive call could loop indefinitely\0"
467 "unrecognized character after (?P\0"
468 "syntax error in subpattern name (missing terminator)\0"
469 "two named subpatterns have the same name\0"
470 "invalid UTF-8 string\0"
471 /* 45 */
472 "support for \\P, \\p, and \\X has not been compiled\0"
473 "malformed \\P or \\p sequence\0"
474 "unknown property name after \\P or \\p\0"
475 "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
476 "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
477 /* 50 */
478 "repeated subpattern is too long\0" /** DEAD **/
479 "octal value is greater than \\377 in 8-bit non-UTF-8 mode\0"
480 "internal error: overran compiling workspace\0"
481 "internal error: previously-checked referenced subpattern not found\0"
482 "DEFINE group contains more than one branch\0"
483 /* 55 */
484 "repeating a DEFINE group is not allowed\0" /** DEAD **/
485 "inconsistent NEWLINE options\0"
486 "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
487 "a numbered reference must not be zero\0"
488 "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
489 /* 60 */
490 "(*VERB) not recognized\0"
491 "number is too big\0"
492 "subpattern name expected\0"
493 "digit expected after (?+\0"
494 "] is an invalid data character in JavaScript compatibility mode\0"
495 /* 65 */
496 "different names for subpatterns of the same number are not allowed\0"
497 "(*MARK) must have an argument\0"
498 "this version of PCRE is not compiled with Unicode property support\0"
499 "\\c must be followed by an ASCII character\0"
500 "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
501 /* 70 */
502 "internal error: unknown opcode in find_fixedlength()\0"
503 "\\N is not supported in a class\0"
504 "too many forward references\0"
505 "disallowed Unicode code point (>= 0xd800 && <= 0xdfff)\0"
506 "invalid UTF-16 string\0"
507 /* 75 */
508 "name is too long in (*MARK), (*PRUNE), (*SKIP), or (*THEN)\0"
509 "character value in \\u.... sequence is too large\0"
510 "invalid UTF-32 string\0"
511 ;
512
513 /* Table to identify digits and hex digits. This is used when compiling
514 patterns. Note that the tables in chartables are dependent on the locale, and
515 may mark arbitrary characters as digits - but the PCRE compiling code expects
516 to handle only 0-9, a-z, and A-Z as digits when compiling. That is why we have
517 a private table here. It costs 256 bytes, but it is a lot faster than doing
518 character value tests (at least in some simple cases I timed), and in some
519 applications one wants PCRE to compile efficiently as well as match
520 efficiently.
521
522 For convenience, we use the same bit definitions as in chartables:
523
524 0x04 decimal digit
525 0x08 hexadecimal digit
526
527 Then we can use ctype_digit and ctype_xdigit in the code. */
528
529 /* Using a simple comparison for decimal numbers rather than a memory read
530 is much faster, and the resulting code is simpler (the compiler turns it
531 into a subtraction and unsigned comparison). */
532
533 #define IS_DIGIT(x) ((x) >= CHAR_0 && (x) <= CHAR_9)
534
535 #ifndef EBCDIC
536
537 /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
538 UTF-8 mode. */
539
540 static const pcre_uint8 digitab[] =
541 {
542 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 */
543 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
544 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 */
545 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
546 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - ' */
547 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ( - / */
548 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 */
549 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00, /* 8 - ? */
550 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* @ - G */
551 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H - O */
552 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* P - W */
553 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* X - _ */
554 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* ` - g */
555 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h - o */
556 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p - w */
557 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x -127 */
558 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 128-135 */
559 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 136-143 */
560 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144-151 */
561 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 152-159 */
562 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160-167 */
563 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 168-175 */
564 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 176-183 */
565 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
566 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 192-199 */
567 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 200-207 */
568 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 208-215 */
569 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 216-223 */
570 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 224-231 */
571 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 232-239 */
572 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
573 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
574
575 #else
576
577 /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
578
579 static const pcre_uint8 digitab[] =
580 {
581 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 0 */
582 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
583 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 10 */
584 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
585 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 32- 39 20 */
586 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
587 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 30 */
588 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
589 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 40 */
590 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 72- | */
591 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 50 */
592 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 88- 95 */
593 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 60 */
594 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ? */
595 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
596 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
597 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* 128- g 80 */
598 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
599 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144- p 90 */
600 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
601 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160- x A0 */
602 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
603 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 B0 */
604 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
605 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* { - G C0 */
606 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
607 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* } - P D0 */
608 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
609 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* \ - X E0 */
610 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
611 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 F0 */
612 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
613
614 static const pcre_uint8 ebcdic_chartab[] = { /* chartable partial dup */
615 0x80,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 0- 7 */
616 0x00,0x00,0x00,0x00,0x01,0x01,0x00,0x00, /* 8- 15 */
617 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 16- 23 */
618 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
619 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 32- 39 */
620 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
621 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 */
622 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
623 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 */
624 0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /* 72- | */
625 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 */
626 0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /* 88- 95 */
627 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 */
628 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ? */
629 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
630 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
631 0x00,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* 128- g */
632 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
633 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* 144- p */
634 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
635 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* 160- x */
636 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
637 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 */
638 0x00,0x00,0x80,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
639 0x80,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* { - G */
640 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
641 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* } - P */
642 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
643 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* \ - X */
644 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
645 0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c, /* 0 - 7 */
646 0x1c,0x1c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
647 #endif
648
649
650
651 /*************************************************
652 * Find an error text *
653 *************************************************/
654
655 /* The error texts are now all in one long string, to save on relocations. As
656 some of the text is of unknown length, we can't use a table of offsets.
657 Instead, just count through the strings. This is not a performance issue
658 because it happens only when there has been a compilation error.
659
660 Argument: the error number
661 Returns: pointer to the error string
662 */
663
664 static const char *
665 find_error_text(int n)
666 {
667 const char *s = error_texts;
668 for (; n > 0; n--)
669 {
670 while (*s++ != 0) {};
671 if (*s == 0) return "Error text not found (please report)";
672 }
673 return s;
674 }
675
676
677 /*************************************************
678 * Expand the workspace *
679 *************************************************/
680
681 /* This function is called during the second compiling phase, if the number of
682 forward references fills the existing workspace, which is originally a block on
683 the stack. A larger block is obtained from malloc() unless the ultimate limit
684 has been reached or the increase will be rather small.
685
686 Argument: pointer to the compile data block
687 Returns: 0 if all went well, else an error number
688 */
689
690 static int
691 expand_workspace(compile_data *cd)
692 {
693 pcre_uchar *newspace;
694 int newsize = cd->workspace_size * 2;
695
696 if (newsize > COMPILE_WORK_SIZE_MAX) newsize = COMPILE_WORK_SIZE_MAX;
697 if (cd->workspace_size >= COMPILE_WORK_SIZE_MAX ||
698 newsize - cd->workspace_size < WORK_SIZE_SAFETY_MARGIN)
699 return ERR72;
700
701 newspace = (PUBL(malloc))(IN_UCHARS(newsize));
702 if (newspace == NULL) return ERR21;
703 memcpy(newspace, cd->start_workspace, cd->workspace_size * sizeof(pcre_uchar));
704 cd->hwm = (pcre_uchar *)newspace + (cd->hwm - cd->start_workspace);
705 if (cd->workspace_size > COMPILE_WORK_SIZE)
706 (PUBL(free))((void *)cd->start_workspace);
707 cd->start_workspace = newspace;
708 cd->workspace_size = newsize;
709 return 0;
710 }
711
712
713
714 /*************************************************
715 * Check for counted repeat *
716 *************************************************/
717
718 /* This function is called when a '{' is encountered in a place where it might
719 start a quantifier. It looks ahead to see if it really is a quantifier or not.
720 It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
721 where the ddds are digits.
722
723 Arguments:
724 p pointer to the first char after '{'
725
726 Returns: TRUE or FALSE
727 */
728
729 static BOOL
730 is_counted_repeat(const pcre_uchar *p)
731 {
732 if (!IS_DIGIT(*p)) return FALSE;
733 p++;
734 while (IS_DIGIT(*p)) p++;
735 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
736
737 if (*p++ != CHAR_COMMA) return FALSE;
738 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
739
740 if (!IS_DIGIT(*p)) return FALSE;
741 p++;
742 while (IS_DIGIT(*p)) p++;
743
744 return (*p == CHAR_RIGHT_CURLY_BRACKET);
745 }
746
747
748
749 /*************************************************
750 * Handle escapes *
751 *************************************************/
752
753 /* This function is called when a \ has been encountered. It either returns a
754 positive value for a simple escape such as \n, or 0 for a data character
755 which will be placed in chptr. A backreference to group n is returned as
756 negative n. When UTF-8 is enabled, a positive value greater than 255 may
757 be returned in chptr.
758 On entry,ptr is pointing at the \. On exit, it is on the final character of the
759 escape sequence.
760
761 Arguments:
762 ptrptr points to the pattern position pointer
763 chptr points to the data character
764 errorcodeptr points to the errorcode variable
765 bracount number of previous extracting brackets
766 options the options bits
767 isclass TRUE if inside a character class
768
769 Returns: zero => a data character
770 positive => a special escape sequence
771 negative => a back reference
772 on error, errorcodeptr is set
773 */
774
775 static int
776 check_escape(const pcre_uchar **ptrptr, pcre_uint32 *chptr, int *errorcodeptr,
777 int bracount, int options, BOOL isclass)
778 {
779 /* PCRE_UTF16 has the same value as PCRE_UTF8. */
780 BOOL utf = (options & PCRE_UTF8) != 0;
781 const pcre_uchar *ptr = *ptrptr + 1;
782 pcre_uint32 c;
783 int escape = 0;
784 int i;
785
786 GETCHARINCTEST(c, ptr); /* Get character value, increment pointer */
787 ptr--; /* Set pointer back to the last byte */
788
789 /* If backslash is at the end of the pattern, it's an error. */
790
791 if (c == 0) *errorcodeptr = ERR1;
792
793 /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
794 in a table. A non-zero result is something that can be returned immediately.
795 Otherwise further processing may be required. */
796
797 #ifndef EBCDIC /* ASCII/UTF-8 coding */
798 /* Not alphanumeric */
799 else if (c < CHAR_0 || c > CHAR_z) {}
800 else if ((i = escapes[c - CHAR_0]) != 0) { if (i > 0) c = (pcre_uint32)i; else escape = -i; }
801
802 #else /* EBCDIC coding */
803 /* Not alphanumeric */
804 else if (c < CHAR_a || (!MAX_255(c) || (ebcdic_chartab[c] & 0x0E) == 0)) {}
805 else if ((i = escapes[c - 0x48]) != 0) { if (i > 0) c = (pcre_uint32)i; else escape = -i; }
806 #endif
807
808 /* Escapes that need further processing, or are illegal. */
809
810 else
811 {
812 const pcre_uchar *oldptr;
813 BOOL braced, negated, overflow;
814 int s;
815
816 switch (c)
817 {
818 /* A number of Perl escapes are not handled by PCRE. We give an explicit
819 error. */
820
821 case CHAR_l:
822 case CHAR_L:
823 *errorcodeptr = ERR37;
824 break;
825
826 case CHAR_u:
827 if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
828 {
829 /* In JavaScript, \u must be followed by four hexadecimal numbers.
830 Otherwise it is a lowercase u letter. */
831 if (MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0
832 && MAX_255(ptr[2]) && (digitab[ptr[2]] & ctype_xdigit) != 0
833 && MAX_255(ptr[3]) && (digitab[ptr[3]] & ctype_xdigit) != 0
834 && MAX_255(ptr[4]) && (digitab[ptr[4]] & ctype_xdigit) != 0)
835 {
836 c = 0;
837 for (i = 0; i < 4; ++i)
838 {
839 register pcre_uint32 cc = *(++ptr);
840 #ifndef EBCDIC /* ASCII/UTF-8 coding */
841 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
842 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
843 #else /* EBCDIC coding */
844 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
845 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
846 #endif
847 }
848
849 #if defined COMPILE_PCRE8
850 if (c > (utf ? 0x10ffff : 0xff))
851 #elif defined COMPILE_PCRE16
852 if (c > (utf ? 0x10ffff : 0xffff))
853 #elif defined COMPILE_PCRE32
854 if (utf && c > 0x10ffff)
855 #endif
856 {
857 *errorcodeptr = ERR76;
858 }
859 else if (utf && c >= 0xd800 && c <= 0xdfff) *errorcodeptr = ERR73;
860 }
861 }
862 else
863 *errorcodeptr = ERR37;
864 break;
865
866 case CHAR_U:
867 /* In JavaScript, \U is an uppercase U letter. */
868 if ((options & PCRE_JAVASCRIPT_COMPAT) == 0) *errorcodeptr = ERR37;
869 break;
870
871 /* In a character class, \g is just a literal "g". Outside a character
872 class, \g must be followed by one of a number of specific things:
873
874 (1) A number, either plain or braced. If positive, it is an absolute
875 backreference. If negative, it is a relative backreference. This is a Perl
876 5.10 feature.
877
878 (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
879 is part of Perl's movement towards a unified syntax for back references. As
880 this is synonymous with \k{name}, we fudge it up by pretending it really
881 was \k.
882
883 (3) For Oniguruma compatibility we also support \g followed by a name or a
884 number either in angle brackets or in single quotes. However, these are
885 (possibly recursive) subroutine calls, _not_ backreferences. Just return
886 the ESC_g code (cf \k). */
887
888 case CHAR_g:
889 if (isclass) break;
890 if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
891 {
892 escape = ESC_g;
893 break;
894 }
895
896 /* Handle the Perl-compatible cases */
897
898 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
899 {
900 const pcre_uchar *p;
901 for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
902 if (*p != CHAR_MINUS && !IS_DIGIT(*p)) break;
903 if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
904 {
905 escape = ESC_k;
906 break;
907 }
908 braced = TRUE;
909 ptr++;
910 }
911 else braced = FALSE;
912
913 if (ptr[1] == CHAR_MINUS)
914 {
915 negated = TRUE;
916 ptr++;
917 }
918 else negated = FALSE;
919
920 /* The integer range is limited by the machine's int representation. */
921 s = 0;
922 overflow = FALSE;
923 while (IS_DIGIT(ptr[1]))
924 {
925 if (s > INT_MAX / 10 - 1) /* Integer overflow */
926 {
927 overflow = TRUE;
928 break;
929 }
930 s = s * 10 + (int)(*(++ptr) - CHAR_0);
931 }
932 if (overflow) /* Integer overflow */
933 {
934 while (IS_DIGIT(ptr[1]))
935 ptr++;
936 *errorcodeptr = ERR61;
937 break;
938 }
939
940 if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
941 {
942 *errorcodeptr = ERR57;
943 break;
944 }
945
946 if (s == 0)
947 {
948 *errorcodeptr = ERR58;
949 break;
950 }
951
952 if (negated)
953 {
954 if (s > bracount)
955 {
956 *errorcodeptr = ERR15;
957 break;
958 }
959 s = bracount - (s - 1);
960 }
961
962 escape = -s;
963 break;
964
965 /* The handling of escape sequences consisting of a string of digits
966 starting with one that is not zero is not straightforward. By experiment,
967 the way Perl works seems to be as follows:
968
969 Outside a character class, the digits are read as a decimal number. If the
970 number is less than 10, or if there are that many previous extracting
971 left brackets, then it is a back reference. Otherwise, up to three octal
972 digits are read to form an escaped byte. Thus \123 is likely to be octal
973 123 (cf \0123, which is octal 012 followed by the literal 3). If the octal
974 value is greater than 377, the least significant 8 bits are taken. Inside a
975 character class, \ followed by a digit is always an octal number. */
976
977 case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
978 case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
979
980 if (!isclass)
981 {
982 oldptr = ptr;
983 /* The integer range is limited by the machine's int representation. */
984 s = (int)(c -CHAR_0);
985 overflow = FALSE;
986 while (IS_DIGIT(ptr[1]))
987 {
988 if (s > INT_MAX / 10 - 1) /* Integer overflow */
989 {
990 overflow = TRUE;
991 break;
992 }
993 s = s * 10 + (int)(*(++ptr) - CHAR_0);
994 }
995 if (overflow) /* Integer overflow */
996 {
997 while (IS_DIGIT(ptr[1]))
998 ptr++;
999 *errorcodeptr = ERR61;
1000 break;
1001 }
1002 if (s < 10 || s <= bracount)
1003 {
1004 escape = -s;
1005 break;
1006 }
1007 ptr = oldptr; /* Put the pointer back and fall through */
1008 }
1009
1010 /* Handle an octal number following \. If the first digit is 8 or 9, Perl
1011 generates a binary zero byte and treats the digit as a following literal.
1012 Thus we have to pull back the pointer by one. */
1013
1014 if ((c = *ptr) >= CHAR_8)
1015 {
1016 ptr--;
1017 c = 0;
1018 break;
1019 }
1020
1021 /* \0 always starts an octal number, but we may drop through to here with a
1022 larger first octal digit. The original code used just to take the least
1023 significant 8 bits of octal numbers (I think this is what early Perls used
1024 to do). Nowadays we allow for larger numbers in UTF-8 mode and 16-bit mode,
1025 but no more than 3 octal digits. */
1026
1027 case CHAR_0:
1028 c -= CHAR_0;
1029 while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
1030 c = c * 8 + *(++ptr) - CHAR_0;
1031 #ifdef COMPILE_PCRE8
1032 if (!utf && c > 0xff) *errorcodeptr = ERR51;
1033 #endif
1034 break;
1035
1036 /* \x is complicated. \x{ddd} is a character number which can be greater
1037 than 0xff in utf or non-8bit mode, but only if the ddd are hex digits.
1038 If not, { is treated as a data character. */
1039
1040 case CHAR_x:
1041 if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
1042 {
1043 /* In JavaScript, \x must be followed by two hexadecimal numbers.
1044 Otherwise it is a lowercase x letter. */
1045 if (MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0
1046 && MAX_255(ptr[2]) && (digitab[ptr[2]] & ctype_xdigit) != 0)
1047 {
1048 c = 0;
1049 for (i = 0; i < 2; ++i)
1050 {
1051 register pcre_uint32 cc = *(++ptr);
1052 #ifndef EBCDIC /* ASCII/UTF-8 coding */
1053 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
1054 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
1055 #else /* EBCDIC coding */
1056 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
1057 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
1058 #endif
1059 }
1060 }
1061 break;
1062 }
1063
1064 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
1065 {
1066 const pcre_uchar *pt = ptr + 2;
1067
1068 c = 0;
1069 overflow = FALSE;
1070 while (MAX_255(*pt) && (digitab[*pt] & ctype_xdigit) != 0)
1071 {
1072 register pcre_uint32 cc = *pt++;
1073 if (c == 0 && cc == CHAR_0) continue; /* Leading zeroes */
1074
1075 #ifdef COMPILE_PCRE32
1076 if (c >= 0x10000000l) { overflow = TRUE; break; }
1077 #endif
1078
1079 #ifndef EBCDIC /* ASCII/UTF-8 coding */
1080 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
1081 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
1082 #else /* EBCDIC coding */
1083 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
1084 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
1085 #endif
1086
1087 #if defined COMPILE_PCRE8
1088 if (c > (utf ? 0x10ffff : 0xff)) { overflow = TRUE; break; }
1089 #elif defined COMPILE_PCRE16
1090 if (c > (utf ? 0x10ffff : 0xffff)) { overflow = TRUE; break; }
1091 #elif defined COMPILE_PCRE32
1092 if (utf && c > 0x10ffff) { overflow = TRUE; break; }
1093 #endif
1094 }
1095
1096 if (overflow)
1097 {
1098 while (MAX_255(*pt) && (digitab[*pt] & ctype_xdigit) != 0) pt++;
1099 *errorcodeptr = ERR34;
1100 }
1101
1102 if (*pt == CHAR_RIGHT_CURLY_BRACKET)
1103 {
1104 if (utf && c >= 0xd800 && c <= 0xdfff) *errorcodeptr = ERR73;
1105 ptr = pt;
1106 break;
1107 }
1108
1109 /* If the sequence of hex digits does not end with '}', then we don't
1110 recognize this construct; fall through to the normal \x handling. */
1111 }
1112
1113 /* Read just a single-byte hex-defined char */
1114
1115 c = 0;
1116 while (i++ < 2 && MAX_255(ptr[1]) && (digitab[ptr[1]] & ctype_xdigit) != 0)
1117 {
1118 pcre_uint32 cc; /* Some compilers don't like */
1119 cc = *(++ptr); /* ++ in initializers */
1120 #ifndef EBCDIC /* ASCII/UTF-8 coding */
1121 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
1122 c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
1123 #else /* EBCDIC coding */
1124 if (cc <= CHAR_z) cc += 64; /* Convert to upper case */
1125 c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
1126 #endif
1127 }
1128 break;
1129
1130 /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
1131 An error is given if the byte following \c is not an ASCII character. This
1132 coding is ASCII-specific, but then the whole concept of \cx is
1133 ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
1134
1135 case CHAR_c:
1136 c = *(++ptr);
1137 if (c == 0)
1138 {
1139 *errorcodeptr = ERR2;
1140 break;
1141 }
1142 #ifndef EBCDIC /* ASCII/UTF-8 coding */
1143 if (c > 127) /* Excludes all non-ASCII in either mode */
1144 {
1145 *errorcodeptr = ERR68;
1146 break;
1147 }
1148 if (c >= CHAR_a && c <= CHAR_z) c -= 32;
1149 c ^= 0x40;
1150 #else /* EBCDIC coding */
1151 if (c >= CHAR_a && c <= CHAR_z) c += 64;
1152 c ^= 0xC0;
1153 #endif
1154 break;
1155
1156 /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
1157 other alphanumeric following \ is an error if PCRE_EXTRA was set;
1158 otherwise, for Perl compatibility, it is a literal. This code looks a bit
1159 odd, but there used to be some cases other than the default, and there may
1160 be again in future, so I haven't "optimized" it. */
1161
1162 default:
1163 if ((options & PCRE_EXTRA) != 0) switch(c)
1164 {
1165 default:
1166 *errorcodeptr = ERR3;
1167 break;
1168 }
1169 break;
1170 }
1171 }
1172
1173 /* Perl supports \N{name} for character names, as well as plain \N for "not
1174 newline". PCRE does not support \N{name}. However, it does support
1175 quantification such as \N{2,3}. */
1176
1177 if (escape == ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
1178 !is_counted_repeat(ptr+2))
1179 *errorcodeptr = ERR37;
1180
1181 /* If PCRE_UCP is set, we change the values for \d etc. */
1182
1183 if ((options & PCRE_UCP) != 0 && escape >= ESC_D && escape <= ESC_w)
1184 escape += (ESC_DU - ESC_D);
1185
1186 /* Set the pointer to the final character before returning. */
1187
1188 *ptrptr = ptr;
1189 *chptr = c;
1190 return escape;
1191 }
1192
1193 #ifdef SUPPORT_UCP
1194 /*************************************************
1195 * Handle \P and \p *
1196 *************************************************/
1197
1198 /* This function is called after \P or \p has been encountered, provided that
1199 PCRE is compiled with support for Unicode properties. On entry, ptrptr is
1200 pointing at the P or p. On exit, it is pointing at the final character of the
1201 escape sequence.
1202
1203 Argument:
1204 ptrptr points to the pattern position pointer
1205 negptr points to a boolean that is set TRUE for negation else FALSE
1206 ptypeptr points to an unsigned int that is set to the type value
1207 pdataptr points to an unsigned int that is set to the detailed property value
1208 errorcodeptr points to the error code variable
1209
1210 Returns: TRUE if the type value was found, or FALSE for an invalid type
1211 */
1212
1213 static BOOL
1214 get_ucp(const pcre_uchar **ptrptr, BOOL *negptr, unsigned int *ptypeptr,
1215 unsigned int *pdataptr, int *errorcodeptr)
1216 {
1217 pcre_uchar c;
1218 int i, bot, top;
1219 const pcre_uchar *ptr = *ptrptr;
1220 pcre_uchar name[32];
1221
1222 c = *(++ptr);
1223 if (c == 0) goto ERROR_RETURN;
1224
1225 *negptr = FALSE;
1226
1227 /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
1228 negation. */
1229
1230 if (c == CHAR_LEFT_CURLY_BRACKET)
1231 {
1232 if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1233 {
1234 *negptr = TRUE;
1235 ptr++;
1236 }
1237 for (i = 0; i < (int)(sizeof(name) / sizeof(pcre_uchar)) - 1; i++)
1238 {
1239 c = *(++ptr);
1240 if (c == 0) goto ERROR_RETURN;
1241 if (c == CHAR_RIGHT_CURLY_BRACKET) break;
1242 name[i] = c;
1243 }
1244 if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
1245 name[i] = 0;
1246 }
1247
1248 /* Otherwise there is just one following character */
1249
1250 else
1251 {
1252 name[0] = c;
1253 name[1] = 0;
1254 }
1255
1256 *ptrptr = ptr;
1257
1258 /* Search for a recognized property name using binary chop */
1259
1260 bot = 0;
1261 top = PRIV(utt_size);
1262
1263 while (bot < top)
1264 {
1265 int r;
1266 i = (bot + top) >> 1;
1267 r = STRCMP_UC_C8(name, PRIV(utt_names) + PRIV(utt)[i].name_offset);
1268 if (r == 0)
1269 {
1270 *ptypeptr = PRIV(utt)[i].type;
1271 *pdataptr = PRIV(utt)[i].value;
1272 return TRUE;
1273 }
1274 if (r > 0) bot = i + 1; else top = i;
1275 }
1276
1277 *errorcodeptr = ERR47;
1278 *ptrptr = ptr;
1279 return FALSE;
1280
1281 ERROR_RETURN:
1282 *errorcodeptr = ERR46;
1283 *ptrptr = ptr;
1284 return FALSE;
1285 }
1286 #endif
1287
1288
1289
1290
1291 /*************************************************
1292 * Read repeat counts *
1293 *************************************************/
1294
1295 /* Read an item of the form {n,m} and return the values. This is called only
1296 after is_counted_repeat() has confirmed that a repeat-count quantifier exists,
1297 so the syntax is guaranteed to be correct, but we need to check the values.
1298
1299 Arguments:
1300 p pointer to first char after '{'
1301 minp pointer to int for min
1302 maxp pointer to int for max
1303 returned as -1 if no max
1304 errorcodeptr points to error code variable
1305
1306 Returns: pointer to '}' on success;
1307 current ptr on error, with errorcodeptr set non-zero
1308 */
1309
1310 static const pcre_uchar *
1311 read_repeat_counts(const pcre_uchar *p, int *minp, int *maxp, int *errorcodeptr)
1312 {
1313 int min = 0;
1314 int max = -1;
1315
1316 /* Read the minimum value and do a paranoid check: a negative value indicates
1317 an integer overflow. */
1318
1319 while (IS_DIGIT(*p)) min = min * 10 + (int)(*p++ - CHAR_0);
1320 if (min < 0 || min > 65535)
1321 {
1322 *errorcodeptr = ERR5;
1323 return p;
1324 }
1325
1326 /* Read the maximum value if there is one, and again do a paranoid on its size.
1327 Also, max must not be less than min. */
1328
1329 if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
1330 {
1331 if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
1332 {
1333 max = 0;
1334 while(IS_DIGIT(*p)) max = max * 10 + (int)(*p++ - CHAR_0);
1335 if (max < 0 || max > 65535)
1336 {
1337 *errorcodeptr = ERR5;
1338 return p;
1339 }
1340 if (max < min)
1341 {
1342 *errorcodeptr = ERR4;
1343 return p;
1344 }
1345 }
1346 }
1347
1348 /* Fill in the required variables, and pass back the pointer to the terminating
1349 '}'. */
1350
1351 *minp = min;
1352 *maxp = max;
1353 return p;
1354 }
1355
1356
1357
1358 /*************************************************
1359 * Subroutine for finding forward reference *
1360 *************************************************/
1361
1362 /* This recursive function is called only from find_parens() below. The
1363 top-level call starts at the beginning of the pattern. All other calls must
1364 start at a parenthesis. It scans along a pattern's text looking for capturing
1365 subpatterns, and counting them. If it finds a named pattern that matches the
1366 name it is given, it returns its number. Alternatively, if the name is NULL, it
1367 returns when it reaches a given numbered subpattern. Recursion is used to keep
1368 track of subpatterns that reset the capturing group numbers - the (?| feature.
1369
1370 This function was originally called only from the second pass, in which we know
1371 that if (?< or (?' or (?P< is encountered, the name will be correctly
1372 terminated because that is checked in the first pass. There is now one call to
1373 this function in the first pass, to check for a recursive back reference by
1374 name (so that we can make the whole group atomic). In this case, we need check
1375 only up to the current position in the pattern, and that is still OK because
1376 and previous occurrences will have been checked. To make this work, the test
1377 for "end of pattern" is a check against cd->end_pattern in the main loop,
1378 instead of looking for a binary zero. This means that the special first-pass
1379 call can adjust cd->end_pattern temporarily. (Checks for binary zero while
1380 processing items within the loop are OK, because afterwards the main loop will
1381 terminate.)
1382
1383 Arguments:
1384 ptrptr address of the current character pointer (updated)
1385 cd compile background data
1386 name name to seek, or NULL if seeking a numbered subpattern
1387 lorn name length, or subpattern number if name is NULL
1388 xmode TRUE if we are in /x mode
1389 utf TRUE if we are in UTF-8 / UTF-16 / UTF-32 mode
1390 count pointer to the current capturing subpattern number (updated)
1391
1392 Returns: the number of the named subpattern, or -1 if not found
1393 */
1394
1395 static int
1396 find_parens_sub(pcre_uchar **ptrptr, compile_data *cd, const pcre_uchar *name, int lorn,
1397 BOOL xmode, BOOL utf, int *count)
1398 {
1399 pcre_uchar *ptr = *ptrptr;
1400 int start_count = *count;
1401 int hwm_count = start_count;
1402 BOOL dup_parens = FALSE;
1403
1404 /* If the first character is a parenthesis, check on the type of group we are
1405 dealing with. The very first call may not start with a parenthesis. */
1406
1407 if (ptr[0] == CHAR_LEFT_PARENTHESIS)
1408 {
1409 /* Handle specials such as (*SKIP) or (*UTF8) etc. */
1410
1411 if (ptr[1] == CHAR_ASTERISK) ptr += 2;
1412
1413 /* Handle a normal, unnamed capturing parenthesis. */
1414
1415 else if (ptr[1] != CHAR_QUESTION_MARK)
1416 {
1417 *count += 1;
1418 if (name == NULL && *count == lorn) return *count;
1419 ptr++;
1420 }
1421
1422 /* All cases now have (? at the start. Remember when we are in a group
1423 where the parenthesis numbers are duplicated. */
1424
1425 else if (ptr[2] == CHAR_VERTICAL_LINE)
1426 {
1427 ptr += 3;
1428 dup_parens = TRUE;
1429 }
1430
1431 /* Handle comments; all characters are allowed until a ket is reached. */
1432
1433 else if (ptr[2] == CHAR_NUMBER_SIGN)
1434 {
1435 for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
1436 goto FAIL_EXIT;
1437 }
1438
1439 /* Handle a condition. If it is an assertion, just carry on so that it
1440 is processed as normal. If not, skip to the closing parenthesis of the
1441 condition (there can't be any nested parens). */
1442
1443 else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
1444 {
1445 ptr += 2;
1446 if (ptr[1] != CHAR_QUESTION_MARK)
1447 {
1448 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
1449 if (*ptr != 0) ptr++;
1450 }
1451 }
1452
1453 /* Start with (? but not a condition. */
1454
1455 else
1456 {
1457 ptr += 2;
1458 if (*ptr == CHAR_P) ptr++; /* Allow optional P */
1459
1460 /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
1461
1462 if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
1463 ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
1464 {
1465 pcre_uchar term;
1466 const pcre_uchar *thisname;
1467 *count += 1;
1468 if (name == NULL && *count == lorn) return *count;
1469 term = *ptr++;
1470 if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
1471 thisname = ptr;
1472 while (*ptr != term) ptr++;
1473 if (name != NULL && lorn == (int)(ptr - thisname) &&
1474 STRNCMP_UC_UC(name, thisname, (unsigned int)lorn) == 0)
1475 return *count;
1476 term++;
1477 }
1478 }
1479 }
1480
1481 /* Past any initial parenthesis handling, scan for parentheses or vertical
1482 bars. Stop if we get to cd->end_pattern. Note that this is important for the
1483 first-pass call when this value is temporarily adjusted to stop at the current
1484 position. So DO NOT change this to a test for binary zero. */
1485
1486 for (; ptr < cd->end_pattern; ptr++)
1487 {
1488 /* Skip over backslashed characters and also entire \Q...\E */
1489
1490 if (*ptr == CHAR_BACKSLASH)
1491 {
1492 if (*(++ptr) == 0) goto FAIL_EXIT;
1493 if (*ptr == CHAR_Q) for (;;)
1494 {
1495 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1496 if (*ptr == 0) goto FAIL_EXIT;
1497 if (*(++ptr) == CHAR_E) break;
1498 }
1499 continue;
1500 }
1501
1502 /* Skip over character classes; this logic must be similar to the way they
1503 are handled for real. If the first character is '^', skip it. Also, if the
1504 first few characters (either before or after ^) are \Q\E or \E we skip them
1505 too. This makes for compatibility with Perl. Note the use of STR macros to
1506 encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
1507
1508 if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
1509 {
1510 BOOL negate_class = FALSE;
1511 for (;;)
1512 {
1513 if (ptr[1] == CHAR_BACKSLASH)
1514 {
1515 if (ptr[2] == CHAR_E)
1516 ptr+= 2;
1517 else if (STRNCMP_UC_C8(ptr + 2,
1518 STR_Q STR_BACKSLASH STR_E, 3) == 0)
1519 ptr += 4;
1520 else
1521 break;
1522 }
1523 else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1524 {
1525 negate_class = TRUE;
1526 ptr++;
1527 }
1528 else break;
1529 }
1530
1531 /* If the next character is ']', it is a data character that must be
1532 skipped, except in JavaScript compatibility mode. */
1533
1534 if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
1535 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
1536 ptr++;
1537
1538 while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
1539 {
1540 if (*ptr == 0) return -1;
1541 if (*ptr == CHAR_BACKSLASH)
1542 {
1543 if (*(++ptr) == 0) goto FAIL_EXIT;
1544 if (*ptr == CHAR_Q) for (;;)
1545 {
1546 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1547 if (*ptr == 0) goto FAIL_EXIT;
1548 if (*(++ptr) == CHAR_E) break;
1549 }
1550 continue;
1551 }
1552 }
1553 continue;
1554 }
1555
1556 /* Skip comments in /x mode */
1557
1558 if (xmode && *ptr == CHAR_NUMBER_SIGN)
1559 {
1560 ptr++;
1561 while (*ptr != 0)
1562 {
1563 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
1564 ptr++;
1565 #ifdef SUPPORT_UTF
1566 if (utf) FORWARDCHAR(ptr);
1567 #endif
1568 }
1569 if (*ptr == 0) goto FAIL_EXIT;
1570 continue;
1571 }
1572
1573 /* Check for the special metacharacters */
1574
1575 if (*ptr == CHAR_LEFT_PARENTHESIS)
1576 {
1577 int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf, count);
1578 if (rc > 0) return rc;
1579 if (*ptr == 0) goto FAIL_EXIT;
1580 }
1581
1582 else if (*ptr == CHAR_RIGHT_PARENTHESIS)
1583 {
1584 if (dup_parens && *count < hwm_count) *count = hwm_count;
1585 goto FAIL_EXIT;
1586 }
1587
1588 else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
1589 {
1590 if (*count > hwm_count) hwm_count = *count;
1591 *count = start_count;
1592 }
1593 }
1594
1595 FAIL_EXIT:
1596 *ptrptr = ptr;
1597 return -1;
1598 }
1599
1600
1601
1602
1603 /*************************************************
1604 * Find forward referenced subpattern *
1605 *************************************************/
1606
1607 /* This function scans along a pattern's text looking for capturing
1608 subpatterns, and counting them. If it finds a named pattern that matches the
1609 name it is given, it returns its number. Alternatively, if the name is NULL, it
1610 returns when it reaches a given numbered subpattern. This is used for forward
1611 references to subpatterns. We used to be able to start this scan from the
1612 current compiling point, using the current count value from cd->bracount, and
1613 do it all in a single loop, but the addition of the possibility of duplicate
1614 subpattern numbers means that we have to scan from the very start, in order to
1615 take account of such duplicates, and to use a recursive function to keep track
1616 of the different types of group.
1617
1618 Arguments:
1619 cd compile background data
1620 name name to seek, or NULL if seeking a numbered subpattern
1621 lorn name length, or subpattern number if name is NULL
1622 xmode TRUE if we are in /x mode
1623 utf TRUE if we are in UTF-8 / UTF-16 / UTF-32 mode
1624
1625 Returns: the number of the found subpattern, or -1 if not found
1626 */
1627
1628 static int
1629 find_parens(compile_data *cd, const pcre_uchar *name, int lorn, BOOL xmode,
1630 BOOL utf)
1631 {
1632 pcre_uchar *ptr = (pcre_uchar *)cd->start_pattern;
1633 int count = 0;
1634 int rc;
1635
1636 /* If the pattern does not start with an opening parenthesis, the first call
1637 to find_parens_sub() will scan right to the end (if necessary). However, if it
1638 does start with a parenthesis, find_parens_sub() will return when it hits the
1639 matching closing parens. That is why we have to have a loop. */
1640
1641 for (;;)
1642 {
1643 rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf, &count);
1644 if (rc > 0 || *ptr++ == 0) break;
1645 }
1646
1647 return rc;
1648 }
1649
1650
1651
1652
1653 /*************************************************
1654 * Find first significant op code *
1655 *************************************************/
1656
1657 /* This is called by several functions that scan a compiled expression looking
1658 for a fixed first character, or an anchoring op code etc. It skips over things
1659 that do not influence this. For some calls, it makes sense to skip negative
1660 forward and all backward assertions, and also the \b assertion; for others it
1661 does not.
1662
1663 Arguments:
1664 code pointer to the start of the group
1665 skipassert TRUE if certain assertions are to be skipped
1666
1667 Returns: pointer to the first significant opcode
1668 */
1669
1670 static const pcre_uchar*
1671 first_significant_code(const pcre_uchar *code, BOOL skipassert)
1672 {
1673 for (;;)
1674 {
1675 switch ((int)*code)
1676 {
1677 case OP_ASSERT_NOT:
1678 case OP_ASSERTBACK:
1679 case OP_ASSERTBACK_NOT:
1680 if (!skipassert) return code;
1681 do code += GET(code, 1); while (*code == OP_ALT);
1682 code += PRIV(OP_lengths)[*code];
1683 break;
1684
1685 case OP_WORD_BOUNDARY:
1686 case OP_NOT_WORD_BOUNDARY:
1687 if (!skipassert) return code;
1688 /* Fall through */
1689
1690 case OP_CALLOUT:
1691 case OP_CREF:
1692 case OP_NCREF:
1693 case OP_RREF:
1694 case OP_NRREF:
1695 case OP_DEF:
1696 code += PRIV(OP_lengths)[*code];
1697 break;
1698
1699 default:
1700 return code;
1701 }
1702 }
1703 /* Control never reaches here */
1704 }
1705
1706
1707
1708
1709 /*************************************************
1710 * Find the fixed length of a branch *
1711 *************************************************/
1712
1713 /* Scan a branch and compute the fixed length of subject that will match it,
1714 if the length is fixed. This is needed for dealing with backward assertions.
1715 In UTF8 mode, the result is in characters rather than bytes. The branch is
1716 temporarily terminated with OP_END when this function is called.
1717
1718 This function is called when a backward assertion is encountered, so that if it
1719 fails, the error message can point to the correct place in the pattern.
1720 However, we cannot do this when the assertion contains subroutine calls,
1721 because they can be forward references. We solve this by remembering this case
1722 and doing the check at the end; a flag specifies which mode we are running in.
1723
1724 Arguments:
1725 code points to the start of the pattern (the bracket)
1726 utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
1727 atend TRUE if called when the pattern is complete
1728 cd the "compile data" structure
1729
1730 Returns: the fixed length,
1731 or -1 if there is no fixed length,
1732 or -2 if \C was encountered (in UTF-8 mode only)
1733 or -3 if an OP_RECURSE item was encountered and atend is FALSE
1734 or -4 if an unknown opcode was encountered (internal error)
1735 */
1736
1737 static int
1738 find_fixedlength(pcre_uchar *code, BOOL utf, BOOL atend, compile_data *cd)
1739 {
1740 int length = -1;
1741
1742 register int branchlength = 0;
1743 register pcre_uchar *cc = code + 1 + LINK_SIZE;
1744
1745 /* Scan along the opcodes for this branch. If we get to the end of the
1746 branch, check the length against that of the other branches. */
1747
1748 for (;;)
1749 {
1750 int d;
1751 pcre_uchar *ce, *cs;
1752 register pcre_uchar op = *cc;
1753
1754 switch (op)
1755 {
1756 /* We only need to continue for OP_CBRA (normal capturing bracket) and
1757 OP_BRA (normal non-capturing bracket) because the other variants of these
1758 opcodes are all concerned with unlimited repeated groups, which of course
1759 are not of fixed length. */
1760
1761 case OP_CBRA:
1762 case OP_BRA:
1763 case OP_ONCE:
1764 case OP_ONCE_NC:
1765 case OP_COND:
1766 d = find_fixedlength(cc + ((op == OP_CBRA)? IMM2_SIZE : 0), utf, atend, cd);
1767 if (d < 0) return d;
1768 branchlength += d;
1769 do cc += GET(cc, 1); while (*cc == OP_ALT);
1770 cc += 1 + LINK_SIZE;
1771 break;
1772
1773 /* Reached end of a branch; if it's a ket it is the end of a nested call.
1774 If it's ALT it is an alternation in a nested call. An ACCEPT is effectively
1775 an ALT. If it is END it's the end of the outer call. All can be handled by
1776 the same code. Note that we must not include the OP_KETRxxx opcodes here,
1777 because they all imply an unlimited repeat. */
1778
1779 case OP_ALT:
1780 case OP_KET:
1781 case OP_END:
1782 case OP_ACCEPT:
1783 case OP_ASSERT_ACCEPT:
1784 if (length < 0) length = branchlength;
1785 else if (length != branchlength) return -1;
1786 if (*cc != OP_ALT) return length;
1787 cc += 1 + LINK_SIZE;
1788 branchlength = 0;
1789 break;
1790
1791 /* A true recursion implies not fixed length, but a subroutine call may
1792 be OK. If the subroutine is a forward reference, we can't deal with
1793 it until the end of the pattern, so return -3. */
1794
1795 case OP_RECURSE:
1796 if (!atend) return -3;
1797 cs = ce = (pcre_uchar *)cd->start_code + GET(cc, 1); /* Start subpattern */
1798 do ce += GET(ce, 1); while (*ce == OP_ALT); /* End subpattern */
1799 if (cc > cs && cc < ce) return -1; /* Recursion */
1800 d = find_fixedlength(cs + IMM2_SIZE, utf, atend, cd);
1801 if (d < 0) return d;
1802 branchlength += d;
1803 cc += 1 + LINK_SIZE;
1804 break;
1805
1806 /* Skip over assertive subpatterns */
1807
1808 case OP_ASSERT:
1809 case OP_ASSERT_NOT:
1810 case OP_ASSERTBACK:
1811 case OP_ASSERTBACK_NOT:
1812 do cc += GET(cc, 1); while (*cc == OP_ALT);
1813 cc += PRIV(OP_lengths)[*cc];
1814 break;
1815
1816 /* Skip over things that don't match chars */
1817
1818 case OP_MARK:
1819 case OP_PRUNE_ARG:
1820 case OP_SKIP_ARG:
1821 case OP_THEN_ARG:
1822 cc += cc[1] + PRIV(OP_lengths)[*cc];
1823 break;
1824
1825 case OP_CALLOUT:
1826 case OP_CIRC:
1827 case OP_CIRCM:
1828 case OP_CLOSE:
1829 case OP_COMMIT:
1830 case OP_CREF:
1831 case OP_DEF:
1832 case OP_DOLL:
1833 case OP_DOLLM:
1834 case OP_EOD:
1835 case OP_EODN:
1836 case OP_FAIL:
1837 case OP_NCREF:
1838 case OP_NRREF:
1839 case OP_NOT_WORD_BOUNDARY:
1840 case OP_PRUNE:
1841 case OP_REVERSE:
1842 case OP_RREF:
1843 case OP_SET_SOM:
1844 case OP_SKIP:
1845 case OP_SOD:
1846 case OP_SOM:
1847 case OP_THEN:
1848 case OP_WORD_BOUNDARY:
1849 cc += PRIV(OP_lengths)[*cc];
1850 break;
1851
1852 /* Handle literal characters */
1853
1854 case OP_CHAR:
1855 case OP_CHARI:
1856 case OP_NOT:
1857 case OP_NOTI:
1858 branchlength++;
1859 cc += 2;
1860 #ifdef SUPPORT_UTF
1861 if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
1862 #endif
1863 break;
1864
1865 /* Handle exact repetitions. The count is already in characters, but we
1866 need to skip over a multibyte character in UTF8 mode. */
1867
1868 case OP_EXACT:
1869 case OP_EXACTI:
1870 case OP_NOTEXACT:
1871 case OP_NOTEXACTI:
1872 branchlength += (int)GET2(cc,1);
1873 cc += 2 + IMM2_SIZE;
1874 #ifdef SUPPORT_UTF
1875 if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
1876 #endif
1877 break;
1878
1879 case OP_TYPEEXACT:
1880 branchlength += GET2(cc,1);
1881 if (cc[1 + IMM2_SIZE] == OP_PROP || cc[1 + IMM2_SIZE] == OP_NOTPROP)
1882 cc += 2;
1883 cc += 1 + IMM2_SIZE + 1;
1884 break;
1885
1886 /* Handle single-char matchers */
1887
1888 case OP_PROP:
1889 case OP_NOTPROP:
1890 cc += 2;
1891 /* Fall through */
1892
1893 case OP_HSPACE:
1894 case OP_VSPACE:
1895 case OP_NOT_HSPACE:
1896 case OP_NOT_VSPACE:
1897 case OP_NOT_DIGIT:
1898 case OP_DIGIT:
1899 case OP_NOT_WHITESPACE:
1900 case OP_WHITESPACE:
1901 case OP_NOT_WORDCHAR:
1902 case OP_WORDCHAR:
1903 case OP_ANY:
1904 case OP_ALLANY:
1905 branchlength++;
1906 cc++;
1907 break;
1908
1909 /* The single-byte matcher isn't allowed. This only happens in UTF-8 mode;
1910 otherwise \C is coded as OP_ALLANY. */
1911
1912 case OP_ANYBYTE:
1913 return -2;
1914
1915 /* Check a class for variable quantification */
1916
1917 case OP_CLASS:
1918 case OP_NCLASS:
1919 #if defined SUPPORT_UTF || defined COMPILE_PCRE16 || defined COMPILE_PCRE32
1920 case OP_XCLASS:
1921 /* The original code caused an unsigned overflow in 64 bit systems,
1922 so now we use a conditional statement. */
1923 if (op == OP_XCLASS)
1924 cc += GET(cc, 1);
1925 else
1926 cc += PRIV(OP_lengths)[OP_CLASS];
1927 #else
1928 cc += PRIV(OP_lengths)[OP_CLASS];
1929 #endif
1930
1931 switch (*cc)
1932 {
1933 case OP_CRPLUS:
1934 case OP_CRMINPLUS:
1935 case OP_CRSTAR:
1936 case OP_CRMINSTAR:
1937 case OP_CRQUERY:
1938 case OP_CRMINQUERY:
1939 return -1;
1940
1941 case OP_CRRANGE:
1942 case OP_CRMINRANGE:
1943 if (GET2(cc,1) != GET2(cc,1+IMM2_SIZE)) return -1;
1944 branchlength += (int)GET2(cc,1);
1945 cc += 1 + 2 * IMM2_SIZE;
1946 break;
1947
1948 default:
1949 branchlength++;
1950 }
1951 break;
1952
1953 /* Anything else is variable length */
1954
1955 case OP_ANYNL:
1956 case OP_BRAMINZERO:
1957 case OP_BRAPOS:
1958 case OP_BRAPOSZERO:
1959 case OP_BRAZERO:
1960 case OP_CBRAPOS:
1961 case OP_EXTUNI:
1962 case OP_KETRMAX:
1963 case OP_KETRMIN:
1964 case OP_KETRPOS:
1965 case OP_MINPLUS:
1966 case OP_MINPLUSI:
1967 case OP_MINQUERY:
1968 case OP_MINQUERYI:
1969 case OP_MINSTAR:
1970 case OP_MINSTARI:
1971 case OP_MINUPTO:
1972 case OP_MINUPTOI:
1973 case OP_NOTMINPLUS:
1974 case OP_NOTMINPLUSI:
1975 case OP_NOTMINQUERY:
1976 case OP_NOTMINQUERYI:
1977 case OP_NOTMINSTAR:
1978 case OP_NOTMINSTARI:
1979 case OP_NOTMINUPTO:
1980 case OP_NOTMINUPTOI:
1981 case OP_NOTPLUS:
1982 case OP_NOTPLUSI:
1983 case OP_NOTPOSPLUS:
1984 case OP_NOTPOSPLUSI:
1985 case OP_NOTPOSQUERY:
1986 case OP_NOTPOSQUERYI:
1987 case OP_NOTPOSSTAR:
1988 case OP_NOTPOSSTARI:
1989 case OP_NOTPOSUPTO:
1990 case OP_NOTPOSUPTOI:
1991 case OP_NOTQUERY:
1992 case OP_NOTQUERYI:
1993 case OP_NOTSTAR:
1994 case OP_NOTSTARI:
1995 case OP_NOTUPTO:
1996 case OP_NOTUPTOI:
1997 case OP_PLUS:
1998 case OP_PLUSI:
1999 case OP_POSPLUS:
2000 case OP_POSPLUSI:
2001 case OP_POSQUERY:
2002 case OP_POSQUERYI:
2003 case OP_POSSTAR:
2004 case OP_POSSTARI:
2005 case OP_POSUPTO:
2006 case OP_POSUPTOI:
2007 case OP_QUERY:
2008 case OP_QUERYI:
2009 case OP_REF:
2010 case OP_REFI:
2011 case OP_SBRA:
2012 case OP_SBRAPOS:
2013 case OP_SCBRA:
2014 case OP_SCBRAPOS:
2015 case OP_SCOND:
2016 case OP_SKIPZERO:
2017 case OP_STAR:
2018 case OP_STARI:
2019 case OP_TYPEMINPLUS:
2020 case OP_TYPEMINQUERY:
2021 case OP_TYPEMINSTAR:
2022 case OP_TYPEMINUPTO:
2023 case OP_TYPEPLUS:
2024 case OP_TYPEPOSPLUS:
2025 case OP_TYPEPOSQUERY:
2026 case OP_TYPEPOSSTAR:
2027 case OP_TYPEPOSUPTO:
2028 case OP_TYPEQUERY:
2029 case OP_TYPESTAR:
2030 case OP_TYPEUPTO:
2031 case OP_UPTO:
2032 case OP_UPTOI:
2033 return -1;
2034
2035 /* Catch unrecognized opcodes so that when new ones are added they
2036 are not forgotten, as has happened in the past. */
2037
2038 default:
2039 return -4;
2040 }
2041 }
2042 /* Control never gets here */
2043 }
2044
2045
2046
2047
2048 /*************************************************
2049 * Scan compiled regex for specific bracket *
2050 *************************************************/
2051
2052 /* This little function scans through a compiled pattern until it finds a
2053 capturing bracket with the given number, or, if the number is negative, an
2054 instance of OP_REVERSE for a lookbehind. The function is global in the C sense
2055 so that it can be called from pcre_study() when finding the minimum matching
2056 length.
2057
2058 Arguments:
2059 code points to start of expression
2060 utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
2061 number the required bracket number or negative to find a lookbehind
2062
2063 Returns: pointer to the opcode for the bracket, or NULL if not found
2064 */
2065
2066 const pcre_uchar *
2067 PRIV(find_bracket)(const pcre_uchar *code, BOOL utf, int number)
2068 {
2069 for (;;)
2070 {
2071 register pcre_uchar c = *code;
2072
2073 if (c == OP_END) return NULL;
2074
2075 /* XCLASS is used for classes that cannot be represented just by a bit
2076 map. This includes negated single high-valued characters. The length in
2077 the table is zero; the actual length is stored in the compiled code. */
2078
2079 if (c == OP_XCLASS) code += GET(code, 1);
2080
2081 /* Handle recursion */
2082
2083 else if (c == OP_REVERSE)
2084 {
2085 if (number < 0) return (pcre_uchar *)code;
2086 code += PRIV(OP_lengths)[c];
2087 }
2088
2089 /* Handle capturing bracket */
2090
2091 else if (c == OP_CBRA || c == OP_SCBRA ||
2092 c == OP_CBRAPOS || c == OP_SCBRAPOS)
2093 {
2094 int n = (int)GET2(code, 1+LINK_SIZE);
2095 if (n == number) return (pcre_uchar *)code;
2096 code += PRIV(OP_lengths)[c];
2097 }
2098
2099 /* Otherwise, we can get the item's length from the table, except that for
2100 repeated character types, we have to test for \p and \P, which have an extra
2101 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
2102 must add in its length. */
2103
2104 else
2105 {
2106 switch(c)
2107 {
2108 case OP_TYPESTAR:
2109 case OP_TYPEMINSTAR:
2110 case OP_TYPEPLUS:
2111 case OP_TYPEMINPLUS:
2112 case OP_TYPEQUERY:
2113 case OP_TYPEMINQUERY:
2114 case OP_TYPEPOSSTAR:
2115 case OP_TYPEPOSPLUS:
2116 case OP_TYPEPOSQUERY:
2117 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2118 break;
2119
2120 case OP_TYPEUPTO:
2121 case OP_TYPEMINUPTO:
2122 case OP_TYPEEXACT:
2123 case OP_TYPEPOSUPTO:
2124 if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
2125 code += 2;
2126 break;
2127
2128 case OP_MARK:
2129 case OP_PRUNE_ARG:
2130 case OP_SKIP_ARG:
2131 code += code[1];
2132 break;
2133
2134 case OP_THEN_ARG:
2135 code += code[1];
2136 break;
2137 }
2138
2139 /* Add in the fixed length from the table */
2140
2141 code += PRIV(OP_lengths)[c];
2142
2143 /* In UTF-8 mode, opcodes that are followed by a character may be followed by
2144 a multi-byte character. The length in the table is a minimum, so we have to
2145 arrange to skip the extra bytes. */
2146
2147 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
2148 if (utf) switch(c)
2149 {
2150 case OP_CHAR:
2151 case OP_CHARI:
2152 case OP_EXACT:
2153 case OP_EXACTI:
2154 case OP_UPTO:
2155 case OP_UPTOI:
2156 case OP_MINUPTO:
2157 case OP_MINUPTOI:
2158 case OP_POSUPTO:
2159 case OP_POSUPTOI:
2160 case OP_STAR:
2161 case OP_STARI:
2162 case OP_MINSTAR:
2163 case OP_MINSTARI:
2164 case OP_POSSTAR:
2165 case OP_POSSTARI:
2166 case OP_PLUS:
2167 case OP_PLUSI:
2168 case OP_MINPLUS:
2169 case OP_MINPLUSI:
2170 case OP_POSPLUS:
2171 case OP_POSPLUSI:
2172 case OP_QUERY:
2173 case OP_QUERYI:
2174 case OP_MINQUERY:
2175 case OP_MINQUERYI:
2176 case OP_POSQUERY:
2177 case OP_POSQUERYI:
2178 if (HAS_EXTRALEN(code[-1])) code += GET_EXTRALEN(code[-1]);
2179 break;
2180 }
2181 #else
2182 (void)(utf); /* Keep compiler happy by referencing function argument */
2183 #endif
2184 }
2185 }
2186 }
2187
2188
2189
2190 /*************************************************
2191 * Scan compiled regex for recursion reference *
2192 *************************************************/
2193
2194 /* This little function scans through a compiled pattern until it finds an
2195 instance of OP_RECURSE.
2196
2197 Arguments:
2198 code points to start of expression
2199 utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
2200
2201 Returns: pointer to the opcode for OP_RECURSE, or NULL if not found
2202 */
2203
2204 static const pcre_uchar *
2205 find_recurse(const pcre_uchar *code, BOOL utf)
2206 {
2207 for (;;)
2208 {
2209 register pcre_uchar c = *code;
2210 if (c == OP_END) return NULL;
2211 if (c == OP_RECURSE) return code;
2212
2213 /* XCLASS is used for classes that cannot be represented just by a bit
2214 map. This includes negated single high-valued characters. The length in
2215 the table is zero; the actual length is stored in the compiled code. */
2216
2217 if (c == OP_XCLASS) code += GET(code, 1);
2218
2219 /* Otherwise, we can get the item's length from the table, except that for
2220 repeated character types, we have to test for \p and \P, which have an extra
2221 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
2222 must add in its length. */
2223
2224 else
2225 {
2226 switch(c)
2227 {
2228 case OP_TYPESTAR:
2229 case OP_TYPEMINSTAR:
2230 case OP_TYPEPLUS:
2231 case OP_TYPEMINPLUS:
2232 case OP_TYPEQUERY:
2233 case OP_TYPEMINQUERY:
2234 case OP_TYPEPOSSTAR:
2235 case OP_TYPEPOSPLUS:
2236 case OP_TYPEPOSQUERY:
2237 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2238 break;
2239
2240 case OP_TYPEPOSUPTO:
2241 case OP_TYPEUPTO:
2242 case OP_TYPEMINUPTO:
2243 case OP_TYPEEXACT:
2244 if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
2245 code += 2;
2246 break;
2247
2248 case OP_MARK:
2249 case OP_PRUNE_ARG:
2250 case OP_SKIP_ARG:
2251 code += code[1];
2252 break;
2253
2254 case OP_THEN_ARG:
2255 code += code[1];
2256 break;
2257 }
2258
2259 /* Add in the fixed length from the table */
2260
2261 code += PRIV(OP_lengths)[c];
2262
2263 /* In UTF-8 mode, opcodes that are followed by a character may be followed
2264 by a multi-byte character. The length in the table is a minimum, so we have
2265 to arrange to skip the extra bytes. */
2266
2267 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
2268 if (utf) switch(c)
2269 {
2270 case OP_CHAR:
2271 case OP_CHARI:
2272 case OP_NOT:
2273 case OP_NOTI:
2274 case OP_EXACT:
2275 case OP_EXACTI:
2276 case OP_NOTEXACT:
2277 case OP_NOTEXACTI:
2278 case OP_UPTO:
2279 case OP_UPTOI:
2280 case OP_NOTUPTO:
2281 case OP_NOTUPTOI:
2282 case OP_MINUPTO:
2283 case OP_MINUPTOI:
2284 case OP_NOTMINUPTO:
2285 case OP_NOTMINUPTOI:
2286 case OP_POSUPTO:
2287 case OP_POSUPTOI:
2288 case OP_NOTPOSUPTO:
2289 case OP_NOTPOSUPTOI:
2290 case OP_STAR:
2291 case OP_STARI:
2292 case OP_NOTSTAR:
2293 case OP_NOTSTARI:
2294 case OP_MINSTAR:
2295 case OP_MINSTARI:
2296 case OP_NOTMINSTAR:
2297 case OP_NOTMINSTARI:
2298 case OP_POSSTAR:
2299 case OP_POSSTARI:
2300 case OP_NOTPOSSTAR:
2301 case OP_NOTPOSSTARI:
2302 case OP_PLUS:
2303 case OP_PLUSI:
2304 case OP_NOTPLUS:
2305 case OP_NOTPLUSI:
2306 case OP_MINPLUS:
2307 case OP_MINPLUSI:
2308 case OP_NOTMINPLUS:
2309 case OP_NOTMINPLUSI:
2310 case OP_POSPLUS:
2311 case OP_POSPLUSI:
2312 case OP_NOTPOSPLUS:
2313 case OP_NOTPOSPLUSI:
2314 case OP_QUERY:
2315 case OP_QUERYI:
2316 case OP_NOTQUERY:
2317 case OP_NOTQUERYI:
2318 case OP_MINQUERY:
2319 case OP_MINQUERYI:
2320 case OP_NOTMINQUERY:
2321 case OP_NOTMINQUERYI:
2322 case OP_POSQUERY:
2323 case OP_POSQUERYI:
2324 case OP_NOTPOSQUERY:
2325 case OP_NOTPOSQUERYI:
2326 if (HAS_EXTRALEN(code[-1])) code += GET_EXTRALEN(code[-1]);
2327 break;
2328 }
2329 #else
2330 (void)(utf); /* Keep compiler happy by referencing function argument */
2331 #endif
2332 }
2333 }
2334 }
2335
2336
2337
2338 /*************************************************
2339 * Scan compiled branch for non-emptiness *
2340 *************************************************/
2341
2342 /* This function scans through a branch of a compiled pattern to see whether it
2343 can match the empty string or not. It is called from could_be_empty()
2344 below and from compile_branch() when checking for an unlimited repeat of a
2345 group that can match nothing. Note that first_significant_code() skips over
2346 backward and negative forward assertions when its final argument is TRUE. If we
2347 hit an unclosed bracket, we return "empty" - this means we've struck an inner
2348 bracket whose current branch will already have been scanned.
2349
2350 Arguments:
2351 code points to start of search
2352 endcode points to where to stop
2353 utf TRUE if in UTF-8 / UTF-16 / UTF-32 mode
2354 cd contains pointers to tables etc.
2355
2356 Returns: TRUE if what is matched could be empty
2357 */
2358
2359 static BOOL
2360 could_be_empty_branch(const pcre_uchar *code, const pcre_uchar *endcode,
2361 BOOL utf, compile_data *cd)
2362 {
2363 register pcre_uchar c;
2364 for (code = first_significant_code(code + PRIV(OP_lengths)[*code], TRUE);
2365 code < endcode;
2366 code = first_significant_code(code + PRIV(OP_lengths)[c], TRUE))
2367 {
2368 const pcre_uchar *ccode;
2369
2370 c = *code;
2371
2372 /* Skip over forward assertions; the other assertions are skipped by
2373 first_significant_code() with a TRUE final argument. */
2374
2375 if (c == OP_ASSERT)
2376 {
2377 do code += GET(code, 1); while (*code == OP_ALT);
2378 c = *code;
2379 continue;
2380 }
2381
2382 /* For a recursion/subroutine call, if its end has been reached, which
2383 implies a backward reference subroutine call, we can scan it. If it's a
2384 forward reference subroutine call, we can't. To detect forward reference
2385 we have to scan up the list that is kept in the workspace. This function is
2386 called only when doing the real compile, not during the pre-compile that
2387 measures the size of the compiled pattern. */
2388
2389 if (c == OP_RECURSE)
2390 {
2391 const pcre_uchar *scode;
2392 BOOL empty_branch;
2393
2394 /* Test for forward reference */
2395
2396 for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
2397 if ((int)GET(scode, 0) == (int)(code + 1 - cd->start_code)) return TRUE;
2398
2399 /* Not a forward reference, test for completed backward reference */
2400
2401 empty_branch = FALSE;
2402 scode = cd->start_code + GET(code, 1);
2403 if (GET(scode, 1) == 0) return TRUE; /* Unclosed */
2404
2405 /* Completed backwards reference */
2406
2407 do
2408 {
2409 if (could_be_empty_branch(scode, endcode, utf, cd))
2410 {
2411 empty_branch = TRUE;
2412 break;
2413 }
2414 scode += GET(scode, 1);
2415 }
2416 while (*scode == OP_ALT);
2417
2418 if (!empty_branch) return FALSE; /* All branches are non-empty */
2419 continue;
2420 }
2421
2422 /* Groups with zero repeats can of course be empty; skip them. */
2423
2424 if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
2425 c == OP_BRAPOSZERO)
2426 {
2427 code += PRIV(OP_lengths)[c];
2428 do code += GET(code, 1); while (*code == OP_ALT);
2429 c = *code;
2430 continue;
2431 }
2432
2433 /* A nested group that is already marked as "could be empty" can just be
2434 skipped. */
2435
2436 if (c == OP_SBRA || c == OP_SBRAPOS ||
2437 c == OP_SCBRA || c == OP_SCBRAPOS)
2438 {
2439 do code += GET(code, 1); while (*code == OP_ALT);
2440 c = *code;
2441 continue;
2442 }
2443
2444 /* For other groups, scan the branches. */
2445
2446 if (c == OP_BRA || c == OP_BRAPOS ||
2447 c == OP_CBRA || c == OP_CBRAPOS ||
2448 c == OP_ONCE || c == OP_ONCE_NC ||
2449 c == OP_COND)
2450 {
2451 BOOL empty_branch;
2452 if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
2453
2454 /* If a conditional group has only one branch, there is a second, implied,
2455 empty branch, so just skip over the conditional, because it could be empty.
2456 Otherwise, scan the individual branches of the group. */
2457
2458 if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
2459 code += GET(code, 1);
2460 else
2461 {
2462 empty_branch = FALSE;
2463 do
2464 {
2465 if (!empty_branch && could_be_empty_branch(code, endcode, utf, cd))
2466 empty_branch = TRUE;
2467 code += GET(code, 1);
2468 }
2469 while (*code == OP_ALT);
2470 if (!empty_branch) return FALSE; /* All branches are non-empty */
2471 }
2472
2473 c = *code;
2474 continue;
2475 }
2476
2477 /* Handle the other opcodes */
2478
2479 switch (c)
2480 {
2481 /* Check for quantifiers after a class. XCLASS is used for classes that
2482 cannot be represented just by a bit map. This includes negated single
2483 high-valued characters. The length in PRIV(OP_lengths)[] is zero; the
2484 actual length is stored in the compiled code, so we must update "code"
2485 here. */
2486
2487 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
2488 case OP_XCLASS:
2489 ccode = code += GET(code, 1);
2490 goto CHECK_CLASS_REPEAT;
2491 #endif
2492
2493 case OP_CLASS:
2494 case OP_NCLASS:
2495 ccode = code + PRIV(OP_lengths)[OP_CLASS];
2496
2497 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
2498 CHECK_CLASS_REPEAT:
2499 #endif
2500
2501 switch (*ccode)
2502 {
2503 case OP_CRSTAR: /* These could be empty; continue */
2504 case OP_CRMINSTAR:
2505 case OP_CRQUERY:
2506 case OP_CRMINQUERY:
2507 break;
2508
2509 default: /* Non-repeat => class must match */
2510 case OP_CRPLUS: /* These repeats aren't empty */
2511 case OP_CRMINPLUS:
2512 return FALSE;
2513
2514 case OP_CRRANGE:
2515 case OP_CRMINRANGE:
2516 if (GET2(ccode, 1) > 0) return FALSE; /* Minimum > 0 */
2517 break;
2518 }
2519 break;
2520
2521 /* Opcodes that must match a character */
2522
2523 case OP_PROP:
2524 case OP_NOTPROP:
2525 case OP_EXTUNI:
2526 case OP_NOT_DIGIT:
2527 case OP_DIGIT:
2528 case OP_NOT_WHITESPACE:
2529 case OP_WHITESPACE:
2530 case OP_NOT_WORDCHAR:
2531 case OP_WORDCHAR:
2532 case OP_ANY:
2533 case OP_ALLANY:
2534 case OP_ANYBYTE:
2535 case OP_CHAR:
2536 case OP_CHARI:
2537 case OP_NOT:
2538 case OP_NOTI:
2539 case OP_PLUS:
2540 case OP_MINPLUS:
2541 case OP_POSPLUS:
2542 case OP_EXACT:
2543 case OP_NOTPLUS:
2544 case OP_NOTMINPLUS:
2545 case OP_NOTPOSPLUS:
2546 case OP_NOTEXACT:
2547 case OP_TYPEPLUS:
2548 case OP_TYPEMINPLUS:
2549 case OP_TYPEPOSPLUS:
2550 case OP_TYPEEXACT:
2551 return FALSE;
2552
2553 /* These are going to continue, as they may be empty, but we have to
2554 fudge the length for the \p and \P cases. */
2555
2556 case OP_TYPESTAR:
2557 case OP_TYPEMINSTAR:
2558 case OP_TYPEPOSSTAR:
2559 case OP_TYPEQUERY:
2560 case OP_TYPEMINQUERY:
2561 case OP_TYPEPOSQUERY:
2562 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2563 break;
2564
2565 /* Same for these */
2566
2567 case OP_TYPEUPTO:
2568 case OP_TYPEMINUPTO:
2569 case OP_TYPEPOSUPTO:
2570 if (code[1 + IMM2_SIZE] == OP_PROP || code[1 + IMM2_SIZE] == OP_NOTPROP)
2571 code += 2;
2572 break;
2573
2574 /* End of branch */
2575
2576 case OP_KET:
2577 case OP_KETRMAX:
2578 case OP_KETRMIN:
2579 case OP_KETRPOS:
2580 case OP_ALT:
2581 return TRUE;
2582
2583 /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
2584 MINUPTO, and POSUPTO may be followed by a multibyte character */
2585
2586 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
2587 case OP_STAR:
2588 case OP_STARI:
2589 case OP_MINSTAR:
2590 case OP_MINSTARI:
2591 case OP_POSSTAR:
2592 case OP_POSSTARI:
2593 case OP_QUERY:
2594 case OP_QUERYI:
2595 case OP_MINQUERY:
2596 case OP_MINQUERYI:
2597 case OP_POSQUERY:
2598 case OP_POSQUERYI:
2599 if (utf && HAS_EXTRALEN(code[1])) code += GET_EXTRALEN(code[1]);
2600 break;
2601
2602 case OP_UPTO:
2603 case OP_UPTOI:
2604 case OP_MINUPTO:
2605 case OP_MINUPTOI:
2606 case OP_POSUPTO:
2607 case OP_POSUPTOI:
2608 if (utf && HAS_EXTRALEN(code[1 + IMM2_SIZE])) code += GET_EXTRALEN(code[1 + IMM2_SIZE]);
2609 break;
2610 #endif
2611
2612 /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
2613 string. */
2614
2615 case OP_MARK:
2616 case OP_PRUNE_ARG:
2617 case OP_SKIP_ARG:
2618 code += code[1];
2619 break;
2620
2621 case OP_THEN_ARG:
2622 code += code[1];
2623 break;
2624
2625 /* None of the remaining opcodes are required to match a character. */
2626
2627 default:
2628 break;
2629 }
2630 }
2631
2632 return TRUE;
2633 }
2634
2635
2636
2637 /*************************************************
2638 * Scan compiled regex for non-emptiness *
2639 *************************************************/
2640
2641 /* This function is called to check for left recursive calls. We want to check
2642 the current branch of the current pattern to see if it could match the empty
2643 string. If it could, we must look outwards for branches at other levels,
2644 stopping when we pass beyond the bracket which is the subject of the recursion.
2645 This function is called only during the real compile, not during the
2646 pre-compile.
2647
2648 Arguments:
2649 code points to start of the recursion
2650 endcode points to where to stop (current RECURSE item)
2651 bcptr points to the chain of current (unclosed) branch starts
2652 utf TRUE if in UTF-8 / UTF-16 / UTF-32 mode
2653 cd pointers to tables etc
2654
2655 Returns: TRUE if what is matched could be empty
2656 */
2657
2658 static BOOL
2659 could_be_empty(const pcre_uchar *code, const pcre_uchar *endcode,
2660 branch_chain *bcptr, BOOL utf, compile_data *cd)
2661 {
2662 while (bcptr != NULL && bcptr->current_branch >= code)
2663 {
2664 if (!could_be_empty_branch(bcptr->current_branch, endcode, utf, cd))
2665 return FALSE;
2666 bcptr = bcptr->outer;
2667 }
2668 return TRUE;
2669 }
2670
2671
2672
2673 /*************************************************
2674 * Check for POSIX class syntax *
2675 *************************************************/
2676
2677 /* This function is called when the sequence "[:" or "[." or "[=" is
2678 encountered in a character class. It checks whether this is followed by a
2679 sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
2680 reach an unescaped ']' without the special preceding character, return FALSE.
2681
2682 Originally, this function only recognized a sequence of letters between the
2683 terminators, but it seems that Perl recognizes any sequence of characters,
2684 though of course unknown POSIX names are subsequently rejected. Perl gives an
2685 "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
2686 didn't consider this to be a POSIX class. Likewise for [:1234:].
2687
2688 The problem in trying to be exactly like Perl is in the handling of escapes. We
2689 have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
2690 class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
2691 below handles the special case of \], but does not try to do any other escape
2692 processing. This makes it different from Perl for cases such as [:l\ower:]
2693 where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
2694 "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
2695 I think.
2696
2697 A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
2698 It seems that the appearance of a nested POSIX class supersedes an apparent
2699 external class. For example, [:a[:digit:]b:] matches "a", "b", ":", or
2700 a digit.
2701
2702 In Perl, unescaped square brackets may also appear as part of class names. For
2703 example, [:a[:abc]b:] gives unknown POSIX class "[:abc]b:]". However, for
2704 [:a[:abc]b][b:] it gives unknown POSIX class "[:abc]b][b:]", which does not
2705 seem right at all. PCRE does not allow closing square brackets in POSIX class
2706 names.
2707
2708 Arguments:
2709 ptr pointer to the initial [
2710 endptr where to return the end pointer
2711
2712 Returns: TRUE or FALSE
2713 */
2714
2715 static BOOL
2716 check_posix_syntax(const pcre_uchar *ptr, const pcre_uchar **endptr)
2717 {
2718 pcre_uchar terminator; /* Don't combine these lines; the Solaris cc */
2719 terminator = *(++ptr); /* compiler warns about "non-constant" initializer. */
2720 for (++ptr; *ptr != 0; ptr++)
2721 {
2722 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2723 ptr++;
2724 else if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
2725 else
2726 {
2727 if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2728 {
2729 *endptr = ptr;
2730 return TRUE;
2731 }
2732 if (*ptr == CHAR_LEFT_SQUARE_BRACKET &&
2733 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
2734 ptr[1] == CHAR_EQUALS_SIGN) &&
2735 check_posix_syntax(ptr, endptr))
2736 return FALSE;
2737 }
2738 }
2739 return FALSE;
2740 }
2741
2742
2743
2744
2745 /*************************************************
2746 * Check POSIX class name *
2747 *************************************************/
2748
2749 /* This function is called to check the name given in a POSIX-style class entry
2750 such as [:alnum:].
2751
2752 Arguments:
2753 ptr points to the first letter
2754 len the length of the name
2755
2756 Returns: a value representing the name, or -1 if unknown
2757 */
2758
2759 static int
2760 check_posix_name(const pcre_uchar *ptr, int len)
2761 {
2762 const char *pn = posix_names;
2763 register int yield = 0;
2764 while (posix_name_lengths[yield] != 0)
2765 {
2766 if (len == posix_name_lengths[yield] &&
2767 STRNCMP_UC_C8(ptr, pn, (unsigned int)len) == 0) return yield;
2768 pn += posix_name_lengths[yield] + 1;
2769 yield++;
2770 }
2771 return -1;
2772 }
2773
2774
2775 /*************************************************
2776 * Adjust OP_RECURSE items in repeated group *
2777 *************************************************/
2778
2779 /* OP_RECURSE items contain an offset from the start of the regex to the group
2780 that is referenced. This means that groups can be replicated for fixed
2781 repetition simply by copying (because the recursion is allowed to refer to
2782 earlier groups that are outside the current group). However, when a group is
2783 optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
2784 inserted before it, after it has been compiled. This means that any OP_RECURSE
2785 items within it that refer to the group itself or any contained groups have to
2786 have their offsets adjusted. That one of the jobs of this function. Before it
2787 is called, the partially compiled regex must be temporarily terminated with
2788 OP_END.
2789
2790 This function has been extended with the possibility of forward references for
2791 recursions and subroutine calls. It must also check the list of such references
2792 for the group we are dealing with. If it finds that one of the recursions in
2793 the current group is on this list, it adjusts the offset in the list, not the
2794 value in the reference (which is a group number).
2795
2796 Arguments:
2797 group points to the start of the group
2798 adjust the amount by which the group is to be moved
2799 utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
2800 cd contains pointers to tables etc.
2801 save_hwm the hwm forward reference pointer at the start of the group
2802
2803 Returns: nothing
2804 */
2805
2806 static void
2807 adjust_recurse(pcre_uchar *group, int adjust, BOOL utf, compile_data *cd,
2808 pcre_uchar *save_hwm)
2809 {
2810 pcre_uchar *ptr = group;
2811
2812 while ((ptr = (pcre_uchar *)find_recurse(ptr, utf)) != NULL)
2813 {
2814 int offset;
2815 pcre_uchar *hc;
2816
2817 /* See if this recursion is on the forward reference list. If so, adjust the
2818 reference. */
2819
2820 for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
2821 {
2822 offset = (int)GET(hc, 0);
2823 if (cd->start_code + offset == ptr + 1)
2824 {
2825 PUT(hc, 0, offset + adjust);
2826 break;
2827 }
2828 }
2829
2830 /* Otherwise, adjust the recursion offset if it's after the start of this
2831 group. */
2832
2833 if (hc >= cd->hwm)
2834 {
2835 offset = (int)GET(ptr, 1);
2836 if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
2837 }
2838
2839 ptr += 1 + LINK_SIZE;
2840 }
2841 }
2842
2843
2844
2845 /*************************************************
2846 * Insert an automatic callout point *
2847 *************************************************/
2848
2849 /* This function is called when the PCRE_AUTO_CALLOUT option is set, to insert
2850 callout points before each pattern item.
2851
2852 Arguments:
2853 code current code pointer
2854 ptr current pattern pointer
2855 cd pointers to tables etc
2856
2857 Returns: new code pointer
2858 */
2859
2860 static pcre_uchar *
2861 auto_callout(pcre_uchar *code, const pcre_uchar *ptr, compile_data *cd)
2862 {
2863 *code++ = OP_CALLOUT;
2864 *code++ = 255;
2865 PUT(code, 0, (int)(ptr - cd->start_pattern)); /* Pattern offset */
2866 PUT(code, LINK_SIZE, 0); /* Default length */
2867 return code + 2 * LINK_SIZE;
2868 }
2869
2870
2871
2872 /*************************************************
2873 * Complete a callout item *
2874 *************************************************/
2875
2876 /* A callout item contains the length of the next item in the pattern, which
2877 we can't fill in till after we have reached the relevant point. This is used
2878 for both automatic and manual callouts.
2879
2880 Arguments:
2881 previous_callout points to previous callout item
2882 ptr current pattern pointer
2883 cd pointers to tables etc
2884
2885 Returns: nothing
2886 */
2887
2888 static void
2889 complete_callout(pcre_uchar *previous_callout, const pcre_uchar *ptr, compile_data *cd)
2890 {
2891 int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
2892 PUT(previous_callout, 2 + LINK_SIZE, length);
2893 }
2894
2895
2896
2897 #ifdef SUPPORT_UCP
2898 /*************************************************
2899 * Get othercase range *
2900 *************************************************/
2901
2902 /* This function is passed the start and end of a class range, in UTF-8 mode
2903 with UCP support. It searches up the characters, looking for ranges of
2904 characters in the "other" case. Each call returns the next one, updating the
2905 start address. A character with multiple other cases is returned on its own
2906 with a special return value.
2907
2908 Arguments:
2909 cptr points to starting character value; updated
2910 d end value
2911 ocptr where to put start of othercase range
2912 odptr where to put end of othercase range
2913
2914 Yield: -1 when no more
2915 0 when a range is returned
2916 >0 the CASESET offset for char with multiple other cases
2917 in this case, ocptr contains the original
2918 */
2919
2920 static int
2921 get_othercase_range(pcre_uint32 *cptr, pcre_uint32 d, pcre_uint32 *ocptr,
2922 pcre_uint32 *odptr)
2923 {
2924 pcre_uint32 c, othercase, next;
2925 unsigned int co;
2926
2927 /* Find the first character that has an other case. If it has multiple other
2928 cases, return its case offset value. */
2929
2930 for (c = *cptr; c <= d; c++)
2931 {
2932 if ((co = UCD_CASESET(c)) != 0)
2933 {
2934 *ocptr = c++; /* Character that has the set */
2935 *cptr = c; /* Rest of input range */
2936 return (int)co;
2937 }
2938 if ((othercase = UCD_OTHERCASE(c)) != c) break;
2939 }
2940
2941 if (c > d) return -1; /* Reached end of range */
2942
2943 *ocptr = othercase;
2944 next = othercase + 1;
2945
2946 for (++c; c <= d; c++)
2947 {
2948 if (UCD_OTHERCASE(c) != next) break;
2949 next++;
2950 }
2951
2952 *odptr = next - 1; /* End of othercase range */
2953 *cptr = c; /* Rest of input range */
2954 return 0;
2955 }
2956
2957
2958
2959 /*************************************************
2960 * Check a character and a property *
2961 *************************************************/
2962
2963 /* This function is called by check_auto_possessive() when a property item
2964 is adjacent to a fixed character.
2965
2966 Arguments:
2967 c the character
2968 ptype the property type
2969 pdata the data for the type
2970 negated TRUE if it's a negated property (\P or \p{^)
2971
2972 Returns: TRUE if auto-possessifying is OK
2973 */
2974
2975 static BOOL
2976 check_char_prop(pcre_uint32 c, unsigned int ptype, unsigned int pdata, BOOL negated)
2977 {
2978 #ifdef SUPPORT_UCP
2979 const pcre_uint32 *p;
2980 #endif
2981
2982 const ucd_record *prop = GET_UCD(c);
2983
2984 switch(ptype)
2985 {
2986 case PT_LAMP:
2987 return (prop->chartype == ucp_Lu ||
2988 prop->chartype == ucp_Ll ||
2989 prop->chartype == ucp_Lt) == negated;
2990
2991 case PT_GC:
2992 return (pdata == PRIV(ucp_gentype)[prop->chartype]) == negated;
2993
2994 case PT_PC:
2995 return (pdata == prop->chartype) == negated;
2996
2997 case PT_SC:
2998 return (pdata == prop->script) == negated;
2999
3000 /* These are specials */
3001
3002 case PT_ALNUM:
3003 return (PRIV(ucp_gentype)[prop->chartype] == ucp_L ||
3004 PRIV(ucp_gentype)[prop->chartype] == ucp_N) == negated;
3005
3006 case PT_SPACE: /* Perl space */
3007 return (PRIV(ucp_gentype)[prop->chartype] == ucp_Z ||
3008 c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
3009 == negated;
3010
3011 case PT_PXSPACE: /* POSIX space */
3012 return (PRIV(ucp_gentype)[prop->chartype] == ucp_Z ||
3013 c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
3014 c == CHAR_FF || c == CHAR_CR)
3015 == negated;
3016
3017 case PT_WORD:
3018 return (PRIV(ucp_gentype)[prop->chartype] == ucp_L ||
3019 PRIV(ucp_gentype)[prop->chartype] == ucp_N ||
3020 c == CHAR_UNDERSCORE) == negated;
3021
3022 #ifdef SUPPORT_UCP
3023 case PT_CLIST:
3024 p = PRIV(ucd_caseless_sets) + prop->caseset;
3025 for (;;)
3026 {
3027 if ((unsigned int)c < *p) return !negated;
3028 if ((unsigned int)c == *p++) return negated;
3029 }
3030 break; /* Control never reaches here */
3031 #endif
3032 }
3033
3034 return FALSE;
3035 }
3036 #endif /* SUPPORT_UCP */
3037
3038
3039
3040 /*************************************************
3041 * Check if auto-possessifying is possible *
3042 *************************************************/
3043
3044 /* This function is called for unlimited repeats of certain items, to see
3045 whether the next thing could possibly match the repeated item. If not, it makes
3046 sense to automatically possessify the repeated item.
3047
3048 Arguments:
3049 previous pointer to the repeated opcode
3050 utf TRUE in UTF-8 / UTF-16 / UTF-32 mode
3051 ptr next character in pattern
3052 options options bits
3053 cd contains pointers to tables etc.
3054
3055 Returns: TRUE if possessifying is wanted
3056 */
3057
3058 static BOOL
3059 check_auto_possessive(const pcre_uchar *previous, BOOL utf,
3060 const pcre_uchar *ptr, int options, compile_data *cd)
3061 {
3062 pcre_uint32 c = NOTACHAR;
3063 pcre_uint32 next;
3064 int escape;
3065 pcre_uchar op_code = *previous++;
3066
3067 /* Skip whitespace and comments in extended mode */
3068
3069 if ((options & PCRE_EXTENDED) != 0)
3070 {
3071 for (;;)
3072 {
3073 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
3074 if (*ptr == CHAR_NUMBER_SIGN)
3075 {
3076 ptr++;
3077 while (*ptr != 0)
3078 {
3079 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
3080 ptr++;
3081 #ifdef SUPPORT_UTF
3082 if (utf) FORWARDCHAR(ptr);
3083 #endif
3084 }
3085 }
3086 else break;
3087 }
3088 }
3089
3090 /* If the next item is one that we can handle, get its value. A non-negative
3091 value is a character, a negative value is an escape value. */
3092
3093 if (*ptr == CHAR_BACKSLASH)
3094 {
3095 int temperrorcode = 0;
3096 escape = check_escape(&ptr, &next, &temperrorcode, cd->bracount, options, FALSE);
3097 if (temperrorcode != 0) return FALSE;
3098 ptr++; /* Point after the escape sequence */
3099 }
3100 else if (!MAX_255(*ptr) || (cd->ctypes[*ptr] & ctype_meta) == 0)
3101 {
3102 escape = 0;
3103 #ifdef SUPPORT_UTF
3104 if (utf) { GETCHARINC(next, ptr); } else
3105 #endif
3106 next = *ptr++;
3107 }
3108 else return FALSE;
3109
3110 /* Skip whitespace and comments in extended mode */
3111
3112 if ((options & PCRE_EXTENDED) != 0)
3113 {
3114 for (;;)
3115 {
3116 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
3117 if (*ptr == CHAR_NUMBER_SIGN)
3118 {
3119 ptr++;
3120 while (*ptr != 0)
3121 {
3122 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
3123 ptr++;
3124 #ifdef SUPPORT_UTF
3125 if (utf) FORWARDCHAR(ptr);
3126 #endif
3127 }
3128 }
3129 else break;
3130 }
3131 }
3132
3133 /* If the next thing is itself optional, we have to give up. */
3134
3135 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
3136 STRNCMP_UC_C8(ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
3137 return FALSE;
3138
3139 /* If the previous item is a character, get its value. */
3140
3141 if (op_code == OP_CHAR || op_code == OP_CHARI ||
3142 op_code == OP_NOT || op_code == OP_NOTI)
3143 {
3144 #ifdef SUPPORT_UTF
3145 GETCHARTEST(c, previous);
3146 #else
3147 c = *previous;
3148 #endif
3149 }
3150
3151 /* Now compare the next item with the previous opcode. First, handle cases when
3152 the next item is a character. */
3153
3154 if (escape == 0)
3155 {
3156 /* For a caseless UTF match, the next character may have more than one other
3157 case, which maps to the special PT_CLIST property. Check this first. */
3158
3159 #ifdef SUPPORT_UCP
3160 if (utf && c != NOTACHAR && (options & PCRE_CASELESS) != 0)
3161 {
3162 unsigned int ocs = UCD_CASESET(next);
3163 if (ocs > 0) return check_char_prop(c, PT_CLIST, ocs, op_code >= OP_NOT);
3164 }
3165 #endif
3166
3167 switch(op_code)
3168 {
3169 case OP_CHAR:
3170 return c != next;
3171
3172 /* For CHARI (caseless character) we must check the other case. If we have
3173 Unicode property support, we can use it to test the other case of
3174 high-valued characters. We know that next can have only one other case,
3175 because multi-other-case characters are dealt with above. */
3176
3177 case OP_CHARI:
3178 if (c == next) return FALSE;
3179 #ifdef SUPPORT_UTF
3180 if (utf)
3181 {
3182 pcre_uint32 othercase;
3183 if (next < 128) othercase = cd->fcc[next]; else
3184 #ifdef SUPPORT_UCP
3185 othercase = UCD_OTHERCASE(next);
3186 #else
3187 othercase = NOTACHAR;
3188 #endif
3189 return c != othercase;
3190 }
3191 else
3192 #endif /* SUPPORT_UTF */
3193 return (c != TABLE_GET(next, cd->fcc, next)); /* Not UTF */
3194
3195 case OP_NOT:
3196 return c == next;
3197
3198 case OP_NOTI:
3199 if (c == next) return TRUE;
3200 #ifdef SUPPORT_UTF
3201 if (utf)
3202 {
3203 pcre_uint32 othercase;
3204 if (next < 128) othercase = cd->fcc[next]; else
3205 #ifdef SUPPORT_UCP
3206 othercase = UCD_OTHERCASE(next);
3207 #else
3208 othercase = NOTACHAR;
3209 #endif
3210 return c == othercase;
3211 }
3212 else
3213 #endif /* SUPPORT_UTF */
3214 return (c == TABLE_GET(next, cd->fcc, next)); /* Not UTF */
3215
3216 /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
3217 When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
3218
3219 case OP_DIGIT:
3220 return next > 255 || (cd->ctypes[next] & ctype_digit) == 0;
3221
3222 case OP_NOT_DIGIT:
3223 return next <= 255 && (cd->ctypes[next] & ctype_digit) != 0;
3224
3225 case OP_WHITESPACE:
3226 return next > 255 || (cd->ctypes[next] & ctype_space) == 0;
3227
3228 case OP_NOT_WHITESPACE:
3229 return next <= 255 && (cd->ctypes[next] & ctype_space) != 0;
3230
3231 case OP_WORDCHAR:
3232 return next > 255 || (cd->ctypes[next] & ctype_word) == 0;
3233
3234 case OP_NOT_WORDCHAR:
3235 return next <= 255 && (cd->ctypes[next] & ctype_word) != 0;
3236
3237 case OP_HSPACE:
3238 case OP_NOT_HSPACE:
3239 switch(next)
3240 {
3241 HSPACE_CASES:
3242 return op_code == OP_NOT_HSPACE;
3243
3244 default:
3245 return op_code != OP_NOT_HSPACE;
3246 }
3247
3248 case OP_ANYNL:
3249 case OP_VSPACE:
3250 case OP_NOT_VSPACE:
3251 switch(next)
3252 {
3253 VSPACE_CASES:
3254 return op_code == OP_NOT_VSPACE;
3255
3256 default:
3257 return op_code != OP_NOT_VSPACE;
3258 }
3259
3260 #ifdef SUPPORT_UCP
3261 case OP_PROP:
3262 return check_char_prop(next, previous[0], previous[1], FALSE);
3263
3264 case OP_NOTPROP:
3265 return check_char_prop(next, previous[0], previous[1], TRUE);
3266 #endif
3267
3268 default:
3269 return FALSE;
3270 }
3271 }
3272
3273 /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
3274 is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
3275 generated only when PCRE_UCP is *not* set, that is, when only ASCII
3276 characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
3277 replaced by OP_PROP codes when PCRE_UCP is set. */
3278
3279 switch(op_code)
3280 {
3281 case OP_CHAR:
3282 case OP_CHARI:
3283 switch(escape)
3284 {
3285 case ESC_d:
3286 return c > 255 || (cd->ctypes[c] & ctype_digit) == 0;
3287
3288 case ESC_D:
3289 return c <= 255 && (cd->ctypes[c] & ctype_digit) != 0;
3290
3291 case ESC_s:
3292 return c > 255 || (cd->ctypes[c] & ctype_space) == 0;
3293
3294 case ESC_S:
3295 return c <= 255 && (cd->ctypes[c] & ctype_space) != 0;
3296
3297 case ESC_w:
3298 return c > 255 || (cd->ctypes[c] & ctype_word) == 0;
3299
3300 case ESC_W:
3301 return c <= 255 && (cd->ctypes[c] & ctype_word) != 0;
3302
3303 case ESC_h:
3304 case ESC_H:
3305 switch(c)
3306 {
3307 HSPACE_CASES:
3308 return escape != ESC_h;
3309
3310 default:
3311 return escape == ESC_h;
3312 }
3313
3314 case ESC_v:
3315 case ESC_V:
3316 switch(c)
3317 {
3318 VSPACE_CASES:
3319 return escape != ESC_v;
3320
3321 default:
3322 return escape == ESC_v;
3323 }
3324
3325 /* When PCRE_UCP is set, these values get generated for \d etc. Find
3326 their substitutions and process them. The result will always be either
3327 ESC_p or ESC_P. Then fall through to process those values. */
3328
3329 #ifdef SUPPORT_UCP
3330 case ESC_du:
3331 case ESC_DU:
3332 case ESC_wu:
3333 case ESC_WU:
3334 case ESC_su:
3335 case ESC_SU:
3336 {
3337 int temperrorcode = 0;
3338 ptr = substitutes[escape - ESC_DU];
3339 escape = check_escape(&ptr, &next, &temperrorcode, 0, options, FALSE);
3340 if (temperrorcode != 0) return FALSE;
3341 ptr++; /* For compatibility */
3342 }
3343 /* Fall through */
3344
3345 case ESC_p:
3346 case ESC_P:
3347 {
3348 unsigned int ptype = 0, pdata = 0;
3349 int errorcodeptr;
3350 BOOL negated;
3351
3352 ptr--; /* Make ptr point at the p or P */
3353 if (!get_ucp(&ptr, &negated, &ptype, &pdata, &errorcodeptr))
3354 return FALSE;
3355 ptr++; /* Point past the final curly ket */
3356
3357 /* If the property item is optional, we have to give up. (When generated
3358 from \d etc by PCRE_UCP, this test will have been applied much earlier,
3359 to the original \d etc. At this point, ptr will point to a zero byte. */
3360
3361 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
3362 STRNCMP_UC_C8(ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
3363 return FALSE;
3364
3365 /* Do the property check. */
3366
3367 return check_char_prop(c, ptype, pdata, (escape == ESC_P) != negated);
3368 }
3369 #endif
3370
3371 default:
3372 return FALSE;
3373 }
3374
3375 /* In principle, support for Unicode properties should be integrated here as
3376 well. It means re-organizing the above code so as to get hold of the property
3377 values before switching on the op-code. However, I wonder how many patterns
3378 combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
3379 these op-codes are never generated.) */
3380
3381 case OP_DIGIT:
3382 return escape == ESC_D || escape == ESC_s || escape == ESC_W ||
3383 escape == ESC_h || escape == ESC_v || escape == ESC_R;
3384
3385 case OP_NOT_DIGIT:
3386 return escape == ESC_d;
3387
3388 case OP_WHITESPACE:
3389 return escape == ESC_S || escape == ESC_d || escape == ESC_w;
3390
3391 case OP_NOT_WHITESPACE:
3392 return escape == ESC_s || escape == ESC_h || escape == ESC_v || escape == ESC_R;
3393
3394 case OP_HSPACE:
3395 return escape == ESC_S || escape == ESC_H || escape == ESC_d ||
3396 escape == ESC_w || escape == ESC_v || escape == ESC_R;
3397
3398 case OP_NOT_HSPACE:
3399 return escape == ESC_h;
3400
3401 /* Can't have \S in here because VT matches \S (Perl anomaly) */
3402 case OP_ANYNL:
3403 case OP_VSPACE:
3404 return escape == ESC_V || escape == ESC_d || escape == ESC_w;
3405
3406 case OP_NOT_VSPACE:
3407 return escape == ESC_v || escape == ESC_R;
3408
3409 case OP_WORDCHAR:
3410 return escape == ESC_W || escape == ESC_s || escape == ESC_h ||
3411 escape == ESC_v || escape == ESC_R;
3412
3413 case OP_NOT_WORDCHAR:
3414 return escape == ESC_w || escape == ESC_d;
3415
3416 default:
3417 return FALSE;
3418 }
3419
3420 /* Control does not reach here */
3421 }
3422
3423
3424
3425 /*************************************************
3426 * Add a character or range to a class *
3427 *************************************************/
3428
3429 /* This function packages up the logic of adding a character or range of
3430 characters to a class. The character values in the arguments will be within the
3431 valid values for the current mode (8-bit, 16-bit, UTF, etc). This function is
3432 mutually recursive with the function immediately below.
3433
3434 Arguments:
3435 classbits the bit map for characters < 256
3436 uchardptr points to the pointer for extra data
3437 options the options word
3438 cd contains pointers to tables etc.
3439 start start of range character
3440 end end of range character
3441
3442 Returns: the number of < 256 characters added
3443 the pointer to extra data is updated
3444 */
3445
3446 static int
3447 add_to_class(pcre_uint8 *classbits, pcre_uchar **uchardptr, int options,
3448 compile_data *cd, pcre_uint32 start, pcre_uint32 end)
3449 {
3450 pcre_uint32 c;
3451 int n8 = 0;
3452
3453 /* If caseless matching is required, scan the range and process alternate
3454 cases. In Unicode, there are 8-bit characters that have alternate cases that
3455 are greater than 255 and vice-versa. Sometimes we can just extend the original
3456 range. */
3457
3458 if ((options & PCRE_CASELESS) != 0)
3459 {
3460 #ifdef SUPPORT_UCP
3461 if ((options & PCRE_UTF8) != 0)
3462 {
3463 int rc;
3464 pcre_uint32 oc, od;
3465
3466 options &= ~PCRE_CASELESS; /* Remove for recursive calls */
3467 c = start;
3468
3469 while ((rc = get_othercase_range(&c, end, &oc, &od)) >= 0)
3470 {
3471 /* Handle a single character that has more than one other case. */
3472
3473 if (rc > 0) n8 += add_list_to_class(classbits, uchardptr, options, cd,
3474 PRIV(ucd_caseless_sets) + rc, oc);
3475
3476 /* Do nothing if the other case range is within the original range. */
3477
3478 else if (oc >= start && od <= end) continue;
3479
3480 /* Extend the original range if there is overlap, noting that if oc < c, we
3481 can't have od > end because a subrange is always shorter than the basic
3482 range. Otherwise, use a recursive call to add the additional range. */
3483
3484 else if (oc < start && od >= start - 1) start = oc; /* Extend downwards */
3485 else if (od > end && oc <= end + 1) end = od; /* Extend upwards */
3486 else n8 += add_to_class(classbits, uchardptr, options, cd, oc, od);
3487 }
3488 }
3489 else
3490 #endif /* SUPPORT_UCP */
3491
3492 /* Not UTF-mode, or no UCP */
3493
3494 for (c = start; c <= end && c < 256; c++)
3495 {
3496 SETBIT(classbits, cd->fcc[c]);
3497 n8++;
3498 }
3499 }
3500
3501 /* Now handle the original range. Adjust the final value according to the bit
3502 length - this means that the same lists of (e.g.) horizontal spaces can be used
3503 in all cases. */
3504
3505 #if defined COMPILE_PCRE8
3506 #ifdef SUPPORT_UTF
3507 if ((options & PCRE_UTF8) == 0)
3508 #endif
3509 if (end > 0xff) end = 0xff;
3510
3511 #elif defined COMPILE_PCRE16
3512 #ifdef SUPPORT_UTF
3513 if ((options & PCRE_UTF16) == 0)
3514 #endif
3515 if (end > 0xffff) end = 0xffff;
3516
3517 #endif /* COMPILE_PCRE[8|16] */
3518
3519 /* If all characters are less than 256, use the bit map. Otherwise use extra
3520 data. */
3521
3522 if (end < 0x100)
3523 {
3524 for (c = start; c <= end; c++)
3525 {
3526 n8++;
3527 SETBIT(classbits, c);
3528 }
3529 }
3530
3531 else
3532 {
3533 pcre_uchar *uchardata = *uchardptr;
3534
3535 #ifdef SUPPORT_UTF
3536 if ((options & PCRE_UTF8) != 0) /* All UTFs use the same flag bit */
3537 {
3538 if (start < end)
3539 {
3540 *uchardata++ = XCL_RANGE;
3541 uchardata += PRIV(ord2utf)(start, uchardata);
3542 uchardata += PRIV(ord2utf)(end, uchardata);
3543 }
3544 else if (start == end)
3545 {
3546 *uchardata++ = XCL_SINGLE;
3547 uchardata += PRIV(ord2utf)(start, uchardata);
3548 }
3549 }
3550 else
3551 #endif /* SUPPORT_UTF */
3552
3553 /* Without UTF support, character values are constrained by the bit length,
3554 and can only be > 256 for 16-bit and 32-bit libraries. */
3555
3556 #ifdef COMPILE_PCRE8
3557 {}
3558 #else
3559 if (start < end)
3560 {
3561 *uchardata++ = XCL_RANGE;
3562 *uchardata++ = start;
3563 *uchardata++ = end;
3564 }
3565 else if (start == end)
3566 {
3567 *uchardata++ = XCL_SINGLE;
3568 *uchardata++ = start;
3569 }
3570 #endif
3571
3572 *uchardptr = uchardata; /* Updata extra data pointer */
3573 }
3574
3575 return n8; /* Number of 8-bit characters */
3576 }
3577
3578
3579
3580
3581 /*************************************************
3582 * Add a list of characters to a class *
3583 *************************************************/
3584
3585 /* This function is used for adding a list of case-equivalent characters to a
3586 class, and also for adding a list of horizontal or vertical whitespace. If the
3587 list is in order (which it should be), ranges of characters are detected and
3588 handled appropriately. This function is mutually recursive with the function
3589 above.
3590
3591 Arguments:
3592 classbits the bit map for characters < 256
3593 uchardptr points to the pointer for extra data
3594 options the options word
3595 cd contains pointers to tables etc.
3596 p points to row of 32-bit values, terminated by NOTACHAR
3597 except character to omit; this is used when adding lists of
3598 case-equivalent characters to avoid including the one we
3599 already know about
3600
3601 Returns: the number of < 256 characters added
3602 the pointer to extra data is updated
3603 */
3604
3605 static int
3606 add_list_to_class(pcre_uint8 *classbits, pcre_uchar **uchardptr, int options,
3607 compile_data *cd, const pcre_uint32 *p, unsigned int except)
3608 {
3609 int n8 = 0;
3610 while (p[0] < NOTACHAR)
3611 {
3612 int n = 0;
3613 if (p[0] != except)
3614 {
3615 while(p[n+1] == p[0] + n + 1) n++;
3616 n8 += add_to_class(classbits, uchardptr, options, cd, p[0], p[n]);
3617 }
3618 p += n + 1;
3619 }
3620 return n8;
3621 }
3622
3623
3624
3625 /*************************************************
3626 * Add characters not in a list to a class *
3627 *************************************************/
3628
3629 /* This function is used for adding the complement of a list of horizontal or
3630 vertical whitespace to a class. The list must be in order.
3631
3632 Arguments:
3633 classbits the bit map for characters < 256
3634 uchardptr points to the pointer for extra data
3635 options the options word
3636 cd contains pointers to tables etc.
3637 p points to row of 32-bit values, terminated by NOTACHAR
3638
3639 Returns: the number of < 256 characters added
3640 the pointer to extra data is updated
3641 */
3642
3643 static int
3644 add_not_list_to_class(pcre_uint8 *classbits, pcre_uchar **uchardptr,
3645 int options, compile_data *cd, const pcre_uint32 *p)
3646 {
3647 BOOL utf = (options & PCRE_UTF8) != 0;
3648 int n8 = 0;
3649 if (p[0] > 0)
3650 n8 += add_to_class(classbits, uchardptr, options, cd, 0, p[0] - 1);
3651 while (p[0] < NOTACHAR)
3652 {
3653 while (p[1] == p[0] + 1) p++;
3654 n8 += add_to_class(classbits, uchardptr, options, cd, p[0] + 1,
3655 (p[1] == NOTACHAR) ? (utf ? 0x10ffffu : 0xffffffffu) : p[1] - 1);
3656 p++;
3657 }
3658 return n8;
3659 }
3660
3661
3662
3663 /*************************************************
3664 * Compile one branch *
3665 *************************************************/
3666
3667 /* Scan the pattern, compiling it into the a vector. If the options are
3668 changed during the branch, the pointer is used to change the external options
3669 bits. This function is used during the pre-compile phase when we are trying
3670 to find out the amount of memory needed, as well as during the real compile
3671 phase. The value of lengthptr distinguishes the two phases.
3672
3673 Arguments:
3674 optionsptr pointer to the option bits
3675 codeptr points to the pointer to the current code point
3676 ptrptr points to the current pattern pointer
3677 errorcodeptr points to error code variable
3678 firstcharptr place to put the first required character
3679 firstcharflagsptr place to put the first character flags, or a negative number
3680 reqcharptr place to put the last required character
3681 reqcharflagsptr place to put the last required character flags, or a negative number
3682 bcptr points to current branch chain
3683 cond_depth conditional nesting depth
3684 cd contains pointers to tables etc.
3685 lengthptr NULL during the real compile phase
3686 points to length accumulator during pre-compile phase
3687
3688 Returns: TRUE on success
3689 FALSE, with *errorcodeptr set non-zero on error
3690 */
3691
3692 static BOOL
3693 compile_branch(int *optionsptr, pcre_uchar **codeptr,
3694 const pcre_uchar **ptrptr, int *errorcodeptr,
3695 pcre_uint32 *firstcharptr, pcre_int32 *firstcharflagsptr,
3696 pcre_uint32 *reqcharptr, pcre_int32 *reqcharflagsptr,
3697 branch_chain *bcptr, int cond_depth,
3698 compile_data *cd, int *lengthptr)
3699 {
3700 int repeat_type, op_type;
3701 int repeat_min = 0, repeat_max = 0; /* To please picky compilers */
3702 int bravalue = 0;
3703 int greedy_default, greedy_non_default;
3704 pcre_uint32 firstchar, reqchar;
3705 pcre_int32 firstcharflags, reqcharflags;
3706 pcre_uint32 zeroreqchar, zerofirstchar;
3707 pcre_int32 zeroreqcharflags, zerofirstcharflags;
3708 pcre_int32 req_caseopt, reqvary, tempreqvary;
3709 int options = *optionsptr; /* May change dynamically */
3710 int after_manual_callout = 0;
3711 int length_prevgroup = 0;
3712 register pcre_uint32 c;
3713 int escape;
3714 register pcre_uchar *code = *codeptr;
3715 pcre_uchar *last_code = code;
3716 pcre_uchar *orig_code = code;
3717 pcre_uchar *tempcode;
3718 BOOL inescq = FALSE;
3719 BOOL groupsetfirstchar = FALSE;
3720 const pcre_uchar *ptr = *ptrptr;
3721 const pcre_uchar *tempptr;
3722 const pcre_uchar *nestptr = NULL;
3723 pcre_uchar *previous = NULL;
3724 pcre_uchar *previous_callout = NULL;
3725 pcre_uchar *save_hwm = NULL;
3726 pcre_uint8 classbits[32];
3727
3728 /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
3729 must not do this for other options (e.g. PCRE_EXTENDED) because they may change
3730 dynamically as we process the pattern. */
3731
3732 #ifdef SUPPORT_UTF
3733 /* PCRE_UTF[16|32] have the same value as PCRE_UTF8. */
3734 BOOL utf = (options & PCRE_UTF8) != 0;
3735 #ifndef COMPILE_PCRE32
3736 pcre_uchar utf_chars[6];
3737 #endif
3738 #else
3739 BOOL utf = FALSE;
3740 #endif
3741
3742 /* Helper variables for OP_XCLASS opcode (for characters > 255). We define
3743 class_uchardata always so that it can be passed to add_to_class() always,
3744 though it will not be used in non-UTF 8-bit cases. This avoids having to supply
3745 alternative calls for the different cases. */
3746
3747 pcre_uchar *class_uchardata;
3748 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
3749 BOOL xclass;
3750 pcre_uchar *class_uchardata_base;
3751 #endif
3752
3753 #ifdef PCRE_DEBUG
3754 if (lengthptr != NULL) DPRINTF((">> start branch\n"));
3755 #endif
3756
3757 /* Set up the default and non-default settings for greediness */
3758
3759 greedy_default = ((options & PCRE_UNGREEDY) != 0);
3760 greedy_non_default = greedy_default ^ 1;
3761
3762 /* Initialize no first byte, no required byte. REQ_UNSET means "no char
3763 matching encountered yet". It gets changed to REQ_NONE if we hit something that
3764 matches a non-fixed char first char; reqchar just remains unset if we never
3765 find one.
3766
3767 When we hit a repeat whose minimum is zero, we may have to adjust these values
3768 to take the zero repeat into account. This is implemented by setting them to
3769 zerofirstbyte and zeroreqchar when such a repeat is encountered. The individual
3770 item types that can be repeated set these backoff variables appropriately. */
3771
3772 firstchar = reqchar = zerofirstchar = zeroreqchar = 0;
3773 firstcharflags = reqcharflags = zerofirstcharflags = zeroreqcharflags = REQ_UNSET;
3774
3775 /* The variable req_caseopt contains either the REQ_CASELESS value
3776 or zero, according to the current setting of the caseless flag. The
3777 REQ_CASELESS leaves the lower 28 bit empty. It is added into the
3778 firstchar or reqchar variables to record the case status of the
3779 value. This is used only for ASCII characters. */
3780
3781 req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS:0;
3782
3783 /* Switch on next character until the end of the branch */
3784
3785 for (;; ptr++)
3786 {
3787 BOOL negate_class;
3788 BOOL should_flip_negation;
3789 BOOL possessive_quantifier;
3790 BOOL is_quantifier;
3791 BOOL is_recurse;
3792 BOOL reset_bracount;
3793 int class_has_8bitchar;
3794 int class_one_char;
3795 int newoptions;
3796 int recno;
3797 int refsign;
3798 int skipbytes;
3799 pcre_uint32 subreqchar, subfirstchar;
3800 pcre_int32 subreqcharflags, subfirstcharflags;
3801 int terminator;
3802 unsigned int mclength;
3803 unsigned int tempbracount;
3804 pcre_uint32 ec;
3805 pcre_uchar mcbuffer[8];
3806
3807 /* Get next character in the pattern */
3808
3809 c = *ptr;
3810
3811 /* If we are at the end of a nested substitution, revert to the outer level
3812 string. Nesting only happens one level deep. */
3813
3814 if (c == 0 && nestptr != NULL)
3815 {
3816 ptr = nestptr;
3817 nestptr = NULL;
3818 c = *ptr;
3819 }
3820
3821 /* If we are in the pre-compile phase, accumulate the length used for the
3822 previous cycle of this loop. */
3823
3824 if (lengthptr != NULL)
3825 {
3826 #ifdef PCRE_DEBUG
3827 if (code > cd->hwm) cd->hwm = code; /* High water info */
3828 #endif
3829 if (code > cd->start_workspace + cd->workspace_size -
3830 WORK_SIZE_SAFETY_MARGIN) /* Check for overrun */
3831 {
3832 *errorcodeptr = ERR52;
3833 goto FAILED;
3834 }
3835
3836 /* There is at least one situation where code goes backwards: this is the
3837 case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
3838 the class is simply eliminated. However, it is created first, so we have to
3839 allow memory for it. Therefore, don't ever reduce the length at this point.
3840 */
3841
3842 if (code < last_code) code = last_code;
3843
3844 /* Paranoid check for integer overflow */
3845
3846 if (OFLOW_MAX - *lengthptr < code - last_code)
3847 {
3848 *errorcodeptr = ERR20;
3849 goto FAILED;
3850 }
3851
3852 *lengthptr += (int)(code - last_code);
3853 DPRINTF(("length=%d added %d c=%c (0x%x)\n", *lengthptr,
3854 (int)(code - last_code), c, c));
3855
3856 /* If "previous" is set and it is not at the start of the work space, move
3857 it back to there, in order to avoid filling up the work space. Otherwise,
3858 if "previous" is NULL, reset the current code pointer to the start. */
3859
3860 if (previous != NULL)
3861 {
3862 if (previous > orig_code)
3863 {
3864 memmove(orig_code, previous, IN_UCHARS(code - previous));
3865 code -= previous - orig_code;
3866 previous = orig_code;
3867 }
3868 }
3869 else code = orig_code;
3870
3871 /* Remember where this code item starts so we can pick up the length
3872 next time round. */
3873
3874 last_code = code;
3875 }
3876
3877 /* In the real compile phase, just check the workspace used by the forward
3878 reference list. */
3879
3880 else if (cd->hwm > cd->start_workspace + cd->workspace_size -
3881 WORK_SIZE_SAFETY_MARGIN)
3882 {
3883 *errorcodeptr = ERR52;
3884 goto FAILED;
3885 }
3886
3887 /* If in \Q...\E, check for the end; if not, we have a literal */
3888
3889 if (inescq && c != 0)
3890 {
3891 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3892 {
3893 inescq = FALSE;
3894 ptr++;
3895 continue;
3896 }
3897 else
3898 {
3899 if (previous_callout != NULL)
3900 {
3901 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3902 complete_callout(previous_callout, ptr, cd);
3903 previous_callout = NULL;
3904 }
3905 if ((options & PCRE_AUTO_CALLOUT) != 0)
3906 {
3907 previous_callout = code;
3908 code = auto_callout(code, ptr, cd);
3909 }
3910 goto NORMAL_CHAR;
3911 }
3912 }
3913
3914 /* Fill in length of a previous callout, except when the next thing is
3915 a quantifier. */
3916
3917 is_quantifier =
3918 c == CHAR_ASTERISK || c == CHAR_PLUS || c == CHAR_QUESTION_MARK ||
3919 (c == CHAR_LEFT_CURLY_BRACKET && is_counted_repeat(ptr+1));
3920
3921 if (!is_quantifier && previous_callout != NULL &&
3922 after_manual_callout-- <= 0)
3923 {
3924 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3925 complete_callout(previous_callout, ptr, cd);
3926 previous_callout = NULL;
3927 }
3928
3929 /* In extended mode, skip white space and comments. */
3930
3931 if ((options & PCRE_EXTENDED) != 0)
3932 {
3933 if (MAX_255(*ptr) && (cd->ctypes[c] & ctype_space) != 0) continue;
3934 if (c == CHAR_NUMBER_SIGN)
3935 {
3936 ptr++;
3937 while (*ptr != 0)
3938 {
3939 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
3940 ptr++;
3941 #ifdef SUPPORT_UTF
3942 if (utf) FORWARDCHAR(ptr);
3943 #endif
3944 }
3945 if (*ptr != 0) continue;
3946
3947 /* Else fall through to handle end of string */
3948 c = 0;
3949 }
3950 }
3951
3952 /* No auto callout for quantifiers. */
3953
3954 if ((options & PCRE_AUTO_CALLOUT) != 0 && !is_quantifier)
3955 {
3956 previous_callout = code;
3957 code = auto_callout(code, ptr, cd);
3958 }
3959
3960 switch(c)
3961 {
3962 /* ===================================================================*/
3963 case 0: /* The branch terminates at string end */
3964 case CHAR_VERTICAL_LINE: /* or | or ) */
3965 case CHAR_RIGHT_PARENTHESIS:
3966 *firstcharptr = firstchar;
3967 *firstcharflagsptr = firstcharflags;
3968 *reqcharptr = reqchar;
3969 *reqcharflagsptr = reqcharflags;
3970 *codeptr = code;
3971 *ptrptr = ptr;
3972 if (lengthptr != NULL)
3973 {
3974 if (OFLOW_MAX - *lengthptr < code - last_code)
3975 {
3976 *errorcodeptr = ERR20;
3977 goto FAILED;
3978 }
3979 *lengthptr += (int)(code - last_code); /* To include callout length */
3980 DPRINTF((">> end branch\n"));
3981 }
3982 return TRUE;
3983
3984
3985 /* ===================================================================*/
3986 /* Handle single-character metacharacters. In multiline mode, ^ disables
3987 the setting of any following char as a first character. */
3988
3989 case CHAR_CIRCUMFLEX_ACCENT:
3990 previous = NULL;
3991 if ((options & PCRE_MULTILINE) != 0)
3992 {
3993 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
3994 *code++ = OP_CIRCM;
3995 }
3996 else *code++ = OP_CIRC;
3997 break;
3998
3999 case CHAR_DOLLAR_SIGN:
4000 previous = NULL;
4001 *code++ = ((options & PCRE_MULTILINE) != 0)? OP_DOLLM : OP_DOLL;
4002 break;
4003
4004 /* There can never be a first char if '.' is first, whatever happens about
4005 repeats. The value of reqchar doesn't change either. */
4006
4007 case CHAR_DOT:
4008 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
4009 zerofirstchar = firstchar;
4010 zerofirstcharflags = firstcharflags;
4011 zeroreqchar = reqchar;
4012 zeroreqcharflags = reqcharflags;
4013 previous = code;
4014 *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
4015 break;
4016
4017
4018 /* ===================================================================*/
4019 /* Character classes. If the included characters are all < 256, we build a
4020 32-byte bitmap of the permitted characters, except in the special case
4021 where there is only one such character. For negated classes, we build the
4022 map as usual, then invert it at the end. However, we use a different opcode
4023 so that data characters > 255 can be handled correctly.
4024
4025 If the class contains characters outside the 0-255 range, a different
4026 opcode is compiled. It may optionally have a bit map for characters < 256,
4027 but those above are are explicitly listed afterwards. A flag byte tells
4028 whether the bitmap is present, and whether this is a negated class or not.
4029
4030 In JavaScript compatibility mode, an isolated ']' causes an error. In
4031 default (Perl) mode, it is treated as a data character. */
4032
4033 case CHAR_RIGHT_SQUARE_BRACKET:
4034 if ((cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
4035 {
4036 *errorcodeptr = ERR64;
4037 goto FAILED;
4038 }
4039 goto NORMAL_CHAR;
4040
4041 case CHAR_LEFT_SQUARE_BRACKET:
4042 previous = code;
4043
4044 /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
4045 they are encountered at the top level, so we'll do that too. */
4046
4047 if ((ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
4048 ptr[1] == CHAR_EQUALS_SIGN) &&
4049 check_posix_syntax(ptr, &tempptr))
4050 {
4051 *errorcodeptr = (ptr[1] == CHAR_COLON)? ERR13 : ERR31;
4052 goto FAILED;
4053 }
4054
4055 /* If the first character is '^', set the negation flag and skip it. Also,
4056 if the first few characters (either before or after ^) are \Q\E or \E we
4057 skip them too. This makes for compatibility with Perl. */
4058
4059 negate_class = FALSE;
4060 for (;;)
4061 {
4062 c = *(++ptr);
4063 if (c == CHAR_BACKSLASH)
4064 {
4065 if (ptr[1] == CHAR_E)
4066 ptr++;
4067 else if (STRNCMP_UC_C8(ptr + 1, STR_Q STR_BACKSLASH STR_E, 3) == 0)
4068 ptr += 3;
4069 else
4070 break;
4071 }
4072 else if (!negate_class && c == CHAR_CIRCUMFLEX_ACCENT)
4073 negate_class = TRUE;
4074 else break;
4075 }
4076
4077 /* Empty classes are allowed in JavaScript compatibility mode. Otherwise,
4078 an initial ']' is taken as a data character -- the code below handles
4079 that. In JS mode, [] must always fail, so generate OP_FAIL, whereas
4080 [^] must match any character, so generate OP_ALLANY. */
4081
4082 if (c == CHAR_RIGHT_SQUARE_BRACKET &&
4083 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
4084 {
4085 *code++ = negate_class? OP_ALLANY : OP_FAIL;
4086 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
4087 zerofirstchar = firstchar;
4088 zerofirstcharflags = firstcharflags;
4089 break;
4090 }
4091
4092 /* If a class contains a negative special such as \S, we need to flip the
4093 negation flag at the end, so that support for characters > 255 works
4094 correctly (they are all included in the class). */
4095
4096 should_flip_negation = FALSE;
4097
4098 /* For optimization purposes, we track some properties of the class:
4099 class_has_8bitchar will be non-zero if the class contains at least one <
4100 256 character; class_one_char will be 1 if the class contains just one
4101 character. */
4102
4103 class_has_8bitchar = 0;
4104 class_one_char = 0;
4105
4106 /* Initialize the 32-char bit map to all zeros. We build the map in a
4107 temporary bit of memory, in case the class contains fewer than two
4108 8-bit characters because in that case the compiled code doesn't use the bit
4109 map. */
4110
4111 memset(classbits, 0, 32 * sizeof(pcre_uint8));
4112
4113 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
4114 xclass = FALSE;
4115 class_uchardata = code + LINK_SIZE + 2; /* For XCLASS items */
4116 class_uchardata_base = class_uchardata; /* Save the start */
4117 #endif
4118
4119 /* Process characters until ] is reached. By writing this as a "do" it
4120 means that an initial ] is taken as a data character. At the start of the
4121 loop, c contains the first byte of the character. */
4122
4123 if (c != 0) do
4124 {
4125 const pcre_uchar *oldptr;
4126
4127 #ifdef SUPPORT_UTF
4128 if (utf && HAS_EXTRALEN(c))
4129 { /* Braces are required because the */
4130 GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
4131 }
4132 #endif
4133
4134 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
4135 /* In the pre-compile phase, accumulate the length of any extra
4136 data and reset the pointer. This is so that very large classes that
4137 contain a zillion > 255 characters no longer overwrite the work space
4138 (which is on the stack). We have to remember that there was XCLASS data,
4139 however. */
4140
4141 if (lengthptr != NULL && class_uchardata > class_uchardata_base)
4142 {
4143 xclass = TRUE;
4144 *lengthptr += class_uchardata - class_uchardata_base;
4145 class_uchardata = class_uchardata_base;
4146 }
4147 #endif
4148
4149 /* Inside \Q...\E everything is literal except \E */
4150
4151 if (inescq)
4152 {
4153 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E) /* If we are at \E */
4154 {
4155 inescq = FALSE; /* Reset literal state */
4156 ptr++; /* Skip the 'E' */
4157 continue; /* Carry on with next */
4158 }
4159 goto CHECK_RANGE; /* Could be range if \E follows */
4160 }
4161
4162 /* Handle POSIX class names. Perl allows a negation extension of the
4163 form [:^name:]. A square bracket that doesn't match the syntax is
4164 treated as a literal. We also recognize the POSIX constructions
4165 [.ch.] and [=ch=] ("collating elements") and fault them, as Perl
4166 5.6 and 5.8 do. */
4167
4168 if (c == CHAR_LEFT_SQUARE_BRACKET &&
4169 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
4170 ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &tempptr))
4171 {
4172 BOOL local_negate = FALSE;
4173 int posix_class, taboffset, tabopt;
4174 register const pcre_uint8 *cbits = cd->cbits;
4175 pcre_uint8 pbits[32];
4176
4177 if (ptr[1] != CHAR_COLON)
4178 {
4179 *errorcodeptr = ERR31;
4180 goto FAILED;
4181 }
4182
4183 ptr += 2;
4184 if (*ptr == CHAR_CIRCUMFLEX_ACCENT)
4185 {
4186 local_negate = TRUE;
4187 should_flip_negation = TRUE; /* Note negative special */
4188 ptr++;
4189 }
4190
4191 posix_class = check_posix_name(ptr, (int)(tempptr - ptr));
4192 if (posix_class < 0)
4193 {
4194 *errorcodeptr = ERR30;
4195 goto FAILED;
4196 }
4197
4198 /* If matching is caseless, upper and lower are converted to
4199 alpha. This relies on the fact that the class table starts with
4200 alpha, lower, upper as the first 3 entries. */
4201
4202 if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)
4203 posix_class = 0;
4204
4205 /* When PCRE_UCP is set, some of the POSIX classes are converted to
4206 different escape sequences that use Unicode properties. */
4207
4208 #ifdef SUPPORT_UCP
4209 if ((options & PCRE_UCP) != 0)
4210 {
4211 int pc = posix_class + ((local_negate)? POSIX_SUBSIZE/2 : 0);
4212 if (posix_substitutes[pc] != NULL)
4213 {
4214 nestptr = tempptr + 1;
4215 ptr = posix_substitutes[pc] - 1;
4216 continue;
4217 }
4218 }
4219 #endif
4220 /* In the non-UCP case, we build the bit map for the POSIX class in a
4221 chunk of local store because we may be adding and subtracting from it,
4222 and we don't want to subtract bits that may be in the main map already.
4223 At the end we or the result into the bit map that is being built. */
4224
4225 posix_class *= 3;
4226
4227 /* Copy in the first table (always present) */
4228
4229 memcpy(pbits, cbits + posix_class_maps[posix_class],
4230 32 * sizeof(pcre_uint8));
4231
4232 /* If there is a second table, add or remove it as required. */
4233
4234 taboffset = posix_class_maps[posix_class + 1];
4235 tabopt = posix_class_maps[posix_class + 2];
4236
4237 if (taboffset >= 0)
4238 {
4239 if (tabopt >= 0)
4240 for (c = 0; c < 32; c++) pbits[c] |= cbits[c + taboffset];
4241 else
4242 for (c = 0; c < 32; c++) pbits[c] &= ~cbits[c + taboffset];
4243 }
4244
4245 /* Now see if we need to remove any special characters. An option
4246 value of 1 removes vertical space and 2 removes underscore. */
4247
4248 if (tabopt < 0) tabopt = -tabopt;
4249 if (tabopt == 1) pbits[1] &= ~0x3c;
4250 else if (tabopt == 2) pbits[11] &= 0x7f;
4251
4252 /* Add the POSIX table or its complement into the main table that is
4253 being built and we are done. */
4254
4255 if (local_negate)
4256 for (c = 0; c < 32; c++) classbits[c] |= ~pbits[c];
4257 else
4258 for (c = 0; c < 32; c++) classbits[c] |= pbits[c];
4259
4260 ptr = tempptr + 1;
4261 /* Every class contains at least one < 256 character. */
4262 class_has_8bitchar = 1;
4263 /* Every class contains at least two characters. */
4264 class_one_char = 2;
4265 continue; /* End of POSIX syntax handling */
4266 }
4267
4268 /* Backslash may introduce a single character, or it may introduce one
4269 of the specials, which just set a flag. The sequence \b is a special
4270 case. Inside a class (and only there) it is treated as backspace. We
4271 assume that other escapes have more than one character in them, so
4272 speculatively set both class_has_8bitchar and class_one_char bigger
4273 than one. Unrecognized escapes fall through and are either treated
4274 as literal characters (by default), or are faulted if
4275 PCRE_EXTRA is set. */
4276
4277 if (c == CHAR_BACKSLASH)
4278 {
4279 escape = check_escape(&ptr, &ec, errorcodeptr, cd->bracount, options, TRUE);
4280
4281 if (*errorcodeptr != 0) goto FAILED;
4282
4283 if (escape == 0)
4284 c = ec;
4285 else if (escape == ESC_b) c = CHAR_BS; /* \b is backspace in a class */
4286 else if (escape == ESC_N) /* \N is not supported in a class */
4287 {
4288 *errorcodeptr = ERR71;
4289 goto FAILED;
4290 }
4291 else if (escape == ESC_Q) /* Handle start of quoted string */
4292 {
4293 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
4294 {
4295 ptr += 2; /* avoid empty string */
4296 }
4297 else inescq = TRUE;
4298 continue;
4299 }
4300 else if (escape == ESC_E) continue; /* Ignore orphan \E */
4301
4302 else
4303 {
4304 register const pcre_uint8 *cbits = cd->cbits;
4305 /* Every class contains at least two < 256 characters. */
4306 class_has_8bitchar++;
4307 /* Every class contains at least two characters. */
4308 class_one_char += 2;
4309
4310 switch (escape)
4311 {
4312 #ifdef SUPPORT_UCP
4313 case ESC_du: /* These are the values given for \d etc */
4314 case ESC_DU: /* when PCRE_UCP is set. We replace the */
4315 case ESC_wu: /* escape sequence with an appropriate \p */
4316 case ESC_WU: /* or \P to test Unicode properties instead */
4317 case ESC_su: /* of the default ASCII testing. */
4318 case ESC_SU:
4319 nestptr = ptr;
4320 ptr = substitutes[escape - ESC_DU] - 1; /* Just before substitute */
4321 class_has_8bitchar--; /* Undo! */
4322 continue;
4323 #endif
4324 case ESC_d:
4325 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
4326 continue;
4327
4328 case ESC_D:
4329 should_flip_negation = TRUE;
4330 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];
4331 continue;
4332
4333 case ESC_w:
4334 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_word];
4335 continue;
4336
4337 case ESC_W:
4338 should_flip_negation = TRUE;
4339 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];
4340 continue;
4341
4342 /* Perl 5.004 onwards omits VT from \s, but we must preserve it
4343 if it was previously set by something earlier in the character
4344 class. Luckily, the value of CHAR_VT is 0x0b in both ASCII and
4345 EBCDIC, so we lazily just adjust the appropriate bit. */
4346
4347 case ESC_s:
4348 classbits[0] |= cbits[cbit_space];
4349 classbits[1] |= cbits[cbit_space+1] & ~0x08;
4350 for (c = 2; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
4351 continue;
4352
4353 case ESC_S:
4354 should_flip_negation = TRUE;
4355 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];
4356 classbits[1] |= 0x08; /* Perl 5.004 onwards omits VT from \s */
4357 continue;
4358
4359 /* The rest apply in both UCP and non-UCP cases. */
4360
4361 case ESC_h:
4362 (void)add_list_to_class(classbits, &class_uchardata, options, cd,
4363 PRIV(hspace_list), NOTACHAR);
4364 continue;
4365
4366 case ESC_H:
4367 (void)add_not_list_to_class(classbits, &class_uchardata, options,
4368 cd, PRIV(hspace_list));
4369 continue;
4370
4371 case ESC_v:
4372 (void)add_list_to_class(classbits, &class_uchardata, options, cd,
4373 PRIV(vspace_list), NOTACHAR);
4374 continue;
4375
4376 case ESC_V:
4377 (void)add_not_list_to_class(classbits, &class_uchardata, options,
4378 cd, PRIV(vspace_list));
4379 continue;
4380
4381 #ifdef SUPPORT_UCP
4382 case ESC_p:
4383 case ESC_P:
4384 {
4385 BOOL negated;
4386 unsigned int ptype = 0, pdata = 0;
4387 if (!get_ucp(&ptr, &negated, &ptype, &pdata, errorcodeptr))
4388 goto FAILED;
4389 *class_uchardata++ = ((escape == ESC_p) != negated)?
4390 XCL_PROP : XCL_NOTPROP;
4391 *class_uchardata++ = ptype;
4392 *class_uchardata++ = pdata;
4393 class_has_8bitchar--; /* Undo! */
4394 continue;
4395 }
4396 #endif
4397 /* Unrecognized escapes are faulted if PCRE is running in its
4398 strict mode. By default, for compatibility with Perl, they are
4399 treated as literals. */
4400
4401 default:
4402 if ((options & PCRE_EXTRA) != 0)
4403 {
4404 *errorcodeptr = ERR7;
4405 goto FAILED;
4406 }
4407 class_has_8bitchar--; /* Undo the speculative increase. */
4408 class_one_char -= 2; /* Undo the speculative increase. */
4409 c = *ptr; /* Get the final character and fall through */
4410 break;
4411 }
4412 }
4413
4414 /* Fall through if the escape just defined a single character (c >= 0).
4415 This may be greater than 256. */
4416
4417 escape = 0;
4418
4419 } /* End of backslash handling */
4420
4421 /* A character may be followed by '-' to form a range. However, Perl does
4422 not permit ']' to be the end of the range. A '-' character at the end is
4423 treated as a literal. Perl ignores orphaned \E sequences entirely. The
4424 code for handling \Q and \E is messy. */
4425
4426 CHECK_RANGE:
4427 while (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
4428 {
4429 inescq = FALSE;
4430 ptr += 2;
4431 }
4432 oldptr = ptr;
4433
4434 /* Remember if \r or \n were explicitly used */
4435
4436 if (c == CHAR_CR || c == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
4437
4438 /* Check for range */
4439
4440 if (!inescq && ptr[1] == CHAR_MINUS)
4441 {
4442 pcre_uint32 d;
4443 ptr += 2;
4444 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E) ptr += 2;
4445
4446 /* If we hit \Q (not followed by \E) at this point, go into escaped
4447 mode. */
4448
4449 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
4450 {
4451 ptr += 2;
4452 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E)
4453 { ptr += 2; continue; }
4454 inescq = TRUE;
4455 break;
4456 }
4457
4458 /* Minus (hyphen) at the end of a class is treated as a literal, so put
4459 back the pointer and jump to handle the character that preceded it. */
4460
4461 if (*ptr == 0 || (!inescq && *ptr == CHAR_RIGHT_SQUARE_BRACKET))
4462 {
4463 ptr = oldptr;
4464 goto CLASS_SINGLE_CHARACTER;
4465 }
4466
4467 /* Otherwise, we have a potential range; pick up the next character */
4468
4469 #ifdef SUPPORT_UTF
4470 if (utf)
4471 { /* Braces are required because the */
4472 GETCHARLEN(d, ptr, ptr); /* macro generates multiple statements */
4473 }
4474 else
4475 #endif
4476 d = *ptr; /* Not UTF-8 mode */
4477
4478 /* The second part of a range can be a single-character escape, but
4479 not any of the other escapes. Perl 5.6 treats a hyphen as a literal
4480 in such circumstances. */
4481
4482 if (!inescq && d == CHAR_BACKSLASH)
4483 {
4484 int descape;
4485 descape = check_escape(&ptr, &d, errorcodeptr, cd->bracount, options, TRUE);
4486 if (*errorcodeptr != 0) goto FAILED;
4487
4488 /* \b is backspace; any other special means the '-' was literal. */
4489
4490 if (descape != 0)
4491 {
4492 if (descape == ESC_b) d = CHAR_BS; else
4493 {
4494 ptr = oldptr;
4495 goto CLASS_SINGLE_CHARACTER; /* A few lines below */
4496 }
4497 }
4498 }
4499
4500 /* Check that the two values are in the correct order. Optimize
4501 one-character ranges. */
4502
4503 if (d < c)
4504 {
4505 *errorcodeptr = ERR8;
4506 goto FAILED;
4507 }
4508 if (d == c) goto CLASS_SINGLE_CHARACTER; /* A few lines below */
4509
4510 /* We have found a character range, so single character optimizations
4511 cannot be done anymore. Any value greater than 1 indicates that there
4512 is more than one character. */
4513
4514 class_one_char = 2;
4515
4516 /* Remember an explicit \r or \n, and add the range to the class. */
4517
4518 if (d == CHAR_CR || d == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
4519
4520 class_has_8bitchar +=
4521 add_to_class(classbits, &class_uchardata, options, cd, c, d);
4522
4523 continue; /* Go get the next char in the class */
4524 }
4525
4526 /* Handle a single character - we can get here for a normal non-escape
4527 char, or after \ that introduces a single character or for an apparent
4528 range that isn't. Only the value 1 matters for class_one_char, so don't
4529 increase it if it is already 2 or more ... just in case there's a class
4530 with a zillion characters in it. */
4531
4532 CLASS_SINGLE_CHARACTER:
4533 if (class_one_char < 2) class_one_char++;
4534
4535 /* If class_one_char is 1, we have the first single character in the
4536 class, and there have been no prior ranges, or XCLASS items generated by
4537 escapes. If this is the final character in the class, we can optimize by
4538 turning the item into a 1-character OP_CHAR[I] if it's positive, or
4539 OP_NOT[I] if it's negative. In the positive case, it can cause firstchar
4540 to be set. Otherwise, there can be no first char if this item is first,
4541 whatever repeat count may follow. In the case of reqchar, save the
4542 previous value for reinstating. */
4543
4544 if (class_one_char == 1 && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
4545 {
4546 ptr++;
4547 zeroreqchar = reqchar;
4548 zeroreqcharflags = reqcharflags;
4549
4550 if (negate_class)
4551 {
4552 #ifdef SUPPORT_UCP
4553 int d;
4554 #endif
4555 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
4556 zerofirstchar = firstchar;
4557 zerofirstcharflags = firstcharflags;
4558
4559 /* For caseless UTF-8 mode when UCP support is available, check
4560 whether this character has more than one other case. If so, generate
4561 a special OP_NOTPROP item instead of OP_NOTI. */
4562
4563 #ifdef SUPPORT_UCP
4564 if (utf && (options & PCRE_CASELESS) != 0 &&
4565 (d = UCD_CASESET(c)) != 0)
4566 {
4567 *code++ = OP_NOTPROP;
4568 *code++ = PT_CLIST;
4569 *code++ = d;
4570 }
4571 else
4572 #endif
4573 /* Char has only one other case, or UCP not available */
4574
4575 {
4576 *code++ = ((options & PCRE_CASELESS) != 0)? OP_NOTI: OP_NOT;
4577 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
4578 if (utf && c > MAX_VALUE_FOR_SINGLE_CHAR)
4579 code += PRIV(ord2utf)(c, code);
4580 else
4581 #endif
4582 *code++ = c;
4583 }
4584
4585 /* We are finished with this character class */
4586
4587 goto END_CLASS;
4588 }
4589
4590 /* For a single, positive character, get the value into mcbuffer, and
4591 then we can handle this with the normal one-character code. */
4592
4593 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
4594 if (utf && c > MAX_VALUE_FOR_SINGLE_CHAR)
4595 mclength = PRIV(ord2utf)(c, mcbuffer);
4596 else
4597 #endif
4598 {
4599 mcbuffer[0] = c;
4600 mclength = 1;
4601 }
4602 goto ONE_CHAR;
4603 } /* End of 1-char optimization */
4604
4605 /* There is more than one character in the class, or an XCLASS item
4606 has been generated. Add this character to the class. */
4607
4608 class_has_8bitchar +=
4609 add_to_class(classbits, &class_uchardata, options, cd, c, c);
4610 }
4611
4612 /* Loop until ']' reached. This "while" is the end of the "do" far above.
4613 If we are at the end of an internal nested string, revert to the outer
4614 string. */
4615
4616 while (((c = *(++ptr)) != 0 ||
4617 (nestptr != NULL &&
4618 (ptr = nestptr, nestptr = NULL, c = *(++ptr)) != 0)) &&
4619 (c != CHAR_RIGHT_SQUARE_BRACKET || inescq));
4620
4621 /* Check for missing terminating ']' */
4622
4623 if (c == 0)
4624 {
4625 *errorcodeptr = ERR6;
4626 goto FAILED;
4627 }
4628
4629 /* We will need an XCLASS if data has been placed in class_uchardata. In
4630 the second phase this is a sufficient test. However, in the pre-compile
4631 phase, class_uchardata gets emptied to prevent workspace overflow, so it
4632 only if the very last character in the class needs XCLASS will it contain
4633 anything at this point. For this reason, xclass gets set TRUE above when
4634 uchar_classdata is emptied, and that's why this code is the way it is here
4635 instead of just doing a test on class_uchardata below. */
4636
4637 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
4638 if (class_uchardata > class_uchardata_base) xclass = TRUE;
4639 #endif
4640
4641 /* If this is the first thing in the branch, there can be no first char
4642 setting, whatever the repeat count. Any reqchar setting must remain
4643 unchanged after any kind of repeat. */
4644
4645 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
4646 zerofirstchar = firstchar;
4647 zerofirstcharflags = firstcharflags;
4648 zeroreqchar = reqchar;
4649 zeroreqcharflags = reqcharflags;
4650
4651 /* If there are characters with values > 255, we have to compile an
4652 extended class, with its own opcode, unless there was a negated special
4653 such as \S in the class, and PCRE_UCP is not set, because in that case all
4654 characters > 255 are in the class, so any that were explicitly given as
4655 well can be ignored. If (when there are explicit characters > 255 that must
4656 be listed) there are no characters < 256, we can omit the bitmap in the
4657 actual compiled code. */
4658
4659 #ifdef SUPPORT_UTF
4660 if (xclass && (!should_flip_negation || (options & PCRE_UCP) != 0))
4661 #elif !defined COMPILE_PCRE8
4662 if (xclass && !should_flip_negation)
4663 #endif
4664 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
4665 {
4666 *class_uchardata++ = XCL_END; /* Marks the end of extra data */
4667 *code++ = OP_XCLASS;
4668 code += LINK_SIZE;
4669 *code = negate_class? XCL_NOT:0;
4670
4671 /* If the map is required, move up the extra data to make room for it;
4672 otherwise just move the code pointer to the end of the extra data. */
4673
4674 if (class_has_8bitchar > 0)
4675 {
4676 *code++ |= XCL_MAP;
4677 memmove(code + (32 / sizeof(pcre_uchar)), code,
4678 IN_UCHARS(class_uchardata - code));
4679 memcpy(code, classbits, 32);
4680 code = class_uchardata + (32 / sizeof(pcre_uchar));
4681 }
4682 else code = class_uchardata;
4683
4684 /* Now fill in the complete length of the item */
4685
4686 PUT(previous, 1, (int)(code - previous));
4687 break; /* End of class handling */
4688 }
4689 #endif
4690
4691 /* If there are no characters > 255, or they are all to be included or
4692 excluded, set the opcode to OP_CLASS or OP_NCLASS, depending on whether the
4693 whole class was negated and whether there were negative specials such as \S
4694 (non-UCP) in the class. Then copy the 32-byte map into the code vector,
4695 negating it if necessary. */
4696
4697 *code++ = (negate_class == should_flip_negation) ? OP_CLASS : OP_NCLASS;
4698 if (lengthptr == NULL) /* Save time in the pre-compile phase */
4699 {
4700 if (negate_class)
4701 for (c = 0; c < 32; c++) classbits[c] = ~classbits[c];
4702 memcpy(code, classbits, 32);
4703 }
4704 code += 32 / sizeof(pcre_uchar);
4705
4706 END_CLASS:
4707 break;
4708
4709
4710 /* ===================================================================*/
4711 /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
4712 has been tested above. */
4713
4714 case CHAR_LEFT_CURLY_BRACKET:
4715 if (!is_quantifier) goto NORMAL_CHAR;
4716 ptr = read_repeat_counts(ptr+1, &repeat_min, &repeat_max, errorcodeptr);
4717 if (*errorcodeptr != 0) goto FAILED;
4718 goto REPEAT;
4719
4720 case CHAR_ASTERISK:
4721 repeat_min = 0;
4722 repeat_max = -1;
4723 goto REPEAT;
4724
4725 case CHAR_PLUS:
4726 repeat_min = 1;
4727 repeat_max = -1;
4728 goto REPEAT;
4729
4730 case CHAR_QUESTION_MARK:
4731 repeat_min = 0;
4732 repeat_max = 1;
4733
4734 REPEAT:
4735 if (previous == NULL)
4736 {
4737 *errorcodeptr = ERR9;
4738 goto FAILED;
4739 }
4740
4741 if (repeat_min == 0)
4742 {
4743 firstchar = zerofirstchar; /* Adjust for zero repeat */
4744 firstcharflags = zerofirstcharflags;
4745 reqchar = zeroreqchar; /* Ditto */
4746 reqcharflags = zeroreqcharflags;
4747 }
4748
4749 /* Remember whether this is a variable length repeat */
4750
4751 reqvary = (repeat_min == repeat_max)? 0 : REQ_VARY;
4752
4753 op_type = 0; /* Default single-char op codes */
4754 possessive_quantifier = FALSE; /* Default not possessive quantifier */
4755
4756 /* Save start of previous item, in case we have to move it up in order to
4757 insert something before it. */
4758
4759 tempcode = previous;
4760
4761 /* If the next character is '+', we have a possessive quantifier. This
4762 implies greediness, whatever the setting of the PCRE_UNGREEDY option.
4763 If the next character is '?' this is a minimizing repeat, by default,
4764 but if PCRE_UNGREEDY is set, it works the other way round. We change the
4765 repeat type to the non-default. */
4766
4767 if (ptr[1] == CHAR_PLUS)
4768 {
4769 repeat_type = 0; /* Force greedy */
4770 possessive_quantifier = TRUE;
4771 ptr++;
4772 }
4773 else if (ptr[1] == CHAR_QUESTION_MARK)
4774 {
4775 repeat_type = greedy_non_default;
4776 ptr++;
4777 }
4778 else repeat_type = greedy_default;
4779
4780 /* If previous was a recursion call, wrap it in atomic brackets so that
4781 previous becomes the atomic group. All recursions were so wrapped in the
4782 past, but it no longer happens for non-repeated recursions. In fact, the
4783 repeated ones could be re-implemented independently so as not to need this,
4784 but for the moment we rely on the code for repeating groups. */
4785
4786 if (*previous == OP_RECURSE)
4787 {
4788 memmove(previous + 1 + LINK_SIZE, previous, IN_UCHARS(1 + LINK_SIZE));
4789 *previous = OP_ONCE;
4790 PUT(previous, 1, 2 + 2*LINK_SIZE);
4791 previous[2 + 2*LINK_SIZE] = OP_KET;
4792 PUT(previous, 3 + 2*LINK_SIZE, 2 + 2*LINK_SIZE);
4793 code += 2 + 2 * LINK_SIZE;
4794 length_prevgroup = 3 + 3*LINK_SIZE;
4795
4796 /* When actually compiling, we need to check whether this was a forward
4797 reference, and if so, adjust the offset. */
4798
4799 if (lengthptr == NULL && cd->hwm >= cd->start_workspace + LINK_SIZE)
4800 {
4801 int offset = GET(cd->hwm, -LINK_SIZE);
4802 if (offset == previous + 1 - cd->start_code)
4803 PUT(cd->hwm, -LINK_SIZE, offset + 1 + LINK_SIZE);
4804 }
4805 }
4806
4807 /* Now handle repetition for the different types of item. */
4808
4809 /* If previous was a character or negated character match, abolish the item
4810 and generate a repeat item instead. If a char item has a minimum of more
4811 than one, ensure that it is set in reqchar - it might not be if a sequence
4812 such as x{3} is the first thing in a branch because the x will have gone
4813 into firstchar instead. */
4814
4815 if (*previous == OP_CHAR || *previous == OP_CHARI
4816 || *previous == OP_NOT || *previous == OP_NOTI)
4817 {
4818 switch (*previous)
4819 {
4820 default: /* Make compiler happy. */
4821 case OP_CHAR: op_type = OP_STAR - OP_STAR; break;
4822 case OP_CHARI: op_type = OP_STARI - OP_STAR; break;
4823 case OP_NOT: op_type = OP_NOTSTAR - OP_STAR; break;
4824 case OP_NOTI: op_type = OP_NOTSTARI - OP_STAR; break;
4825 }
4826
4827 /* Deal with UTF characters that take up more than one character. It's
4828 easier to write this out separately than try to macrify it. Use c to
4829 hold the length of the character in bytes, plus UTF_LENGTH to flag that
4830 it's a length rather than a small character. */
4831
4832 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
4833 if (utf && NOT_FIRSTCHAR(code[-1]))
4834 {
4835 pcre_uchar *lastchar = code - 1;
4836 BACKCHAR(lastchar);
4837 c = (int)(code - lastchar); /* Length of UTF-8 character */
4838 memcpy(utf_chars, lastchar, IN_UCHARS(c)); /* Save the char */
4839 c |= UTF_LENGTH; /* Flag c as a length */
4840 }
4841 else
4842 #endif /* SUPPORT_UTF */
4843
4844 /* Handle the case of a single charater - either with no UTF support, or
4845 with UTF disabled, or for a single character UTF character. */
4846 {
4847 c = code[-1];
4848 if (*previous <= OP_CHARI && repeat_min > 1)
4849 {
4850 reqchar = c;
4851 reqcharflags = req_caseopt | cd->req_varyopt;
4852 }
4853 }
4854
4855 /* If the repetition is unlimited, it pays to see if the next thing on
4856 the line is something that cannot possibly match this character. If so,
4857 automatically possessifying this item gains some performance in the case
4858 where the match fails. */
4859
4860 if (!possessive_quantifier &&
4861 repeat_max < 0 &&
4862 check_auto_possessive(previous, utf, ptr + 1, options, cd))
4863 {
4864 repeat_type = 0; /* Force greedy */
4865 possessive_quantifier = TRUE;
4866 }
4867
4868 goto OUTPUT_SINGLE_REPEAT; /* Code shared with single character types */
4869 }
4870
4871 /* If previous was a character type match (\d or similar), abolish it and
4872 create a suitable repeat item. The code is shared with single-character
4873 repeats by setting op_type to add a suitable offset into repeat_type. Note
4874 the the Unicode property types will be present only when SUPPORT_UCP is
4875 defined, but we don't wrap the little bits of code here because it just
4876 makes it horribly messy. */
4877
4878 else if (*previous < OP_EODN)
4879 {
4880 pcre_uchar *oldcode;
4881 int prop_type, prop_value;
4882 op_type = OP_TYPESTAR - OP_STAR; /* Use type opcodes */
4883 c = *previous;
4884
4885 if (!possessive_quantifier &&
4886 repeat_max < 0 &&
4887 check_auto_possessive(previous, utf, ptr + 1, options, cd))
4888 {
4889 repeat_type = 0; /* Force greedy */
4890 possessive_quantifier = TRUE;
4891 }
4892
4893 OUTPUT_SINGLE_REPEAT:
4894 if (*previous == OP_PROP || *previous == OP_NOTPROP)
4895 {
4896 prop_type = previous[1];
4897 prop_value = previous[2];
4898 }
4899 else prop_type = prop_value = -1;
4900
4901 oldcode = code;
4902 code = previous; /* Usually overwrite previous item */
4903
4904 /* If the maximum is zero then the minimum must also be zero; Perl allows
4905 this case, so we do too - by simply omitting the item altogether. */
4906
4907 if (repeat_max == 0) goto END_REPEAT;
4908
4909 /*--------------------------------------------------------------------*/
4910 /* This code is obsolete from release 8.00; the restriction was finally
4911 removed: */
4912
4913 /* All real repeats make it impossible to handle partial matching (maybe
4914 one day we will be able to remove this restriction). */
4915
4916 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4917 /*--------------------------------------------------------------------*/
4918
4919 /* Combine the op_type with the repeat_type */
4920
4921 repeat_type += op_type;
4922
4923 /* A minimum of zero is handled either as the special case * or ?, or as
4924 an UPTO, with the maximum given. */
4925
4926 if (repeat_min == 0)
4927 {
4928 if (repeat_max == -1) *code++ = OP_STAR + repeat_type;
4929 else if (repeat_max == 1) *code++ = OP_QUERY + repeat_type;
4930 else
4931 {
4932 *code++ = OP_UPTO + repeat_type;
4933 PUT2INC(code, 0, repeat_max);
4934 }
4935 }
4936
4937 /* A repeat minimum of 1 is optimized into some special cases. If the
4938 maximum is unlimited, we use OP_PLUS. Otherwise, the original item is
4939 left in place and, if the maximum is greater than 1, we use OP_UPTO with
4940 one less than the maximum. */
4941
4942 else if (repeat_min == 1)
4943 {
4944 if (repeat_max == -1)
4945 *code++ = OP_PLUS + repeat_type;
4946 else
4947 {
4948 code = oldcode; /* leave previous item in place */
4949 if (repeat_max == 1) goto END_REPEAT;
4950 *code++ = OP_UPTO + repeat_type;
4951 PUT2INC(code, 0, repeat_max - 1);
4952 }
4953 }
4954
4955 /* The case {n,n} is just an EXACT, while the general case {n,m} is
4956 handled as an EXACT followed by an UPTO. */
4957
4958 else
4959 {
4960 *code++ = OP_EXACT + op_type; /* NB EXACT doesn't have repeat_type */
4961 PUT2INC(code, 0, repeat_min);
4962
4963 /* If the maximum is unlimited, insert an OP_STAR. Before doing so,
4964 we have to insert the character for the previous code. For a repeated
4965 Unicode property match, there are two extra bytes that define the
4966 required property. In UTF-8 mode, long characters have their length in
4967 c, with the UTF_LENGTH bit as a flag. */
4968
4969 if (repeat_max < 0)
4970 {
4971 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
4972 if (utf && (c & UTF_LENGTH) != 0)
4973 {
4974 memcpy(code, utf_chars, IN_UCHARS(c & 7));
4975 code += c & 7;
4976 }
4977 else
4978 #endif
4979 {
4980 *code++ = c;
4981 if (prop_type >= 0)
4982 {
4983 *code++ = prop_type;
4984 *code++ = prop_value;
4985 }
4986 }
4987 *code++ = OP_STAR + repeat_type;
4988 }
4989
4990 /* Else insert an UPTO if the max is greater than the min, again
4991 preceded by the character, for the previously inserted code. If the
4992 UPTO is just for 1 instance, we can use QUERY instead. */
4993
4994 else if (repeat_max != repeat_min)
4995 {
4996 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
4997 if (utf && (c & UTF_LENGTH) != 0)
4998 {
4999 memcpy(code, utf_chars, IN_UCHARS(c & 7));
5000 code += c & 7;
5001 }
5002 else
5003 #endif
5004 *code++ = c;
5005 if (prop_type >= 0)
5006 {
5007 *code++ = prop_type;
5008 *code++ = prop_value;
5009 }
5010 repeat_max -= repeat_min;
5011
5012 if (repeat_max == 1)
5013 {
5014 *code++ = OP_QUERY + repeat_type;
5015 }
5016 else
5017 {
5018 *code++ = OP_UPTO + repeat_type;
5019 PUT2INC(code, 0, repeat_max);
5020 }
5021 }
5022 }
5023
5024 /* The character or character type itself comes last in all cases. */
5025
5026 #if defined SUPPORT_UTF && !defined COMPILE_PCRE32
5027 if (utf && (c & UTF_LENGTH) != 0)
5028 {
5029 memcpy(code, utf_chars, IN_UCHARS(c & 7));
5030 code += c & 7;
5031 }
5032 else
5033 #endif
5034 *code++ = c;
5035
5036 /* For a repeated Unicode property match, there are two extra bytes that
5037 define the required property. */
5038
5039 #ifdef SUPPORT_UCP
5040 if (prop_type >= 0)
5041 {
5042 *code++ = prop_type;
5043 *code++ = prop_value;
5044 }
5045 #endif
5046 }
5047
5048 /* If previous was a character class or a back reference, we put the repeat
5049 stuff after it, but just skip the item if the repeat was {0,0}. */
5050
5051 else if (*previous == OP_CLASS ||
5052 *previous == OP_NCLASS ||
5053 #if defined SUPPORT_UTF || !defined COMPILE_PCRE8
5054 *previous == OP_XCLASS ||
5055 #endif
5056 *previous == OP_REF ||
5057 *previous == OP_REFI)
5058 {
5059 if (repeat_max == 0)
5060 {
5061 code = previous;
5062 goto END_REPEAT;
5063 }
5064
5065 /*--------------------------------------------------------------------*/
5066 /* This code is obsolete from release 8.00; the restriction was finally
5067 removed: */
5068
5069 /* All real repeats make it impossible to handle partial matching (maybe
5070 one day we will be able to remove this restriction). */
5071
5072 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
5073 /*--------------------------------------------------------------------*/
5074
5075 if (repeat_min == 0 && repeat_max == -1)
5076 *code++ = OP_CRSTAR + repeat_type;
5077 else if (repeat_min == 1 && repeat_max == -1)
5078 *code++ = OP_CRPLUS + repeat_type;
5079 else if (repeat_min == 0 && repeat_max == 1)
5080 *code++ = OP_CRQUERY + repeat_type;
5081 else
5082 {
5083 *code++ = OP_CRRANGE + repeat_type;
5084 PUT2INC(code, 0, repeat_min);
5085 if (repeat_max == -1) repeat_max = 0; /* 2-byte encoding for max */
5086 PUT2INC(code, 0, repeat_max);
5087 }
5088 }
5089
5090 /* If previous was a bracket group, we may have to replicate it in certain
5091 cases. Note that at this point we can encounter only the "basic" bracket
5092 opcodes such as BRA and CBRA, as this is the place where they get converted
5093 into the more special varieties such as BRAPOS and SBRA. A test for >=
5094 OP_ASSERT and <= OP_COND includes ASSERT, ASSERT_NOT, ASSERTBACK,
5095 ASSERTBACK_NOT, ONCE, BRA, CBRA, and COND. Originally, PCRE did not allow
5096 repetition of assertions, but now it does, for Perl compatibility. */
5097
5098 else if (*previous >= OP_ASSERT && *previous <= OP_COND)
5099 {
5100 register int i;
5101 int len = (int)(code - previous);
5102 pcre_uchar *bralink = NULL;
5103 pcre_uchar *brazeroptr = NULL;
5104
5105 /* Repeating a DEFINE group is pointless, but Perl allows the syntax, so
5106 we just ignore the repeat. */
5107
5108 if (*previous == OP_COND && previous[LINK_SIZE+1] == OP_DEF)
5109 goto END_REPEAT;
5110
5111 /* There is no sense in actually repeating assertions. The only potential
5112 use of repetition is in cases when the assertion is optional. Therefore,
5113 if the minimum is greater than zero, just ignore the repeat. If the
5114 maximum is not not zero or one, set it to 1. */
5115
5116 if (*previous < OP_ONCE) /* Assertion */
5117 {
5118 if (repeat_min > 0) goto END_REPEAT;
5119 if (repeat_max < 0 || repeat_max > 1) repeat_max = 1;
5120 }
5121
5122 /* The case of a zero minimum is special because of the need to stick
5123 OP_BRAZERO in front of it, and because the group appears once in the
5124 data, whereas in other cases it appears the minimum number of times. For
5125 this reason, it is simplest to treat this case separately, as otherwise
5126 the code gets far too messy. There are several special subcases when the
5127 minimum is zero. */
5128
5129 if (repeat_min == 0)
5130 {
5131 /* If the maximum is also zero, we used to just omit the group from the
5132 output altogether, like this:
5133
5134 ** if (repeat_max == 0)
5135 ** {
5136 ** code = previous;
5137 ** goto END_REPEAT;
5138 ** }
5139
5140 However, that fails when a group or a subgroup within it is referenced
5141 as a subroutine from elsewhere in the pattern, so now we stick in
5142 OP_SKIPZERO in front of it so that it is skipped on execution. As we
5143 don't have a list of which groups are referenced, we cannot do this
5144 selectively.
5145
5146 If the maximum is 1 or unlimited, we just have to stick in the BRAZERO
5147 and do no more at this point. However, we do need to adjust any
5148 OP_RECURSE calls inside the group that refer to the group itself or any
5149 internal or forward referenced group, because the offset is from the
5150 start of the whole regex. Temporarily terminate the pattern while doing
5151 this. */
5152
5153 if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
5154 {
5155 *code = OP_END;
5156 adjust_recurse(previous, 1, utf, cd, save_hwm);
5157 memmove(previous + 1, previous, IN_UCHARS(len));
5158 code++;
5159 if (repeat_max == 0)
5160 {
5161 *previous++ = OP_SKIPZERO;
5162 goto END_REPEAT;
5163 }
5164 brazeroptr = previous; /* Save for possessive optimizing */
5165 *previous++ = OP_BRAZERO + repeat_type;
5166 }
5167
5168 /* If the maximum is greater than 1 and limited, we have to replicate
5169 in a nested fashion, sticking OP_BRAZERO before each set of brackets.
5170 The first one has to be handled carefully because it's the original
5171 copy, which has to be moved up. The remainder can be handled by code
5172 that is common with the non-zero minimum case below. We have to
5173 adjust the value or repeat_max, since one less copy is required. Once
5174 again, we may have to adjust any OP_RECURSE calls inside the group. */
5175
5176 else
5177 {
5178 int offset;
5179 *code = OP_END;
5180 adjust_recurse(previous, 2 + LINK_SIZE, utf, cd, save_hwm);
5181 memmove(previous + 2 + LINK_SIZE, previous, IN_UCHARS(len));
5182 code += 2 + LINK_SIZE;
5183 *previous++ = OP_BRAZERO + repeat_type;
5184 *previous++ = OP_BRA;
5185
5186 /* We chain together the bracket offset fields that have to be
5187 filled in later when the ends of the brackets are reached. */
5188
5189 offset = (bralink == NULL)? 0 : (int)(previous - bralink);
5190 bralink = previous;
5191 PUTINC(previous, 0, offset);
5192 }
5193
5194 repeat_max--;
5195 }
5196
5197 /* If the minimum is greater than zero, replicate the group as many
5198 times as necessary, and adjust the maximum to the number of subsequent
5199 copies that we need. If we set a first char from the group, and didn't
5200 set a required char, copy the latter from the former. If there are any
5201 forward reference subroutine calls in the group, there will be entries on
5202 the workspace list; replicate these with an appropriate increment. */
5203
5204 else
5205 {
5206 if (repeat_min > 1)
5207 {
5208 /* In the pre-compile phase, we don't actually do the replication. We
5209 just adjust the length as if we had. Do some paranoid checks for
5210 potential integer overflow. The INT64_OR_DOUBLE type is a 64-bit
5211 integer type when available, otherwise double. */
5212
5213 if (lengthptr != NULL)
5214 {
5215 int delta = (repeat_min - 1)*length_prevgroup;
5216 if ((INT64_OR_DOUBLE)(repeat_min - 1)*
5217 (INT64_OR_DOUBLE)length_prevgroup >
5218 (INT64_OR_DOUBLE)INT_MAX ||
5219 OFLOW_MAX - *lengthptr < delta)
5220 {
5221 *errorcodeptr = ERR20;
5222 goto FAILED;
5223 }
5224 *lengthptr += delta;
5225 }
5226
5227 /* This is compiling for real. If there is a set first byte for
5228 the group, and we have not yet set a "required byte", set it. Make
5229 sure there is enough workspace for copying forward references before
5230 doing the copy. */
5231
5232 else
5233 {
5234 if (groupsetfirstchar && reqcharflags < 0)
5235 {
5236 reqchar = firstchar;
5237 reqcharflags = firstcharflags;
5238 }
5239
5240 for (i = 1; i < repeat_min; i++)
5241 {
5242 pcre_uchar *hc;
5243 pcre_uchar *this_hwm = cd->hwm;
5244 memcpy(code, previous, IN_UCHARS(len));
5245
5246 while (cd->hwm > cd->start_workspace + cd->workspace_size -
5247 WORK_SIZE_SAFETY_MARGIN - (this_hwm - save_hwm))
5248 {
5249 int save_offset = save_hwm - cd->start_workspace;
5250 int this_offset = this_hwm - cd->start_workspace;
5251 *errorcodeptr = expand_workspace(cd);
5252 if (*errorcodeptr != 0) goto FAILED;
5253 save_hwm = (pcre_uchar *)cd->start_workspace + save_offset;
5254 this_hwm = (pcre_uchar *)cd->start_workspace + this_offset;
5255 }
5256
5257 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
5258 {
5259 PUT(cd->hwm, 0, GET(hc, 0) + len);
5260 cd->hwm += LINK_SIZE;
5261 }
5262 save_hwm = this_hwm;
5263 code += len;
5264 }
5265 }
5266 }
5267
5268 if (repeat_max > 0) repeat_max -= repeat_min;
5269 }
5270
5271 /* This code is common to both the zero and non-zero minimum cases. If
5272 the maximum is limited, it replicates the group in a nested fashion,
5273 remembering the bracket starts on a stack. In the case of a zero minimum,
5274 the first one was set up above. In all cases the repeat_max now specifies
5275 the number of additional copies needed. Again, we must remember to
5276 replicate entries on the forward reference list. */
5277
5278 if (repeat_max >= 0)
5279 {
5280 /* In the pre-compile phase, we don't actually do the replication. We
5281 just adjust the length as if we had. For each repetition we must add 1
5282 to the length for BRAZERO and for all but the last repetition we must
5283 add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
5284 paranoid checks to avoid integer overflow. The INT64_OR_DOUBLE type is
5285 a 64-bit integer type when available, otherwise double. */
5286
5287 if (lengthptr != NULL && repeat_max > 0)
5288 {
5289 int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
5290 2 - 2*LINK_SIZE; /* Last one doesn't nest */
5291 if ((INT64_OR_DOUBLE)repeat_max *
5292 (INT64_OR_DOUBLE)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
5293 > (INT64_OR_DOUBLE)INT_MAX ||
5294 OFLOW_MAX - *lengthptr < delta)
5295 {
5296 *errorcodeptr = ERR20;
5297 goto FAILED;
5298 }
5299 *lengthptr += delta;
5300 }
5301
5302 /* This is compiling for real */
5303
5304 else for (i = repeat_max - 1; i >= 0; i--)
5305 {
5306 pcre_uchar *hc;
5307 pcre_uchar *this_hwm = cd->hwm;
5308
5309 *code++ = OP_BRAZERO + repeat_type;
5310
5311 /* All but the final copy start a new nesting, maintaining the
5312 chain of brackets outstanding. */
5313
5314 if (i != 0)
5315 {
5316 int offset;
5317 *code++ = OP_BRA;
5318 offset = (bralink == NULL)? 0 : (int)(code - bralink);
5319 bralink = code;
5320 PUTINC(code, 0, offset);
5321 }
5322
5323 memcpy(code, previous, IN_UCHARS(len));
5324
5325 /* Ensure there is enough workspace for forward references before
5326 copying them. */
5327
5328 while (cd->hwm > cd->start_workspace + cd->workspace_size -
5329 WORK_SIZE_SAFETY_MARGIN - (this_hwm - save_hwm))
5330 {
5331 int save_offset = save_hwm - cd->start_workspace;
5332 int this_offset = this_hwm - cd->start_workspace;
5333 *errorcodeptr = expand_workspace(cd);
5334 if (*errorcodeptr != 0) goto FAILED;
5335 save_hwm = (pcre_uchar *)cd->start_workspace + save_offset;
5336 this_hwm = (pcre_uchar *)cd->start_workspace + this_offset;
5337 }
5338
5339 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
5340 {
5341 PUT(cd->hwm, 0, GET(hc, 0) + len + ((i != 0)? 2+LINK_SIZE : 1));
5342 cd->hwm += LINK_SIZE;
5343 }
5344 save_hwm = this_hwm;
5345 code += len;
5346 }
5347
5348 /* Now chain through the pending brackets, and fill in their length
5349 fields (which are holding the chain links pro tem). */
5350
5351 while (bralink != NULL)
5352 {
5353 int oldlinkoffset;
5354 int offset = (int)(code - bralink + 1);
5355 pcre_uchar *bra = code - offset;
5356 oldlinkoffset = GET(bra, 1);
5357 bralink = (oldlinkoffset == 0)? NULL : bralink - oldlinkoffset;
5358 *code++ = OP_KET;
5359 PUTINC(code, 0, offset);
5360 PUT(bra, 1, offset);
5361 }
5362 }
5363
5364 /* If the maximum is unlimited, set a repeater in the final copy. For
5365 ONCE brackets, that's all we need to do. However, possessively repeated
5366 ONCE brackets can be converted into non-capturing brackets, as the
5367 behaviour of (?:xx)++ is the same as (?>xx)++ and this saves having to
5368 deal with possessive ONCEs specially.
5369
5370 Otherwise, when we are doing the actual compile phase, check to see
5371 whether this group is one that could match an empty string. If so,
5372 convert the initial operator to the S form (e.g. OP_BRA -> OP_SBRA) so
5373 that runtime checking can be done. [This check is also applied to ONCE
5374 groups at runtime, but in a different way.]
5375
5376 Then, if the quantifier was possessive and the bracket is not a
5377 conditional, we convert the BRA code to the POS form, and the KET code to
5378 KETRPOS. (It turns out to be convenient at runtime to detect this kind of
5379 subpattern at both the start and at the end.) The use of special opcodes
5380 makes it possible to reduce greatly the stack usage in pcre_exec(). If
5381 the group is preceded by OP_BRAZERO, convert this to OP_BRAPOSZERO.
5382
5383 Then, if the minimum number of matches is 1 or 0, cancel the possessive
5384 flag so that the default action below, of wrapping everything inside
5385 atomic brackets, does not happen. When the minimum is greater than 1,
5386 there will be earlier copies of the group, and so we still have to wrap
5387 the whole thing. */
5388
5389 else
5390 {
5391 pcre_uchar *ketcode = code - 1 - LINK_SIZE;
5392 pcre_uchar *bracode = ketcode - GET(ketcode, 1);
5393
5394 /* Convert possessive ONCE brackets to non-capturing */
5395
5396 if ((*bracode == OP_ONCE || *bracode == OP_ONCE_NC) &&
5397 possessive_quantifier) *bracode = OP_BRA;
5398
5399 /* For non-possessive ONCE brackets, all we need to do is to
5400 set the KET. */
5401
5402 if (*bracode == OP_ONCE || *bracode == OP_ONCE_NC)
5403 *ketcode = OP_KETRMAX + repeat_type;
5404
5405 /* Handle non-ONCE brackets and possessive ONCEs (which have been
5406 converted to non-capturing above). */
5407
5408 else
5409 {
5410 /* In the compile phase, check for empty string matching. */
5411
5412 if (lengthptr == NULL)
5413 {
5414 pcre_uchar *scode = bracode;
5415 do
5416 {
5417 if (could_be_empty_branch(scode, ketcode, utf, cd))
5418 {
5419 *bracode += OP_SBRA - OP_BRA;
5420 break;
5421 }
5422 scode += GET(scode, 1);
5423 }
5424 while (*scode == OP_ALT);
5425 }
5426
5427 /* Handle possessive quantifiers. */
5428
5429 if (possessive_quantifier)
5430 {
5431 /* For COND brackets, we wrap the whole thing in a possessively
5432 repeated non-capturing bracket, because we have not invented POS
5433 versions of the COND opcodes. Because we are moving code along, we
5434 must ensure that any pending recursive references are updated. */
5435
5436 if (*bracode == OP_COND || *bracode == OP_SCOND)
5437 {
5438 int nlen = (int)(code - bracode);
5439 *code = OP_END;
5440 adjust_recurse(bracode, 1 + LINK_SIZE, utf, cd, save_hwm);
5441 memmove(bracode + 1 + LINK_SIZE, bracode, IN_UCHARS(nlen));
5442 code += 1 + LINK_SIZE;
5443 nlen += 1 + LINK_SIZE;
5444 *bracode = OP_BRAPOS;
5445 *code++ = OP_KETRPOS;
5446 PUTINC(code, 0, nlen);
5447 PUT(bracode, 1, nlen);
5448 }
5449
5450 /* For non-COND brackets, we modify the BRA code and use KETRPOS. */
5451
5452 else
5453 {
5454 *bracode += 1; /* Switch to xxxPOS opcodes */
5455 *ketcode = OP_KETRPOS;
5456 }
5457
5458 /* If the minimum is zero, mark it as possessive, then unset the
5459 possessive flag when the minimum is 0 or 1. */
5460
5461 if (brazeroptr != NULL) *brazeroptr = OP_BRAPOSZERO;
5462 if (repeat_min < 2) possessive_quantifier = FALSE;
5463 }
5464
5465 /* Non-possessive quantifier */
5466
5467 else *ketcode = OP_KETRMAX + repeat_type;
5468 }
5469 }
5470 }
5471
5472 /* If previous is OP_FAIL, it was generated by an empty class [] in
5473 JavaScript mode. The other ways in which OP_FAIL can be generated, that is
5474 by (*FAIL) or (?!) set previous to NULL, which gives a "nothing to repeat"
5475 error above. We can just ignore the repeat in JS case. */
5476
5477 else if (*previous == OP_FAIL) goto END_REPEAT;
5478
5479 /* Else there's some kind of shambles */
5480
5481 else
5482 {
5483 *errorcodeptr = ERR11;
5484 goto FAILED;
5485 }
5486
5487 /* If the character following a repeat is '+', or if certain optimization
5488 tests above succeeded, possessive_quantifier is TRUE. For some opcodes,
5489 there are special alternative opcodes for this case. For anything else, we
5490 wrap the entire repeated item inside OP_ONCE brackets. Logically, the '+'
5491 notation is just syntactic sugar, taken from Sun's Java package, but the
5492 special opcodes can optimize it.
5493
5494 Some (but not all) possessively repeated subpatterns have already been
5495 completely handled in the code just above. For them, possessive_quantifier
5496 is always FALSE at this stage.
5497
5498 Note that the repeated item starts at tempcode, not at previous, which
5499 might be the first part of a string whose (former) last char we repeated.
5500
5501 Possessifying an 'exact' quantifier has no effect, so we can ignore it. But
5502 an 'upto' may follow. We skip over an 'exact' item, and then test the
5503 length of what remains before proceeding. */
5504
5505 if (possessive_quantifier)
5506 {
5507 int len;
5508
5509 if (*tempcode == OP_TYPEEXACT)
5510 tempcode += PRIV(OP_lengths)[*tempcode] +
5511 ((tempcode[1 + IMM2_SIZE] == OP_PROP
5512 || tempcode[1 + IMM2_SIZE] == OP_NOTPROP)? 2 : 0);
5513
5514 else if (*tempcode == OP_EXACT || *tempcode == OP_NOTEXACT)
5515 {
5516 tempcode += PRIV(OP_lengths)[*tempcode];
5517 #ifdef SUPPORT_UTF
5518 if (utf && HAS_EXTRALEN(tempcode[-1]))
5519 tempcode += GET_EXTRALEN(tempcode[-1]);
5520 #endif
5521 }
5522
5523 len = (int)(code - tempcode);
5524 if (len > 0) switch (*tempcode)
5525 {
5526 case OP_STAR: *tempcode = OP_POSSTAR; break;
5527 case OP_PLUS: *tempcode = OP_POSPLUS; break;
5528 case OP_QUERY: *tempcode = OP_POSQUERY; break;
5529 case OP_UPTO: *tempcode = OP_POSUPTO; break;
5530
5531 case OP_STARI: *tempcode = OP_POSSTARI; break;
5532 case OP_PLUSI: *tempcode = OP_POSPLUSI; break;
5533 case OP_QUERYI: *tempcode = OP_POSQUERYI; break;
5534 case OP_UPTOI: *tempcode = OP_POSUPTOI; break;
5535
5536 case OP_NOTSTAR: *tempcode = OP_NOTPOSSTAR; break;
5537 case OP_NOTPLUS: *tempcode = OP_NOTPOSPLUS; break;
5538 case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
5539 case OP_NOTUPTO: *tempcode = OP_NOTPOSUPTO; break;
5540
5541 case OP_NOTSTARI: *tempcode = OP_NOTPOSSTARI; break;
5542 case OP_NOTPLUSI: *tempcode = OP_NOTPOSPLUSI; break;
5543 case OP_NOTQUERYI: *tempcode = OP_NOTPOSQUERYI; break;
5544 case OP_NOTUPTOI: *tempcode = OP_NOTPOSUPTOI; break;
5545
5546 case OP_TYPESTAR: *tempcode = OP_TYPEPOSSTAR; break;
5547 case OP_TYPEPLUS: *tempcode = OP_TYPEPOSPLUS; break;
5548 case OP_TYPEQUERY: *tempcode = OP_TYPEPOSQUERY; break;
5549 case OP_TYPEUPTO: *tempcode = OP_TYPEPOSUPTO; break;
5550
5551 /* Because we are moving code along, we must ensure that any
5552 pending recursive references are updated. */
5553
5554 default:
5555 *code = OP_END;
5556 adjust_recurse(tempcode, 1 + LINK_SIZE, utf, cd, save_hwm);
5557 memmove(tempcode + 1 + LINK_SIZE, tempcode, IN_UCHARS(len));
5558 code += 1 + LINK_SIZE;
5559 len += 1 + LINK_SIZE;
5560 tempcode[0] = OP_ONCE;
5561 *code++ = OP_KET;
5562 PUTINC(code, 0, len);
5563 PUT(tempcode, 1, len);
5564 break;
5565 }
5566 }
5567
5568 /* In all case we no longer have a previous item. We also set the
5569 "follows varying string" flag for subsequently encountered reqchars if
5570 it isn't already set and we have just passed a varying length item. */
5571
5572 END_REPEAT:
5573 previous = NULL;
5574 cd->req_varyopt |= reqvary;
5575 break;
5576
5577
5578 /* ===================================================================*/
5579 /* Start of nested parenthesized sub-expression, or comment or lookahead or
5580 lookbehind or option setting or condition or all the other extended
5581 parenthesis forms. */
5582
5583 case CHAR_LEFT_PARENTHESIS:
5584 newoptions = options;
5585 skipbytes = 0;
5586 bravalue = OP_CBRA;
5587 save_hwm = cd->hwm;
5588 reset_bracount = FALSE;
5589
5590 /* First deal with various "verbs" that can be introduced by '*'. */
5591
5592 ptr++;
5593 if (ptr[0] == CHAR_ASTERISK && (ptr[1] == ':'
5594 || (MAX_255(ptr[1]) && ((cd->ctypes[ptr[1]] & ctype_letter) != 0))))
5595 {
5596 int i, namelen;
5597 int arglen = 0;
5598 const char *vn = verbnames;
5599 const pcre_uchar *name = ptr + 1;
5600 const pcre_uchar *arg = NULL;
5601 previous = NULL;
5602 ptr++;
5603 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_letter) != 0) ptr++;
5604 namelen = (int)(ptr - name);
5605
5606 /* It appears that Perl allows any characters whatsoever, other than
5607 a closing parenthesis, to appear in arguments, so we no longer insist on
5608 letters, digits, and underscores. */
5609
5610 if (*ptr == CHAR_COLON)
5611 {
5612 arg = ++ptr;
5613 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5614 arglen = (int)(ptr - arg);
5615 if ((unsigned int)arglen > MAX_MARK)
5616 {
5617 *errorcodeptr = ERR75;
5618 goto FAILED;
5619 }
5620 }
5621
5622 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5623 {
5624 *errorcodeptr = ERR60;
5625 goto FAILED;
5626 }
5627
5628 /* Scan the table of verb names */
5629
5630 for (i = 0; i < verbcount; i++)
5631 {
5632 if (namelen == verbs[i].len &&
5633 STRNCMP_UC_C8(name, vn, namelen) == 0)
5634 {
5635 int setverb;
5636
5637 /* Check for open captures before ACCEPT and convert it to
5638 ASSERT_ACCEPT if in an assertion. */
5639
5640 if (verbs[i].op == OP_ACCEPT)
5641 {
5642 open_capitem *oc;
5643 if (arglen != 0)
5644 {
5645 *errorcodeptr = ERR59;
5646 goto FAILED;
5647 }
5648 cd->had_accept = TRUE;
5649 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
5650 {
5651 *code++ = OP_CLOSE;
5652 PUT2INC(code, 0, oc->number);
5653 }
5654 setverb = *code++ =
5655 (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
5656
5657 /* Do not set firstchar after *ACCEPT */
5658 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
5659 }
5660
5661 /* Handle other cases with/without an argument */
5662
5663 else if (arglen == 0)
5664 {
5665 if (verbs[i].op < 0) /* Argument is mandatory */
5666 {
5667 *errorcodeptr = ERR66;
5668 goto FAILED;
5669 }
5670 setverb = *code++ = verbs[i].op;
5671 }
5672
5673 else
5674 {
5675 if (verbs[i].op_arg < 0) /* Argument is forbidden */
5676 {
5677 *errorcodeptr = ERR59;
5678 goto FAILED;
5679 }
5680 setverb = *code++ = verbs[i].op_arg;
5681 *code++ = arglen;
5682 memcpy(code, arg, IN_UCHARS(arglen));
5683 code += arglen;
5684 *code++ = 0;
5685 }
5686
5687 switch (setverb)
5688 {
5689 case OP_THEN:
5690 case OP_THEN_ARG:
5691 cd->external_flags |= PCRE_HASTHEN;
5692 break;
5693
5694 case OP_PRUNE:
5695 case OP_PRUNE_ARG:
5696 case OP_SKIP:
5697 case OP_SKIP_ARG:
5698 cd->had_pruneorskip = TRUE;
5699 break;
5700 }
5701
5702 break; /* Found verb, exit loop */
5703 }
5704
5705 vn += verbs[i].len + 1;
5706 }
5707
5708 if (i < verbcount) continue; /* Successfully handled a verb */
5709 *errorcodeptr = ERR60; /* Verb not recognized */
5710 goto FAILED;
5711 }
5712
5713 /* Deal with the extended parentheses; all are introduced by '?', and the
5714 appearance of any of them means that this is not a capturing group. */
5715
5716 else if (*ptr == CHAR_QUESTION_MARK)
5717 {
5718 int i, set, unset, namelen;
5719 int *optset;
5720 const pcre_uchar *name;
5721 pcre_uchar *slot;
5722
5723 switch (*(++ptr))
5724 {
5725 case CHAR_NUMBER_SIGN: /* Comment; skip to ket */
5726 ptr++;
5727 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5728 if (*ptr == 0)
5729 {
5730 *errorcodeptr = ERR18;
5731 goto FAILED;
5732 }
5733 continue;
5734
5735
5736 /* ------------------------------------------------------------ */
5737 case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
5738 reset_bracount = TRUE;
5739 /* Fall through */
5740
5741 /* ------------------------------------------------------------ */
5742 case CHAR_COLON: /* Non-capturing bracket */
5743 bravalue = OP_BRA;
5744 ptr++;
5745 break;
5746
5747
5748 /* ------------------------------------------------------------ */
5749 case CHAR_LEFT_PARENTHESIS:
5750 bravalue = OP_COND; /* Conditional group */
5751
5752 /* A condition can be an assertion, a number (referring to a numbered
5753 group), a name (referring to a named group), or 'R', referring to
5754 recursion. R<digits> and R&name are also permitted for recursion tests.
5755
5756 There are several syntaxes for testing a named group: (?(name)) is used
5757 by Python; Perl 5.10 onwards uses (?(<name>) or (?('name')).
5758
5759 There are two unfortunate ambiguities, caused by history. (a) 'R' can
5760 be the recursive thing or the name 'R' (and similarly for 'R' followed
5761 by digits), and (b) a number could be a name that consists of digits.
5762 In both cases, we look for a name first; if not found, we try the other
5763 cases. */
5764
5765 /* For conditions that are assertions, check the syntax, and then exit
5766 the switch. This will take control down to where bracketed groups,
5767 including assertions, are processed. */
5768
5769 if (ptr[1] == CHAR_QUESTION_MARK && (ptr[2] == CHAR_EQUALS_SIGN ||
5770 ptr[2] == CHAR_EXCLAMATION_MARK || ptr[2] == CHAR_LESS_THAN_SIGN))
5771 break;
5772
5773 /* Most other conditions use OP_CREF (a couple change to OP_RREF
5774 below), and all need to skip 1+IMM2_SIZE bytes at the start of the group. */
5775
5776 code[1+LINK_SIZE] = OP_CREF;
5777 skipbytes = 1+IMM2_SIZE;
5778 refsign = -1;
5779
5780 /* Check for a test for recursion in a named group. */
5781
5782 if (ptr[1] == CHAR_R && ptr[2] == CHAR_AMPERSAND)
5783 {
5784 terminator = -1;
5785 ptr += 2;
5786 code[1+LINK_SIZE] = OP_RREF; /* Change the type of test */
5787 }
5788
5789 /* Check for a test for a named group's having been set, using the Perl
5790 syntax (?(<name>) or (?('name') */
5791
5792 else if (ptr[1] == CHAR_LESS_THAN_SIGN)
5793 {
5794 terminator = CHAR_GREATER_THAN_SIGN;
5795 ptr++;
5796 }
5797 else if (ptr[1] == CHAR_APOSTROPHE)
5798 {
5799 terminator = CHAR_APOSTROPHE;
5800 ptr++;
5801 }
5802 else
5803 {
5804 terminator = 0;
5805 if (ptr[1] == CHAR_MINUS || ptr[1] == CHAR_PLUS) refsign = *(++ptr);
5806 }
5807
5808 /* We now expect to read a name; any thing else is an error */
5809
5810 if (!MAX_255(ptr[1]) || (cd->ctypes[ptr[1]] & ctype_word) == 0)
5811 {
5812 ptr += 1; /* To get the right offset */
5813 *errorcodeptr = ERR28;
5814 goto FAILED;
5815 }
5816
5817 /* Read the name, but also get it as a number if it's all digits */
5818
5819 recno = 0;
5820 name = ++ptr;
5821 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_word) != 0)
5822 {
5823 if (recno >= 0)
5824 recno = (IS_DIGIT(*ptr))? recno * 10 + (int)(*ptr - CHAR_0) : -1;
5825 ptr++;
5826 }
5827 namelen = (int)(ptr - name);
5828
5829 if ((terminator > 0 && *ptr++ != (pcre_uchar)terminator) ||
5830 *ptr++ != CHAR_RIGHT_PARENTHESIS)
5831 {
5832 ptr--; /* Error offset */
5833 *errorcodeptr = ERR26;
5834 goto FAILED;
5835 }
5836
5837 /* Do no further checking in the pre-compile phase. */
5838
5839 if (lengthptr != NULL) break;
5840
5841 /* In the real compile we do the work of looking for the actual
5842 reference. If the string started with "+" or "-" we require the rest to
5843 be digits, in which case recno will be set. */
5844
5845 if (refsign > 0)
5846 {
5847 if (recno <= 0)
5848 {
5849 *errorcodeptr = ERR58;
5850 goto FAILED;
5851 }
5852 recno = (refsign == CHAR_MINUS)?
5853 cd->bracount - recno + 1 : recno +cd->bracount;
5854 if (recno <= 0 || recno > cd->final_bracount)
5855 {
5856 *errorcodeptr = ERR15;
5857 goto FAILED;
5858 }
5859 PUT2(code, 2+LINK_SIZE, recno);
5860 break;
5861 }
5862
5863 /* Otherwise (did not start with "+" or "-"), start by looking for the
5864 name. If we find a name, add one to the opcode to change OP_CREF or
5865 OP_RREF into OP_NCREF or OP_NRREF. These behave exactly the same,
5866 except they record that the reference was originally to a name. The
5867 information is used to check duplicate names. */
5868
5869 slot = cd->name_table;
5870 for (i = 0; i < cd->names_found; i++)
5871 {
5872 if (STRNCMP_UC_UC(name, slot+IMM2_SIZE, namelen) == 0) break;
5873 slot += cd->name_entry_size;
5874 }
5875
5876 /* Found a previous named subpattern */
5877
5878 if (i < cd->names_found)
5879 {
5880 recno = GET2(slot, 0);
5881 PUT2(code, 2+LINK_SIZE, recno);
5882 code[1+LINK_SIZE]++;
5883 }
5884
5885 /* Search the pattern for a forward reference */
5886
5887 else if ((i = find_parens(cd, name, namelen,
5888 (options & PCRE_EXTENDED) != 0, utf)) > 0)
5889 {
5890 PUT2(code, 2+LINK_SIZE, i);
5891 code[1+LINK_SIZE]++;
5892 }
5893
5894 /* If terminator == 0 it means that the name followed directly after
5895 the opening parenthesis [e.g. (?(abc)...] and in this case there are
5896 some further alternatives to try. For the cases where terminator != 0
5897 [things like (?(<name>... or (?('name')... or (?(R&name)... ] we have
5898 now checked all the possibilities, so give an error. */
5899
5900 else if (terminator != 0)
5901 {
5902 *errorcodeptr = ERR15;
5903 goto FAILED;
5904 }
5905
5906 /* Check for (?(R) for recursion. Allow digits after R to specify a
5907 specific group number. */
5908
5909 else if (*name == CHAR_R)
5910 {
5911 recno = 0;
5912 for (i = 1; i < namelen; i++)
5913 {
5914 if (!IS_DIGIT(name[i]))
5915 {
5916 *errorcodeptr = ERR15;
5917 goto FAILED;
5918 }
5919 recno = recno * 10 + name[i] - CHAR_0;
5920 }
5921 if (recno == 0) recno = RREF_ANY;
5922 code[1+LINK_SIZE] = OP_RREF; /* Change test type */
5923 PUT2(code, 2+LINK_SIZE, recno);
5924 }
5925
5926 /* Similarly, check for the (?(DEFINE) "condition", which is always
5927 false. */
5928
5929 else if (namelen == 6 && STRNCMP_UC_C8(name, STRING_DEFINE, 6) == 0)
5930 {
5931 code[1+LINK_SIZE] = OP_DEF;
5932 skipbytes = 1;
5933 }
5934
5935 /* Check for the "name" actually being a subpattern number. We are
5936 in the second pass here, so final_bracount is set. */
5937
5938 else if (recno > 0 && recno <= cd->final_bracount)
5939 {
5940 PUT2(code, 2+LINK_SIZE, recno);
5941 }
5942
5943 /* Either an unidentified subpattern, or a reference to (?(0) */
5944
5945 else
5946 {
5947 *errorcodeptr = (recno == 0)? ERR35: ERR15;
5948 goto FAILED;
5949 }
5950 break;
5951
5952
5953 /* ------------------------------------------------------------ */
5954 case CHAR_EQUALS_SIGN: /* Positive lookahead */
5955 bravalue = OP_ASSERT;
5956 cd->assert_depth += 1;
5957 ptr++;
5958 break;
5959
5960
5961 /* ------------------------------------------------------------ */
5962 case CHAR_EXCLAMATION_MARK: /* Negative lookahead */
5963 ptr++;
5964 if (*ptr == CHAR_RIGHT_PARENTHESIS) /* Optimize (?!) */
5965 {
5966 *code++ = OP_FAIL;
5967 previous = NULL;
5968 continue;
5969 }
5970 bravalue = OP_ASSERT_NOT;
5971 cd->assert_depth += 1;
5972 break;
5973
5974
5975 /* ------------------------------------------------------------ */
5976 case CHAR_LESS_THAN_SIGN: /* Lookbehind or named define */
5977 switch (ptr[1])
5978 {
5979 case CHAR_EQUALS_SIGN: /* Positive lookbehind */
5980 bravalue = OP_ASSERTBACK;
5981 cd->assert_depth += 1;
5982 ptr += 2;
5983 break;
5984
5985 case CHAR_EXCLAMATION_MARK: /* Negative lookbehind */
5986 bravalue = OP_ASSERTBACK_NOT;
5987 cd->assert_depth += 1;
5988 ptr += 2;
5989 break;
5990
5991 default: /* Could be name define, else bad */
5992 if (MAX_255(ptr[1]) && (cd->ctypes[ptr[1]] & ctype_word) != 0)
5993 goto DEFINE_NAME;
5994 ptr++; /* Correct offset for error */
5995 *errorcodeptr = ERR24;
5996 goto FAILED;
5997 }
5998 break;
5999
6000
6001 /* ------------------------------------------------------------ */
6002 case CHAR_GREATER_THAN_SIGN: /* One-time brackets */
6003 bravalue = OP_ONCE;
6004 ptr++;
6005 break;
6006
6007
6008 /* ------------------------------------------------------------ */
6009 case CHAR_C: /* Callout - may be followed by digits; */
6010 previous_callout = code; /* Save for later completion */
6011 after_manual_callout = 1; /* Skip one item before completing */
6012 *code++ = OP_CALLOUT;
6013 {
6014 int n = 0;
6015 ptr++;
6016 while(IS_DIGIT(*ptr))
6017 n = n * 10 + *ptr++ - CHAR_0;
6018 if (*ptr != CHAR_RIGHT_PARENTHESIS)
6019 {
6020 *errorcodeptr = ERR39;
6021 goto FAILED;
6022 }
6023 if (n > 255)
6024 {
6025 *errorcodeptr = ERR38;
6026 goto FAILED;
6027 }
6028 *code++ = n;
6029 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
6030 PUT(code, LINK_SIZE, 0); /* Default length */
6031 code += 2 * LINK_SIZE;
6032 }
6033 previous = NULL;
6034 continue;
6035
6036
6037 /* ------------------------------------------------------------ */
6038 case CHAR_P: /* Python-style named subpattern handling */
6039 if (*(++ptr) == CHAR_EQUALS_SIGN ||
6040 *ptr == CHAR_GREATER_THAN_SIGN) /* Reference or recursion */
6041 {
6042 is_recurse = *ptr == CHAR_GREATER_THAN_SIGN;
6043 terminator = CHAR_RIGHT_PARENTHESIS;
6044 goto NAMED_REF_OR_RECURSE;
6045 }
6046 else if (*ptr != CHAR_LESS_THAN_SIGN) /* Test for Python-style defn */
6047 {
6048 *errorcodeptr = ERR41;
6049 goto FAILED;
6050 }
6051 /* Fall through to handle (?P< as (?< is handled */
6052
6053
6054 /* ------------------------------------------------------------ */
6055 DEFINE_NAME: /* Come here from (?< handling */
6056 case CHAR_APOSTROPHE:
6057 {
6058 terminator = (*ptr == CHAR_LESS_THAN_SIGN)?
6059 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
6060 name = ++ptr;
6061
6062 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
6063 namelen = (int)(ptr - name);
6064
6065 /* In the pre-compile phase, just do a syntax check. */
6066
6067 if (lengthptr != NULL)
6068 {
6069 if (*ptr != (pcre_uchar)terminator)
6070 {
6071 *errorcodeptr = ERR42;
6072 goto FAILED;
6073 }
6074 if (cd->names_found >= MAX_NAME_COUNT)
6075 {
6076 *errorcodeptr = ERR49;
6077 goto FAILED;
6078 }
6079 if (namelen + IMM2_SIZE + 1 > cd->name_entry_size)
6080 {
6081 cd->name_entry_size = namelen + IMM2_SIZE + 1;
6082 if (namelen > MAX_NAME_SIZE)
6083 {
6084 *errorcodeptr = ERR48;
6085 goto FAILED;
6086 }
6087 }
6088 }
6089
6090 /* In the real compile, create the entry in the table, maintaining
6091 alphabetical order. Duplicate names for different numbers are
6092 permitted only if PCRE_DUPNAMES is set. Duplicate names for the same
6093 number are always OK. (An existing number can be re-used if (?|
6094 appears in the pattern.) In either event, a duplicate name results in
6095 a duplicate entry in the table, even if the number is the same. This
6096 is because the number of names, and hence the table size, is computed
6097 in the pre-compile, and it affects various numbers and pointers which
6098 would all have to be modified, and the compiled code moved down, if
6099 duplicates with the same number were omitted from the table. This
6100 doesn't seem worth the hassle. However, *different* names for the
6101 same number are not permitted. */
6102
6103 else
6104 {
6105 BOOL dupname = FALSE;
6106 slot = cd->name_table;
6107
6108 for (i = 0; i < cd->names_found; i++)
6109 {
6110 int crc = memcmp(name, slot+IMM2_SIZE, IN_UCHARS(namelen));
6111 if (crc == 0)
6112 {
6113 if (slot[IMM2_SIZE+namelen] == 0)
6114 {
6115 if (GET2(slot, 0) != cd->bracount + 1 &&
6116 (options & PCRE_DUPNAMES) == 0)
6117 {
6118 *errorcodeptr = ERR43;
6119 goto FAILED;
6120 }
6121 else dupname = TRUE;
6122 }
6123 else crc = -1; /* Current name is a substring */
6124 }
6125
6126 /* Make space in the table and break the loop for an earlier
6127 name. For a duplicate or later name, carry on. We do this for
6128 duplicates so that in the simple case (when ?(| is not used) they
6129 are in order of their numbers. */
6130
6131 if (crc < 0)
6132 {
6133 memmove(slot + cd->name_entry_size, slot,
6134 IN_UCHARS((cd->names_found - i) * cd->name_entry_size));
6135 break;
6136 }
6137
6138 /* Continue the loop for a later or duplicate name */
6139
6140 slot += cd->name_entry_size;
6141 }
6142
6143 /* For non-duplicate names, check for a duplicate number before
6144 adding the new name. */
6145
6146 if (!dupname)
6147 {
6148 pcre_uchar *cslot = cd->name_table;
6149 for (i = 0; i < cd->names_found; i++)
6150 {
6151 if (cslot != slot)
6152 {
6153 if (GET2(cslot, 0) == cd->bracount + 1)
6154 {
6155 *errorcodeptr = ERR65;
6156 goto FAILED;
6157 }
6158 }
6159 else i--;
6160 cslot += cd->name_entry_size;
6161 }
6162 }
6163
6164 PUT2(slot, 0, cd->bracount + 1);
6165 memcpy(slot + IMM2_SIZE, name, IN_UCHARS(namelen));
6166 slot[IMM2_SIZE + namelen] = 0;
6167 }
6168 }
6169
6170 /* In both pre-compile and compile, count the number of names we've
6171 encountered. */
6172
6173 cd->names_found++;
6174 ptr++; /* Move past > or ' */
6175 goto NUMBERED_GROUP;
6176
6177
6178 /* ------------------------------------------------------------ */
6179 case CHAR_AMPERSAND: /* Perl recursion/subroutine syntax */
6180 terminator = CHAR_RIGHT_PARENTHESIS;
6181 is_recurse = TRUE;
6182 /* Fall through */
6183
6184 /* We come here from the Python syntax above that handles both
6185 references (?P=name) and recursion (?P>name), as well as falling
6186 through from the Perl recursion syntax (?&name). We also come here from
6187 the Perl \k<name> or \k'name' back reference syntax and the \k{name}
6188 .NET syntax, and the Oniguruma \g<...> and \g'...' subroutine syntax. */
6189
6190 NAMED_REF_OR_RECURSE:
6191 name = ++ptr;
6192 while (MAX_255(*ptr) && (cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
6193 namelen = (int)(ptr - name);
6194
6195 /* In the pre-compile phase, do a syntax check. We used to just set
6196 a dummy reference number, because it was not used in the first pass.
6197 However, with the change of recursive back references to be atomic,
6198 we have to look for the number so that this state can be identified, as
6199 otherwise the incorrect length is computed. If it's not a backwards
6200 reference, the dummy number will do. */
6201
6202 if (lengthptr != NULL)
6203 {
6204 const pcre_uchar *temp;
6205
6206 if (namelen == 0)
6207 {
6208 *errorcodeptr = ERR62;
6209 goto FAILED;
6210 }
6211 if (*ptr != (pcre_uchar)terminator)
6212 {
6213 *errorcodeptr = ERR42;
6214 goto FAILED;
6215 }
6216 if (namelen > MAX_NAME_SIZE)
6217 {
6218 *errorcodeptr = ERR48;
6219 goto FAILED;
6220 }
6221
6222 /* The name table does not exist in the first pass, so we cannot
6223 do a simple search as in the code below. Instead, we have to scan the
6224 pattern to find the number. It is important that we scan it only as
6225 far as we have got because the syntax of named subpatterns has not
6226 been checked for the rest of the pattern, and find_parens() assumes
6227 correct syntax. In any case, it's a waste of resources to scan
6228 further. We stop the scan at the current point by temporarily
6229 adjusting the value of cd->endpattern. */
6230
6231 temp = cd->end_pattern;
6232 cd->end_pattern = ptr;
6233 recno = find_parens(cd, name, namelen,
6234 (options & PCRE_EXTENDED) != 0, utf);
6235 cd->end_pattern = temp;
6236 if (recno < 0) recno = 0; /* Forward ref; set dummy number */
6237 }
6238
6239 /* In the real compile, seek the name in the table. We check the name
6240 first, and then check that we have reached the end of the name in the
6241 table. That way, if the name that is longer than any in the table,
6242 the comparison will fail without reading beyond the table entry. */
6243
6244 else
6245 {
6246 slot = cd->name_table;
6247 for (i = 0; i < cd->names_found; i++)
6248 {
6249 if (STRNCMP_UC_UC(name, slot+IMM2_SIZE, namelen) == 0 &&
6250 slot[IMM2_SIZE+namelen] == 0)
6251 break;
6252 slot += cd->name_entry_size;
6253 }
6254
6255 if (i < cd->names_found) /* Back reference */
6256 {
6257 recno = GET2(slot, 0);
6258 }
6259 else if ((recno = /* Forward back reference */
6260 find_parens(cd, name, namelen,
6261 (options & PCRE_EXTENDED) != 0, utf)) <= 0)
6262 {
6263 *errorcodeptr = ERR15;
6264 goto FAILED;
6265 }
6266 }
6267
6268 /* In both phases, we can now go to the code than handles numerical
6269 recursion or backreferences. */
6270
6271 if (is_recurse) goto HANDLE_RECURSION;
6272 else goto HANDLE_REFERENCE;
6273
6274
6275 /* ------------------------------------------------------------ */
6276 case CHAR_R: /* Recursion */
6277 ptr++; /* Same as (?0) */
6278 /* Fall through */
6279
6280
6281 /* ------------------------------------------------------------ */
6282 case CHAR_MINUS: case CHAR_PLUS: /* Recursion or subroutine */
6283 case CHAR_0: case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4:
6284 case CHAR_5: case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
6285 {
6286 const pcre_uchar *called;
6287 terminator = CHAR_RIGHT_PARENTHESIS;
6288
6289 /* Come here from the \g<...> and \g'...' code (Oniguruma
6290 compatibility). However, the syntax has been checked to ensure that
6291 the ... are a (signed) number, so that neither ERR63 nor ERR29 will
6292 be called on this path, nor with the jump to OTHER_CHAR_AFTER_QUERY
6293 ever be taken. */
6294
6295 HANDLE_NUMERICAL_RECURSION:
6296
6297 if ((refsign = *ptr) == CHAR_PLUS)
6298 {
6299 ptr++;
6300 if (!IS_DIGIT(*ptr))
6301 {
6302 *errorcodeptr = ERR63;
6303 goto FAILED;
6304 }
6305 }
6306 else if (refsign == CHAR_MINUS)
6307 {
6308 if (!IS_DIGIT(ptr[1]))
6309 goto OTHER_CHAR_AFTER_QUERY;
6310 ptr++;
6311 }
6312
6313 recno = 0;
6314 while(IS_DIGIT(*ptr))
6315 recno = recno * 10 + *ptr++ - CHAR_0;
6316
6317 if (*ptr != (pcre_uchar)terminator)
6318 {
6319 *errorcodeptr = ERR29;
6320 goto FAILED;
6321 }
6322
6323 if (refsign == CHAR_MINUS)
6324 {
6325 if (recno == 0)
6326 {
6327 *errorcodeptr = ERR58;
6328 goto FAILED;
6329 }
6330 recno = cd->bracount - recno + 1;
6331 if (recno <= 0)
6332 {
6333 *errorcodeptr = ERR15;
6334 goto FAILED;
6335 }
6336 }
6337 else if (refsign == CHAR_PLUS)
6338 {
6339 if (recno == 0)
6340 {
6341 *errorcodeptr = ERR58;
6342 goto FAILED;
6343 }
6344 recno += cd->bracount;
6345 }
6346
6347 /* Come here from code above that handles a named recursion */
6348
6349 HANDLE_RECURSION:
6350
6351 previous = code;
6352 called = cd->start_code;
6353
6354 /* When we are actually compiling, find the bracket that is being
6355 referenced. Temporarily end the regex in case it doesn't exist before
6356 this point. If we end up with a forward reference, first check that
6357 the bracket does occur later so we can give the error (and position)
6358 now. Then remember this forward reference in the workspace so it can
6359 be filled in at the end. */
6360
6361 if (lengthptr == NULL)
6362 {
6363 *code = OP_END;
6364 if (recno != 0)
6365 called = PRIV(find_bracket)(cd->start_code, utf, recno);
6366
6367 /* Forward reference */
6368
6369 if (called == NULL)
6370 {
6371 if (find_parens(cd, NULL, recno,
6372 (options & PCRE_EXTENDED) != 0, utf) < 0)
6373 {
6374 *errorcodeptr = ERR15;
6375 goto FAILED;
6376 }
6377
6378 /* Fudge the value of "called" so that when it is inserted as an
6379 offset below, what it actually inserted is the reference number
6380 of the group. Then remember the forward reference. */
6381
6382 called = cd->start_code + recno;
6383 if (cd->hwm >= cd->start_workspace + cd->workspace_size -
6384 WORK_SIZE_SAFETY_MARGIN)
6385 {
6386 *errorcodeptr = expand_workspace(cd);
6387 if (*errorcodeptr != 0) goto FAILED;
6388 }
6389 PUTINC(cd->hwm, 0, (int)(code + 1 - cd->start_code));
6390 }
6391
6392 /* If not a forward reference, and the subpattern is still open,
6393 this is a recursive call. We check to see if this is a left
6394 recursion that could loop for ever, and diagnose that case. We
6395 must not, however, do this check if we are in a conditional
6396 subpattern because the condition might be testing for recursion in
6397 a pattern such as /(?(R)a+|(?R)b)/, which is perfectly valid.
6398 Forever loops are also detected at runtime, so those that occur in
6399 conditional subpatterns will be picked up then. */
6400
6401 else if (GET(called, 1) == 0 && cond_depth <= 0 &&
6402 could_be_empty(called, code, bcptr, utf, cd))
6403 {
6404 *errorcodeptr = ERR40;
6405 goto FAILED;
6406 }
6407 }
6408
6409 /* Insert the recursion/subroutine item. It does not have a set first
6410 character (relevant if it is repeated, because it will then be
6411 wrapped with ONCE brackets). */
6412
6413 *code = OP_RECURSE;
6414 PUT(code, 1, (int)(called - cd->start_code));
6415 code += 1 + LINK_SIZE;
6416 groupsetfirstchar = FALSE;
6417 }
6418
6419 /* Can't determine a first byte now */
6420
6421 if (firstcharflags == REQ_UNSET) firstcharflags = REQ_NONE;
6422 continue;
6423
6424
6425 /* ------------------------------------------------------------ */
6426 default: /* Other characters: check option setting */
6427 OTHER_CHAR_AFTER_QUERY:
6428 set = unset = 0;
6429 optset = &set;
6430
6431 while (*ptr != CHAR_RIGHT_PARENTHESIS && *ptr != CHAR_COLON)
6432 {
6433 switch (*ptr++)
6434 {
6435 case CHAR_MINUS: optset = &unset; break;
6436
6437 case CHAR_J: /* Record that it changed in the external options */
6438 *optset |= PCRE_DUPNAMES;
6439 cd->external_flags |= PCRE_JCHANGED;
6440 break;
6441
6442 case CHAR_i: *optset |= PCRE_CASELESS; break;
6443 case CHAR_m: *optset |= PCRE_MULTILINE; break;
6444 case CHAR_s: *optset |= PCRE_DOTALL; break;
6445 case CHAR_x: *optset |= PCRE_EXTENDED; break;
6446 case CHAR_U: *optset |= PCRE_UNGREEDY; break;
6447 case CHAR_X: *optset |= PCRE_EXTRA; break;
6448
6449 default: *errorcodeptr = ERR12;
6450 ptr--; /* Correct the offset */
6451 goto FAILED;
6452 }
6453 }
6454
6455 /* Set up the changed option bits, but don't change anything yet. */
6456
6457 newoptions = (options | set) & (~unset);
6458
6459 /* If the options ended with ')' this is not the start of a nested
6460 group with option changes, so the options change at this level. If this
6461 item is right at the start of the pattern, the options can be
6462 abstracted and made external in the pre-compile phase, and ignored in
6463 the compile phase. This can be helpful when matching -- for instance in
6464 caseless checking of required bytes.
6465
6466 If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are
6467 definitely *not* at the start of the pattern because something has been
6468 compiled. In the pre-compile phase, however, the code pointer can have
6469 that value after the start, because it gets reset as code is discarded
6470 during the pre-compile. However, this can happen only at top level - if
6471 we are within parentheses, the starting BRA will still be present. At
6472 any parenthesis level, the length value can be used to test if anything
6473 has been compiled at that level. Thus, a test for both these conditions
6474 is necessary to ensure we correctly detect the start of the pattern in
6475 both phases.
6476
6477 If we are not at the pattern start, reset the greedy defaults and the
6478 case value for firstchar and reqchar. */
6479
6480 if (*ptr == CHAR_RIGHT_PARENTHESIS)
6481 {
6482 if (code == cd->start_code + 1 + LINK_SIZE &&
6483 (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
6484 {
6485 cd->external_options = newoptions;
6486 }
6487 else
6488 {
6489 greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
6490 greedy_non_default = greedy_default ^ 1;
6491 req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS:0;
6492 }
6493
6494 /* Change options at this level, and pass them back for use
6495 in subsequent branches. */
6496
6497 *optionsptr = options = newoptions;
6498 previous = NULL; /* This item can't be repeated */
6499 continue; /* It is complete */
6500 }
6501
6502 /* If the options ended with ':' we are heading into a nested group
6503 with possible change of options. Such groups are non-capturing and are
6504 not assertions of any kind. All we need to do is skip over the ':';
6505 the newoptions value is handled below. */
6506
6507 bravalue = OP_BRA;
6508 ptr++;
6509 } /* End of switch for character following (? */
6510 } /* End of (? handling */
6511
6512 /* Opening parenthesis not followed by '*' or '?'. If PCRE_NO_AUTO_CAPTURE
6513 is set, all unadorned brackets become non-capturing and behave like (?:...)
6514 brackets. */
6515
6516 else if ((options & PCRE_NO_AUTO_CAPTURE) != 0)
6517 {
6518 bravalue = OP_BRA;
6519 }
6520
6521 /* Else we have a capturing group. */
6522
6523 else
6524 {
6525 NUMBERED_GROUP:
6526 cd->bracount += 1;
6527 PUT2(code, 1+LINK_SIZE, cd->bracount);
6528 skipbytes = IMM2_SIZE;
6529 }
6530
6531 /* Process nested bracketed regex. Assertions used not to be repeatable,
6532 but this was changed for Perl compatibility, so all kinds can now be
6533 repeated. We copy code into a non-register variable (tempcode) in order to
6534 be able to pass its address because some compilers complain otherwise. */
6535
6536 previous = code; /* For handling repetition */
6537 *code = bravalue;
6538 tempcode = code;
6539 tempreqvary = cd->req_varyopt; /* Save value before bracket */
6540 tempbracount = cd->bracount; /* Save value before bracket */
6541 length_prevgroup = 0; /* Initialize for pre-compile phase */
6542
6543 if (!compile_regex(
6544 newoptions, /* The complete new option state */
6545 &tempcode, /* Where to put code (updated) */
6546 &ptr, /* Input pointer (updated) */
6547 errorcodeptr, /* Where to put an error message */
6548 (bravalue == OP_ASSERTBACK ||
6549 bravalue == OP_ASSERTBACK_NOT), /* TRUE if back assert */
6550 reset_bracount, /* True if (?| group */
6551 skipbytes, /* Skip over bracket number */
6552 cond_depth +
6553 ((bravalue == OP_COND)?1:0), /* Depth of condition subpatterns */
6554 &subfirstchar, /* For possible first char */
6555 &subfirstcharflags,
6556 &subreqchar, /* For possible last char */
6557 &subreqcharflags,
6558 bcptr, /* Current branch chain */
6559 cd, /* Tables block */
6560 (lengthptr == NULL)? NULL : /* Actual compile phase */
6561 &length_prevgroup /* Pre-compile phase */
6562 ))
6563 goto FAILED;
6564
6565 /* If this was an atomic group and there are no capturing groups within it,
6566 generate OP_ONCE_NC instead of OP_ONCE. */
6567
6568 if (bravalue == OP_ONCE && cd->bracount <= tempbracount)
6569 *code = OP_ONCE_NC;
6570
6571 if (bravalue >= OP_ASSERT && bravalue <= OP_ASSERTBACK_NOT)
6572 cd->assert_depth -= 1;
6573
6574 /* At the end of compiling, code is still pointing to the start of the
6575 group, while tempcode has been updated to point past the end of the group.
6576 The pattern pointer (ptr) is on the bracket.
6577
6578 If this is a conditional bracket, check that there are no more than
6579 two branches in the group, or just one if it's a DEFINE group. We do this
6580 in the real compile phase, not in the pre-pass, where the whole group may
6581 not be available. */
6582
6583 if (bravalue == OP_COND && lengthptr == NULL)
6584 {
6585 pcre_uchar *tc = code;
6586 int condcount = 0;
6587
6588 do {
6589 condcount++;
6590 tc += GET(tc,1);
6591 }
6592 while (*tc != OP_KET);
6593
6594 /* A DEFINE group is never obeyed inline (the "condition" is always
6595 false). It must have only one branch. */
6596
6597 if (code[LINK_SIZE+1] == OP_DEF)
6598 {
6599 if (condcount > 1)
6600 {
6601 *errorcodeptr = ERR54;
6602 goto FAILED;
6603 }
6604 bravalue = OP_DEF; /* Just a flag to suppress char handling below */
6605 }
6606
6607 /* A "normal" conditional group. If there is just one branch, we must not
6608 make use of its firstchar or reqchar, because this is equivalent to an
6609 empty second branch. */
6610
6611 else
6612 {
6613 if (condcount > 2)
6614 {
6615 *errorcodeptr = ERR27;
6616 goto FAILED;
6617 }
6618 if (condcount == 1) subfirstcharflags = subreqcharflags = REQ_NONE;
6619 }
6620 }
6621
6622 /* Error if hit end of pattern */
6623
6624 if (*ptr != CHAR_RIGHT_PARENTHESIS)
6625 {
6626 *errorcodeptr = ERR14;
6627 goto FAILED;
6628 }
6629
6630 /* In the pre-compile phase, update the length by the length of the group,
6631 less the brackets at either end. Then reduce the compiled code to just a
6632 set of non-capturing brackets so that it doesn't use much memory if it is
6633 duplicated by a quantifier.*/
6634
6635 if (lengthptr != NULL)
6636 {
6637 if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
6638 {
6639 *errorcodeptr = ERR20;
6640 goto FAILED;
6641