/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Contents of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 661 - (show annotations)
Sun Aug 21 09:00:54 2011 UTC (8 years, 2 months ago) by ph10
File MIME type: text/plain
File size: 243791 byte(s)
Fix bug introduced by 8.13/37 concerning POSIX class recognition
1 /*************************************************
2 * Perl-Compatible Regular Expressions *
3 *************************************************/
4
5 /* PCRE is a library of functions to support regular expressions whose syntax
6 and semantics are as close as possible to those of the Perl 5 language.
7
8 Written by Philip Hazel
9 Copyright (c) 1997-2011 University of Cambridge
10
11 -----------------------------------------------------------------------------
12 Redistribution and use in source and binary forms, with or without
13 modification, are permitted provided that the following conditions are met:
14
15 * Redistributions of source code must retain the above copyright notice,
16 this list of conditions and the following disclaimer.
17
18 * Redistributions in binary form must reproduce the above copyright
19 notice, this list of conditions and the following disclaimer in the
20 documentation and/or other materials provided with the distribution.
21
22 * Neither the name of the University of Cambridge nor the names of its
23 contributors may be used to endorse or promote products derived from
24 this software without specific prior written permission.
25
26 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
27 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
30 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
37 -----------------------------------------------------------------------------
38 */
39
40
41 /* This module contains the external function pcre_compile(), along with
42 supporting internal functions that are not used by other modules. */
43
44
45 #ifdef HAVE_CONFIG_H
46 #include "config.h"
47 #endif
48
49 #define NLBLOCK cd /* Block containing newline information */
50 #define PSSTART start_pattern /* Field containing processed string start */
51 #define PSEND end_pattern /* Field containing processed string end */
52
53 #include "pcre_internal.h"
54
55
56 /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
57 also used by pcretest. PCRE_DEBUG is not defined when building a production
58 library. */
59
60 #ifdef PCRE_DEBUG
61 #include "pcre_printint.src"
62 #endif
63
64
65 /* Macro for setting individual bits in class bitmaps. */
66
67 #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
68
69 /* Maximum length value to check against when making sure that the integer that
70 holds the compiled pattern length does not overflow. We make it a bit less than
71 INT_MAX to allow for adding in group terminating bytes, so that we don't have
72 to check them every time. */
73
74 #define OFLOW_MAX (INT_MAX - 20)
75
76
77 /*************************************************
78 * Code parameters and static tables *
79 *************************************************/
80
81 /* This value specifies the size of stack workspace that is used during the
82 first pre-compile phase that determines how much memory is required. The regex
83 is partly compiled into this space, but the compiled parts are discarded as
84 soon as they can be, so that hopefully there will never be an overrun. The code
85 does, however, check for an overrun. The largest amount I've seen used is 218,
86 so this number is very generous.
87
88 The same workspace is used during the second, actual compile phase for
89 remembering forward references to groups so that they can be filled in at the
90 end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
91 is 4 there is plenty of room. */
92
93 #define COMPILE_WORK_SIZE (4096)
94
95 /* The overrun tests check for a slightly smaller size so that they detect the
96 overrun before it actually does run off the end of the data block. */
97
98 #define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
99
100
101 /* Table for handling escaped characters in the range '0'-'z'. Positive returns
102 are simple data values; negative values are for special things like \d and so
103 on. Zero means further processing is needed (for things like \x), or the escape
104 is invalid. */
105
106 #ifndef EBCDIC
107
108 /* This is the "normal" table for ASCII systems or for EBCDIC systems running
109 in UTF-8 mode. */
110
111 static const short int escapes[] = {
112 0, 0,
113 0, 0,
114 0, 0,
115 0, 0,
116 0, 0,
117 CHAR_COLON, CHAR_SEMICOLON,
118 CHAR_LESS_THAN_SIGN, CHAR_EQUALS_SIGN,
119 CHAR_GREATER_THAN_SIGN, CHAR_QUESTION_MARK,
120 CHAR_COMMERCIAL_AT, -ESC_A,
121 -ESC_B, -ESC_C,
122 -ESC_D, -ESC_E,
123 0, -ESC_G,
124 -ESC_H, 0,
125 0, -ESC_K,
126 0, 0,
127 -ESC_N, 0,
128 -ESC_P, -ESC_Q,
129 -ESC_R, -ESC_S,
130 0, 0,
131 -ESC_V, -ESC_W,
132 -ESC_X, 0,
133 -ESC_Z, CHAR_LEFT_SQUARE_BRACKET,
134 CHAR_BACKSLASH, CHAR_RIGHT_SQUARE_BRACKET,
135 CHAR_CIRCUMFLEX_ACCENT, CHAR_UNDERSCORE,
136 CHAR_GRAVE_ACCENT, 7,
137 -ESC_b, 0,
138 -ESC_d, ESC_e,
139 ESC_f, 0,
140 -ESC_h, 0,
141 0, -ESC_k,
142 0, 0,
143 ESC_n, 0,
144 -ESC_p, 0,
145 ESC_r, -ESC_s,
146 ESC_tee, 0,
147 -ESC_v, -ESC_w,
148 0, 0,
149 -ESC_z
150 };
151
152 #else
153
154 /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
155
156 static const short int escapes[] = {
157 /* 48 */ 0, 0, 0, '.', '<', '(', '+', '|',
158 /* 50 */ '&', 0, 0, 0, 0, 0, 0, 0,
159 /* 58 */ 0, 0, '!', '$', '*', ')', ';', '~',
160 /* 60 */ '-', '/', 0, 0, 0, 0, 0, 0,
161 /* 68 */ 0, 0, '|', ',', '%', '_', '>', '?',
162 /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0,
163 /* 78 */ 0, '`', ':', '#', '@', '\'', '=', '"',
164 /* 80 */ 0, 7, -ESC_b, 0, -ESC_d, ESC_e, ESC_f, 0,
165 /* 88 */-ESC_h, 0, 0, '{', 0, 0, 0, 0,
166 /* 90 */ 0, 0, -ESC_k, 'l', 0, ESC_n, 0, -ESC_p,
167 /* 98 */ 0, ESC_r, 0, '}', 0, 0, 0, 0,
168 /* A0 */ 0, '~', -ESC_s, ESC_tee, 0,-ESC_v, -ESC_w, 0,
169 /* A8 */ 0,-ESC_z, 0, 0, 0, '[', 0, 0,
170 /* B0 */ 0, 0, 0, 0, 0, 0, 0, 0,
171 /* B8 */ 0, 0, 0, 0, 0, ']', '=', '-',
172 /* C0 */ '{',-ESC_A, -ESC_B, -ESC_C, -ESC_D,-ESC_E, 0, -ESC_G,
173 /* C8 */-ESC_H, 0, 0, 0, 0, 0, 0, 0,
174 /* D0 */ '}', 0, -ESC_K, 0, 0,-ESC_N, 0, -ESC_P,
175 /* D8 */-ESC_Q,-ESC_R, 0, 0, 0, 0, 0, 0,
176 /* E0 */ '\\', 0, -ESC_S, 0, 0,-ESC_V, -ESC_W, -ESC_X,
177 /* E8 */ 0,-ESC_Z, 0, 0, 0, 0, 0, 0,
178 /* F0 */ 0, 0, 0, 0, 0, 0, 0, 0,
179 /* F8 */ 0, 0, 0, 0, 0, 0, 0, 0
180 };
181 #endif
182
183
184 /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
185 searched linearly. Put all the names into a single string, in order to reduce
186 the number of relocations when a shared library is dynamically linked. The
187 string is built from string macros so that it works in UTF-8 mode on EBCDIC
188 platforms. */
189
190 typedef struct verbitem {
191 int len; /* Length of verb name */
192 int op; /* Op when no arg, or -1 if arg mandatory */
193 int op_arg; /* Op when arg present, or -1 if not allowed */
194 } verbitem;
195
196 static const char verbnames[] =
197 "\0" /* Empty name is a shorthand for MARK */
198 STRING_MARK0
199 STRING_ACCEPT0
200 STRING_COMMIT0
201 STRING_F0
202 STRING_FAIL0
203 STRING_PRUNE0
204 STRING_SKIP0
205 STRING_THEN;
206
207 static const verbitem verbs[] = {
208 { 0, -1, OP_MARK },
209 { 4, -1, OP_MARK },
210 { 6, OP_ACCEPT, -1 },
211 { 6, OP_COMMIT, -1 },
212 { 1, OP_FAIL, -1 },
213 { 4, OP_FAIL, -1 },
214 { 5, OP_PRUNE, OP_PRUNE_ARG },
215 { 4, OP_SKIP, OP_SKIP_ARG },
216 { 4, OP_THEN, OP_THEN_ARG }
217 };
218
219 static const int verbcount = sizeof(verbs)/sizeof(verbitem);
220
221
222 /* Tables of names of POSIX character classes and their lengths. The names are
223 now all in a single string, to reduce the number of relocations when a shared
224 library is dynamically loaded. The list of lengths is terminated by a zero
225 length entry. The first three must be alpha, lower, upper, as this is assumed
226 for handling case independence. */
227
228 static const char posix_names[] =
229 STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
230 STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
231 STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
232 STRING_word0 STRING_xdigit;
233
234 static const uschar posix_name_lengths[] = {
235 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
236
237 /* Table of class bit maps for each POSIX class. Each class is formed from a
238 base map, with an optional addition or removal of another map. Then, for some
239 classes, there is some additional tweaking: for [:blank:] the vertical space
240 characters are removed, and for [:alpha:] and [:alnum:] the underscore
241 character is removed. The triples in the table consist of the base map offset,
242 second map offset or -1 if no second map, and a non-negative value for map
243 addition or a negative value for map subtraction (if there are two maps). The
244 absolute value of the third field has these meanings: 0 => no tweaking, 1 =>
245 remove vertical space characters, 2 => remove underscore. */
246
247 static const int posix_class_maps[] = {
248 cbit_word, cbit_digit, -2, /* alpha */
249 cbit_lower, -1, 0, /* lower */
250 cbit_upper, -1, 0, /* upper */
251 cbit_word, -1, 2, /* alnum - word without underscore */
252 cbit_print, cbit_cntrl, 0, /* ascii */
253 cbit_space, -1, 1, /* blank - a GNU extension */
254 cbit_cntrl, -1, 0, /* cntrl */
255 cbit_digit, -1, 0, /* digit */
256 cbit_graph, -1, 0, /* graph */
257 cbit_print, -1, 0, /* print */
258 cbit_punct, -1, 0, /* punct */
259 cbit_space, -1, 0, /* space */
260 cbit_word, -1, 0, /* word - a Perl extension */
261 cbit_xdigit,-1, 0 /* xdigit */
262 };
263
264 /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
265 substitutes must be in the order of the names, defined above, and there are
266 both positive and negative cases. NULL means no substitute. */
267
268 #ifdef SUPPORT_UCP
269 static const uschar *substitutes[] = {
270 (uschar *)"\\P{Nd}", /* \D */
271 (uschar *)"\\p{Nd}", /* \d */
272 (uschar *)"\\P{Xsp}", /* \S */ /* NOTE: Xsp is Perl space */
273 (uschar *)"\\p{Xsp}", /* \s */
274 (uschar *)"\\P{Xwd}", /* \W */
275 (uschar *)"\\p{Xwd}" /* \w */
276 };
277
278 static const uschar *posix_substitutes[] = {
279 (uschar *)"\\p{L}", /* alpha */
280 (uschar *)"\\p{Ll}", /* lower */
281 (uschar *)"\\p{Lu}", /* upper */
282 (uschar *)"\\p{Xan}", /* alnum */
283 NULL, /* ascii */
284 (uschar *)"\\h", /* blank */
285 NULL, /* cntrl */
286 (uschar *)"\\p{Nd}", /* digit */
287 NULL, /* graph */
288 NULL, /* print */
289 NULL, /* punct */
290 (uschar *)"\\p{Xps}", /* space */ /* NOTE: Xps is POSIX space */
291 (uschar *)"\\p{Xwd}", /* word */
292 NULL, /* xdigit */
293 /* Negated cases */
294 (uschar *)"\\P{L}", /* ^alpha */
295 (uschar *)"\\P{Ll}", /* ^lower */
296 (uschar *)"\\P{Lu}", /* ^upper */
297 (uschar *)"\\P{Xan}", /* ^alnum */
298 NULL, /* ^ascii */
299 (uschar *)"\\H", /* ^blank */
300 NULL, /* ^cntrl */
301 (uschar *)"\\P{Nd}", /* ^digit */
302 NULL, /* ^graph */
303 NULL, /* ^print */
304 NULL, /* ^punct */
305 (uschar *)"\\P{Xps}", /* ^space */ /* NOTE: Xps is POSIX space */
306 (uschar *)"\\P{Xwd}", /* ^word */
307 NULL /* ^xdigit */
308 };
309 #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
310 #endif
311
312 #define STRING(a) # a
313 #define XSTRING(s) STRING(s)
314
315 /* The texts of compile-time error messages. These are "char *" because they
316 are passed to the outside world. Do not ever re-use any error number, because
317 they are documented. Always add a new error instead. Messages marked DEAD below
318 are no longer used. This used to be a table of strings, but in order to reduce
319 the number of relocations needed when a shared library is loaded dynamically,
320 it is now one long string. We cannot use a table of offsets, because the
321 lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
322 simply count through to the one we want - this isn't a performance issue
323 because these strings are used only when there is a compilation error.
324
325 Each substring ends with \0 to insert a null character. This includes the final
326 substring, so that the whole string ends with \0\0, which can be detected when
327 counting through. */
328
329 static const char error_texts[] =
330 "no error\0"
331 "\\ at end of pattern\0"
332 "\\c at end of pattern\0"
333 "unrecognized character follows \\\0"
334 "numbers out of order in {} quantifier\0"
335 /* 5 */
336 "number too big in {} quantifier\0"
337 "missing terminating ] for character class\0"
338 "invalid escape sequence in character class\0"
339 "range out of order in character class\0"
340 "nothing to repeat\0"
341 /* 10 */
342 "operand of unlimited repeat could match the empty string\0" /** DEAD **/
343 "internal error: unexpected repeat\0"
344 "unrecognized character after (? or (?-\0"
345 "POSIX named classes are supported only within a class\0"
346 "missing )\0"
347 /* 15 */
348 "reference to non-existent subpattern\0"
349 "erroffset passed as NULL\0"
350 "unknown option bit(s) set\0"
351 "missing ) after comment\0"
352 "parentheses nested too deeply\0" /** DEAD **/
353 /* 20 */
354 "regular expression is too large\0"
355 "failed to get memory\0"
356 "unmatched parentheses\0"
357 "internal error: code overflow\0"
358 "unrecognized character after (?<\0"
359 /* 25 */
360 "lookbehind assertion is not fixed length\0"
361 "malformed number or name after (?(\0"
362 "conditional group contains more than two branches\0"
363 "assertion expected after (?(\0"
364 "(?R or (?[+-]digits must be followed by )\0"
365 /* 30 */
366 "unknown POSIX class name\0"
367 "POSIX collating elements are not supported\0"
368 "this version of PCRE is not compiled with PCRE_UTF8 support\0"
369 "spare error\0" /** DEAD **/
370 "character value in \\x{...} sequence is too large\0"
371 /* 35 */
372 "invalid condition (?(0)\0"
373 "\\C not allowed in lookbehind assertion\0"
374 "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
375 "number after (?C is > 255\0"
376 "closing ) for (?C expected\0"
377 /* 40 */
378 "recursive call could loop indefinitely\0"
379 "unrecognized character after (?P\0"
380 "syntax error in subpattern name (missing terminator)\0"
381 "two named subpatterns have the same name\0"
382 "invalid UTF-8 string\0"
383 /* 45 */
384 "support for \\P, \\p, and \\X has not been compiled\0"
385 "malformed \\P or \\p sequence\0"
386 "unknown property name after \\P or \\p\0"
387 "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
388 "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
389 /* 50 */
390 "repeated subpattern is too long\0" /** DEAD **/
391 "octal value is greater than \\377 (not in UTF-8 mode)\0"
392 "internal error: overran compiling workspace\0"
393 "internal error: previously-checked referenced subpattern not found\0"
394 "DEFINE group contains more than one branch\0"
395 /* 55 */
396 "repeating a DEFINE group is not allowed\0" /** DEAD **/
397 "inconsistent NEWLINE options\0"
398 "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
399 "a numbered reference must not be zero\0"
400 "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
401 /* 60 */
402 "(*VERB) not recognized\0"
403 "number is too big\0"
404 "subpattern name expected\0"
405 "digit expected after (?+\0"
406 "] is an invalid data character in JavaScript compatibility mode\0"
407 /* 65 */
408 "different names for subpatterns of the same number are not allowed\0"
409 "(*MARK) must have an argument\0"
410 "this version of PCRE is not compiled with PCRE_UCP support\0"
411 "\\c must be followed by an ASCII character\0"
412 "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
413 ;
414
415 /* Table to identify digits and hex digits. This is used when compiling
416 patterns. Note that the tables in chartables are dependent on the locale, and
417 may mark arbitrary characters as digits - but the PCRE compiling code expects
418 to handle only 0-9, a-z, and A-Z as digits when compiling. That is why we have
419 a private table here. It costs 256 bytes, but it is a lot faster than doing
420 character value tests (at least in some simple cases I timed), and in some
421 applications one wants PCRE to compile efficiently as well as match
422 efficiently.
423
424 For convenience, we use the same bit definitions as in chartables:
425
426 0x04 decimal digit
427 0x08 hexadecimal digit
428
429 Then we can use ctype_digit and ctype_xdigit in the code. */
430
431 #ifndef EBCDIC
432
433 /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
434 UTF-8 mode. */
435
436 static const unsigned char digitab[] =
437 {
438 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 */
439 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
440 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 */
441 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
442 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - ' */
443 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ( - / */
444 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 */
445 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00, /* 8 - ? */
446 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* @ - G */
447 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H - O */
448 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* P - W */
449 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* X - _ */
450 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* ` - g */
451 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h - o */
452 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p - w */
453 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x -127 */
454 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 128-135 */
455 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 136-143 */
456 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144-151 */
457 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 152-159 */
458 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160-167 */
459 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 168-175 */
460 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 176-183 */
461 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
462 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 192-199 */
463 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 200-207 */
464 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 208-215 */
465 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 216-223 */
466 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 224-231 */
467 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 232-239 */
468 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
469 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
470
471 #else
472
473 /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
474
475 static const unsigned char digitab[] =
476 {
477 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 0 */
478 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
479 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 10 */
480 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
481 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 32- 39 20 */
482 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
483 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 30 */
484 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
485 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 40 */
486 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 72- | */
487 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 50 */
488 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 88- 95 */
489 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 60 */
490 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ? */
491 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
492 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
493 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* 128- g 80 */
494 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
495 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144- p 90 */
496 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
497 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160- x A0 */
498 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
499 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 B0 */
500 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
501 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* { - G C0 */
502 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
503 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* } - P D0 */
504 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
505 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* \ - X E0 */
506 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
507 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 F0 */
508 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
509
510 static const unsigned char ebcdic_chartab[] = { /* chartable partial dup */
511 0x80,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 0- 7 */
512 0x00,0x00,0x00,0x00,0x01,0x01,0x00,0x00, /* 8- 15 */
513 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 16- 23 */
514 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
515 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 32- 39 */
516 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
517 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 */
518 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
519 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 */
520 0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /* 72- | */
521 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 */
522 0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /* 88- 95 */
523 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 */
524 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ? */
525 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
526 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
527 0x00,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* 128- g */
528 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
529 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* 144- p */
530 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
531 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* 160- x */
532 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
533 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 */
534 0x00,0x00,0x80,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
535 0x80,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* { - G */
536 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
537 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* } - P */
538 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
539 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* \ - X */
540 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
541 0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c, /* 0 - 7 */
542 0x1c,0x1c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
543 #endif
544
545
546 /* Definition to allow mutual recursion */
547
548 static BOOL
549 compile_regex(int, uschar **, const uschar **, int *, BOOL, BOOL, int, int,
550 int *, int *, branch_chain *, compile_data *, int *);
551
552
553
554 /*************************************************
555 * Find an error text *
556 *************************************************/
557
558 /* The error texts are now all in one long string, to save on relocations. As
559 some of the text is of unknown length, we can't use a table of offsets.
560 Instead, just count through the strings. This is not a performance issue
561 because it happens only when there has been a compilation error.
562
563 Argument: the error number
564 Returns: pointer to the error string
565 */
566
567 static const char *
568 find_error_text(int n)
569 {
570 const char *s = error_texts;
571 for (; n > 0; n--)
572 {
573 while (*s++ != 0) {};
574 if (*s == 0) return "Error text not found (please report)";
575 }
576 return s;
577 }
578
579
580 /*************************************************
581 * Check for counted repeat *
582 *************************************************/
583
584 /* This function is called when a '{' is encountered in a place where it might
585 start a quantifier. It looks ahead to see if it really is a quantifier or not.
586 It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
587 where the ddds are digits.
588
589 Arguments:
590 p pointer to the first char after '{'
591
592 Returns: TRUE or FALSE
593 */
594
595 static BOOL
596 is_counted_repeat(const uschar *p)
597 {
598 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
599 while ((digitab[*p] & ctype_digit) != 0) p++;
600 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
601
602 if (*p++ != CHAR_COMMA) return FALSE;
603 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
604
605 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
606 while ((digitab[*p] & ctype_digit) != 0) p++;
607
608 return (*p == CHAR_RIGHT_CURLY_BRACKET);
609 }
610
611
612
613 /*************************************************
614 * Handle escapes *
615 *************************************************/
616
617 /* This function is called when a \ has been encountered. It either returns a
618 positive value for a simple escape such as \n, or a negative value which
619 encodes one of the more complicated things such as \d. A backreference to group
620 n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
621 UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
622 ptr is pointing at the \. On exit, it is on the final character of the escape
623 sequence.
624
625 Arguments:
626 ptrptr points to the pattern position pointer
627 errorcodeptr points to the errorcode variable
628 bracount number of previous extracting brackets
629 options the options bits
630 isclass TRUE if inside a character class
631
632 Returns: zero or positive => a data character
633 negative => a special escape sequence
634 on error, errorcodeptr is set
635 */
636
637 static int
638 check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,
639 int options, BOOL isclass)
640 {
641 BOOL utf8 = (options & PCRE_UTF8) != 0;
642 const uschar *ptr = *ptrptr + 1;
643 int c, i;
644
645 GETCHARINCTEST(c, ptr); /* Get character value, increment pointer */
646 ptr--; /* Set pointer back to the last byte */
647
648 /* If backslash is at the end of the pattern, it's an error. */
649
650 if (c == 0) *errorcodeptr = ERR1;
651
652 /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
653 in a table. A non-zero result is something that can be returned immediately.
654 Otherwise further processing may be required. */
655
656 #ifndef EBCDIC /* ASCII/UTF-8 coding */
657 else if (c < CHAR_0 || c > CHAR_z) {} /* Not alphanumeric */
658 else if ((i = escapes[c - CHAR_0]) != 0) c = i;
659
660 #else /* EBCDIC coding */
661 else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {} /* Not alphanumeric */
662 else if ((i = escapes[c - 0x48]) != 0) c = i;
663 #endif
664
665 /* Escapes that need further processing, or are illegal. */
666
667 else
668 {
669 const uschar *oldptr;
670 BOOL braced, negated;
671
672 switch (c)
673 {
674 /* A number of Perl escapes are not handled by PCRE. We give an explicit
675 error. */
676
677 case CHAR_l:
678 case CHAR_L:
679 case CHAR_u:
680 case CHAR_U:
681 *errorcodeptr = ERR37;
682 break;
683
684 /* In a character class, \g is just a literal "g". Outside a character
685 class, \g must be followed by one of a number of specific things:
686
687 (1) A number, either plain or braced. If positive, it is an absolute
688 backreference. If negative, it is a relative backreference. This is a Perl
689 5.10 feature.
690
691 (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
692 is part of Perl's movement towards a unified syntax for back references. As
693 this is synonymous with \k{name}, we fudge it up by pretending it really
694 was \k.
695
696 (3) For Oniguruma compatibility we also support \g followed by a name or a
697 number either in angle brackets or in single quotes. However, these are
698 (possibly recursive) subroutine calls, _not_ backreferences. Just return
699 the -ESC_g code (cf \k). */
700
701 case CHAR_g:
702 if (isclass) break;
703 if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
704 {
705 c = -ESC_g;
706 break;
707 }
708
709 /* Handle the Perl-compatible cases */
710
711 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
712 {
713 const uschar *p;
714 for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
715 if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
716 if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
717 {
718 c = -ESC_k;
719 break;
720 }
721 braced = TRUE;
722 ptr++;
723 }
724 else braced = FALSE;
725
726 if (ptr[1] == CHAR_MINUS)
727 {
728 negated = TRUE;
729 ptr++;
730 }
731 else negated = FALSE;
732
733 c = 0;
734 while ((digitab[ptr[1]] & ctype_digit) != 0)
735 c = c * 10 + *(++ptr) - CHAR_0;
736
737 if (c < 0) /* Integer overflow */
738 {
739 *errorcodeptr = ERR61;
740 break;
741 }
742
743 if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
744 {
745 *errorcodeptr = ERR57;
746 break;
747 }
748
749 if (c == 0)
750 {
751 *errorcodeptr = ERR58;
752 break;
753 }
754
755 if (negated)
756 {
757 if (c > bracount)
758 {
759 *errorcodeptr = ERR15;
760 break;
761 }
762 c = bracount - (c - 1);
763 }
764
765 c = -(ESC_REF + c);
766 break;
767
768 /* The handling of escape sequences consisting of a string of digits
769 starting with one that is not zero is not straightforward. By experiment,
770 the way Perl works seems to be as follows:
771
772 Outside a character class, the digits are read as a decimal number. If the
773 number is less than 10, or if there are that many previous extracting
774 left brackets, then it is a back reference. Otherwise, up to three octal
775 digits are read to form an escaped byte. Thus \123 is likely to be octal
776 123 (cf \0123, which is octal 012 followed by the literal 3). If the octal
777 value is greater than 377, the least significant 8 bits are taken. Inside a
778 character class, \ followed by a digit is always an octal number. */
779
780 case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
781 case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
782
783 if (!isclass)
784 {
785 oldptr = ptr;
786 c -= CHAR_0;
787 while ((digitab[ptr[1]] & ctype_digit) != 0)
788 c = c * 10 + *(++ptr) - CHAR_0;
789 if (c < 0) /* Integer overflow */
790 {
791 *errorcodeptr = ERR61;
792 break;
793 }
794 if (c < 10 || c <= bracount)
795 {
796 c = -(ESC_REF + c);
797 break;
798 }
799 ptr = oldptr; /* Put the pointer back and fall through */
800 }
801
802 /* Handle an octal number following \. If the first digit is 8 or 9, Perl
803 generates a binary zero byte and treats the digit as a following literal.
804 Thus we have to pull back the pointer by one. */
805
806 if ((c = *ptr) >= CHAR_8)
807 {
808 ptr--;
809 c = 0;
810 break;
811 }
812
813 /* \0 always starts an octal number, but we may drop through to here with a
814 larger first octal digit. The original code used just to take the least
815 significant 8 bits of octal numbers (I think this is what early Perls used
816 to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
817 than 3 octal digits. */
818
819 case CHAR_0:
820 c -= CHAR_0;
821 while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
822 c = c * 8 + *(++ptr) - CHAR_0;
823 if (!utf8 && c > 255) *errorcodeptr = ERR51;
824 break;
825
826 /* \x is complicated. \x{ddd} is a character number which can be greater
827 than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
828 treated as a data character. */
829
830 case CHAR_x:
831 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
832 {
833 const uschar *pt = ptr + 2;
834 int count = 0;
835
836 c = 0;
837 while ((digitab[*pt] & ctype_xdigit) != 0)
838 {
839 register int cc = *pt++;
840 if (c == 0 && cc == CHAR_0) continue; /* Leading zeroes */
841 count++;
842
843 #ifndef EBCDIC /* ASCII/UTF-8 coding */
844 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
845 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
846 #else /* EBCDIC coding */
847 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
848 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
849 #endif
850 }
851
852 if (*pt == CHAR_RIGHT_CURLY_BRACKET)
853 {
854 if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
855 ptr = pt;
856 break;
857 }
858
859 /* If the sequence of hex digits does not end with '}', then we don't
860 recognize this construct; fall through to the normal \x handling. */
861 }
862
863 /* Read just a single-byte hex-defined char */
864
865 c = 0;
866 while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
867 {
868 int cc; /* Some compilers don't like */
869 cc = *(++ptr); /* ++ in initializers */
870 #ifndef EBCDIC /* ASCII/UTF-8 coding */
871 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
872 c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
873 #else /* EBCDIC coding */
874 if (cc <= CHAR_z) cc += 64; /* Convert to upper case */
875 c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
876 #endif
877 }
878 break;
879
880 /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
881 An error is given if the byte following \c is not an ASCII character. This
882 coding is ASCII-specific, but then the whole concept of \cx is
883 ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
884
885 case CHAR_c:
886 c = *(++ptr);
887 if (c == 0)
888 {
889 *errorcodeptr = ERR2;
890 break;
891 }
892 #ifndef EBCDIC /* ASCII/UTF-8 coding */
893 if (c > 127) /* Excludes all non-ASCII in either mode */
894 {
895 *errorcodeptr = ERR68;
896 break;
897 }
898 if (c >= CHAR_a && c <= CHAR_z) c -= 32;
899 c ^= 0x40;
900 #else /* EBCDIC coding */
901 if (c >= CHAR_a && c <= CHAR_z) c += 64;
902 c ^= 0xC0;
903 #endif
904 break;
905
906 /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
907 other alphanumeric following \ is an error if PCRE_EXTRA was set;
908 otherwise, for Perl compatibility, it is a literal. This code looks a bit
909 odd, but there used to be some cases other than the default, and there may
910 be again in future, so I haven't "optimized" it. */
911
912 default:
913 if ((options & PCRE_EXTRA) != 0) switch(c)
914 {
915 default:
916 *errorcodeptr = ERR3;
917 break;
918 }
919 break;
920 }
921 }
922
923 /* Perl supports \N{name} for character names, as well as plain \N for "not
924 newline". PCRE does not support \N{name}. However, it does support
925 quantification such as \N{2,3}. */
926
927 if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
928 !is_counted_repeat(ptr+2))
929 *errorcodeptr = ERR37;
930
931 /* If PCRE_UCP is set, we change the values for \d etc. */
932
933 if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
934 c -= (ESC_DU - ESC_D);
935
936 /* Set the pointer to the final character before returning. */
937
938 *ptrptr = ptr;
939 return c;
940 }
941
942
943
944 #ifdef SUPPORT_UCP
945 /*************************************************
946 * Handle \P and \p *
947 *************************************************/
948
949 /* This function is called after \P or \p has been encountered, provided that
950 PCRE is compiled with support for Unicode properties. On entry, ptrptr is
951 pointing at the P or p. On exit, it is pointing at the final character of the
952 escape sequence.
953
954 Argument:
955 ptrptr points to the pattern position pointer
956 negptr points to a boolean that is set TRUE for negation else FALSE
957 dptr points to an int that is set to the detailed property value
958 errorcodeptr points to the error code variable
959
960 Returns: type value from ucp_type_table, or -1 for an invalid type
961 */
962
963 static int
964 get_ucp(const uschar **ptrptr, BOOL *negptr, int *dptr, int *errorcodeptr)
965 {
966 int c, i, bot, top;
967 const uschar *ptr = *ptrptr;
968 char name[32];
969
970 c = *(++ptr);
971 if (c == 0) goto ERROR_RETURN;
972
973 *negptr = FALSE;
974
975 /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
976 negation. */
977
978 if (c == CHAR_LEFT_CURLY_BRACKET)
979 {
980 if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
981 {
982 *negptr = TRUE;
983 ptr++;
984 }
985 for (i = 0; i < (int)sizeof(name) - 1; i++)
986 {
987 c = *(++ptr);
988 if (c == 0) goto ERROR_RETURN;
989 if (c == CHAR_RIGHT_CURLY_BRACKET) break;
990 name[i] = c;
991 }
992 if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
993 name[i] = 0;
994 }
995
996 /* Otherwise there is just one following character */
997
998 else
999 {
1000 name[0] = c;
1001 name[1] = 0;
1002 }
1003
1004 *ptrptr = ptr;
1005
1006 /* Search for a recognized property name using binary chop */
1007
1008 bot = 0;
1009 top = _pcre_utt_size;
1010
1011 while (bot < top)
1012 {
1013 i = (bot + top) >> 1;
1014 c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
1015 if (c == 0)
1016 {
1017 *dptr = _pcre_utt[i].value;
1018 return _pcre_utt[i].type;
1019 }
1020 if (c > 0) bot = i + 1; else top = i;
1021 }
1022
1023 *errorcodeptr = ERR47;
1024 *ptrptr = ptr;
1025 return -1;
1026
1027 ERROR_RETURN:
1028 *errorcodeptr = ERR46;
1029 *ptrptr = ptr;
1030 return -1;
1031 }
1032 #endif
1033
1034
1035
1036
1037 /*************************************************
1038 * Read repeat counts *
1039 *************************************************/
1040
1041 /* Read an item of the form {n,m} and return the values. This is called only
1042 after is_counted_repeat() has confirmed that a repeat-count quantifier exists,
1043 so the syntax is guaranteed to be correct, but we need to check the values.
1044
1045 Arguments:
1046 p pointer to first char after '{'
1047 minp pointer to int for min
1048 maxp pointer to int for max
1049 returned as -1 if no max
1050 errorcodeptr points to error code variable
1051
1052 Returns: pointer to '}' on success;
1053 current ptr on error, with errorcodeptr set non-zero
1054 */
1055
1056 static const uschar *
1057 read_repeat_counts(const uschar *p, int *minp, int *maxp, int *errorcodeptr)
1058 {
1059 int min = 0;
1060 int max = -1;
1061
1062 /* Read the minimum value and do a paranoid check: a negative value indicates
1063 an integer overflow. */
1064
1065 while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
1066 if (min < 0 || min > 65535)
1067 {
1068 *errorcodeptr = ERR5;
1069 return p;
1070 }
1071
1072 /* Read the maximum value if there is one, and again do a paranoid on its size.
1073 Also, max must not be less than min. */
1074
1075 if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
1076 {
1077 if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
1078 {
1079 max = 0;
1080 while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
1081 if (max < 0 || max > 65535)
1082 {
1083 *errorcodeptr = ERR5;
1084 return p;
1085 }
1086 if (max < min)
1087 {
1088 *errorcodeptr = ERR4;
1089 return p;
1090 }
1091 }
1092 }
1093
1094 /* Fill in the required variables, and pass back the pointer to the terminating
1095 '}'. */
1096
1097 *minp = min;
1098 *maxp = max;
1099 return p;
1100 }
1101
1102
1103
1104 /*************************************************
1105 * Subroutine for finding forward reference *
1106 *************************************************/
1107
1108 /* This recursive function is called only from find_parens() below. The
1109 top-level call starts at the beginning of the pattern. All other calls must
1110 start at a parenthesis. It scans along a pattern's text looking for capturing
1111 subpatterns, and counting them. If it finds a named pattern that matches the
1112 name it is given, it returns its number. Alternatively, if the name is NULL, it
1113 returns when it reaches a given numbered subpattern. Recursion is used to keep
1114 track of subpatterns that reset the capturing group numbers - the (?| feature.
1115
1116 This function was originally called only from the second pass, in which we know
1117 that if (?< or (?' or (?P< is encountered, the name will be correctly
1118 terminated because that is checked in the first pass. There is now one call to
1119 this function in the first pass, to check for a recursive back reference by
1120 name (so that we can make the whole group atomic). In this case, we need check
1121 only up to the current position in the pattern, and that is still OK because
1122 and previous occurrences will have been checked. To make this work, the test
1123 for "end of pattern" is a check against cd->end_pattern in the main loop,
1124 instead of looking for a binary zero. This means that the special first-pass
1125 call can adjust cd->end_pattern temporarily. (Checks for binary zero while
1126 processing items within the loop are OK, because afterwards the main loop will
1127 terminate.)
1128
1129 Arguments:
1130 ptrptr address of the current character pointer (updated)
1131 cd compile background data
1132 name name to seek, or NULL if seeking a numbered subpattern
1133 lorn name length, or subpattern number if name is NULL
1134 xmode TRUE if we are in /x mode
1135 utf8 TRUE if we are in UTF-8 mode
1136 count pointer to the current capturing subpattern number (updated)
1137
1138 Returns: the number of the named subpattern, or -1 if not found
1139 */
1140
1141 static int
1142 find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
1143 BOOL xmode, BOOL utf8, int *count)
1144 {
1145 uschar *ptr = *ptrptr;
1146 int start_count = *count;
1147 int hwm_count = start_count;
1148 BOOL dup_parens = FALSE;
1149
1150 /* If the first character is a parenthesis, check on the type of group we are
1151 dealing with. The very first call may not start with a parenthesis. */
1152
1153 if (ptr[0] == CHAR_LEFT_PARENTHESIS)
1154 {
1155 /* Handle specials such as (*SKIP) or (*UTF8) etc. */
1156
1157 if (ptr[1] == CHAR_ASTERISK) ptr += 2;
1158
1159 /* Handle a normal, unnamed capturing parenthesis. */
1160
1161 else if (ptr[1] != CHAR_QUESTION_MARK)
1162 {
1163 *count += 1;
1164 if (name == NULL && *count == lorn) return *count;
1165 ptr++;
1166 }
1167
1168 /* All cases now have (? at the start. Remember when we are in a group
1169 where the parenthesis numbers are duplicated. */
1170
1171 else if (ptr[2] == CHAR_VERTICAL_LINE)
1172 {
1173 ptr += 3;
1174 dup_parens = TRUE;
1175 }
1176
1177 /* Handle comments; all characters are allowed until a ket is reached. */
1178
1179 else if (ptr[2] == CHAR_NUMBER_SIGN)
1180 {
1181 for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
1182 goto FAIL_EXIT;
1183 }
1184
1185 /* Handle a condition. If it is an assertion, just carry on so that it
1186 is processed as normal. If not, skip to the closing parenthesis of the
1187 condition (there can't be any nested parens). */
1188
1189 else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
1190 {
1191 ptr += 2;
1192 if (ptr[1] != CHAR_QUESTION_MARK)
1193 {
1194 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
1195 if (*ptr != 0) ptr++;
1196 }
1197 }
1198
1199 /* Start with (? but not a condition. */
1200
1201 else
1202 {
1203 ptr += 2;
1204 if (*ptr == CHAR_P) ptr++; /* Allow optional P */
1205
1206 /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
1207
1208 if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
1209 ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
1210 {
1211 int term;
1212 const uschar *thisname;
1213 *count += 1;
1214 if (name == NULL && *count == lorn) return *count;
1215 term = *ptr++;
1216 if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
1217 thisname = ptr;
1218 while (*ptr != term) ptr++;
1219 if (name != NULL && lorn == ptr - thisname &&
1220 strncmp((const char *)name, (const char *)thisname, lorn) == 0)
1221 return *count;
1222 term++;
1223 }
1224 }
1225 }
1226
1227 /* Past any initial parenthesis handling, scan for parentheses or vertical
1228 bars. Stop if we get to cd->end_pattern. Note that this is important for the
1229 first-pass call when this value is temporarily adjusted to stop at the current
1230 position. So DO NOT change this to a test for binary zero. */
1231
1232 for (; ptr < cd->end_pattern; ptr++)
1233 {
1234 /* Skip over backslashed characters and also entire \Q...\E */
1235
1236 if (*ptr == CHAR_BACKSLASH)
1237 {
1238 if (*(++ptr) == 0) goto FAIL_EXIT;
1239 if (*ptr == CHAR_Q) for (;;)
1240 {
1241 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1242 if (*ptr == 0) goto FAIL_EXIT;
1243 if (*(++ptr) == CHAR_E) break;
1244 }
1245 continue;
1246 }
1247
1248 /* Skip over character classes; this logic must be similar to the way they
1249 are handled for real. If the first character is '^', skip it. Also, if the
1250 first few characters (either before or after ^) are \Q\E or \E we skip them
1251 too. This makes for compatibility with Perl. Note the use of STR macros to
1252 encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
1253
1254 if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
1255 {
1256 BOOL negate_class = FALSE;
1257 for (;;)
1258 {
1259 if (ptr[1] == CHAR_BACKSLASH)
1260 {
1261 if (ptr[2] == CHAR_E)
1262 ptr+= 2;
1263 else if (strncmp((const char *)ptr+2,
1264 STR_Q STR_BACKSLASH STR_E, 3) == 0)
1265 ptr += 4;
1266 else
1267 break;
1268 }
1269 else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1270 {
1271 negate_class = TRUE;
1272 ptr++;
1273 }
1274 else break;
1275 }
1276
1277 /* If the next character is ']', it is a data character that must be
1278 skipped, except in JavaScript compatibility mode. */
1279
1280 if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
1281 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
1282 ptr++;
1283
1284 while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
1285 {
1286 if (*ptr == 0) return -1;
1287 if (*ptr == CHAR_BACKSLASH)
1288 {
1289 if (*(++ptr) == 0) goto FAIL_EXIT;
1290 if (*ptr == CHAR_Q) for (;;)
1291 {
1292 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1293 if (*ptr == 0) goto FAIL_EXIT;
1294 if (*(++ptr) == CHAR_E) break;
1295 }
1296 continue;
1297 }
1298 }
1299 continue;
1300 }
1301
1302 /* Skip comments in /x mode */
1303
1304 if (xmode && *ptr == CHAR_NUMBER_SIGN)
1305 {
1306 ptr++;
1307 while (*ptr != 0)
1308 {
1309 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
1310 ptr++;
1311 #ifdef SUPPORT_UTF8
1312 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
1313 #endif
1314 }
1315 if (*ptr == 0) goto FAIL_EXIT;
1316 continue;
1317 }
1318
1319 /* Check for the special metacharacters */
1320
1321 if (*ptr == CHAR_LEFT_PARENTHESIS)
1322 {
1323 int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
1324 if (rc > 0) return rc;
1325 if (*ptr == 0) goto FAIL_EXIT;
1326 }
1327
1328 else if (*ptr == CHAR_RIGHT_PARENTHESIS)
1329 {
1330 if (dup_parens && *count < hwm_count) *count = hwm_count;
1331 goto FAIL_EXIT;
1332 }
1333
1334 else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
1335 {
1336 if (*count > hwm_count) hwm_count = *count;
1337 *count = start_count;
1338 }
1339 }
1340
1341 FAIL_EXIT:
1342 *ptrptr = ptr;
1343 return -1;
1344 }
1345
1346
1347
1348
1349 /*************************************************
1350 * Find forward referenced subpattern *
1351 *************************************************/
1352
1353 /* This function scans along a pattern's text looking for capturing
1354 subpatterns, and counting them. If it finds a named pattern that matches the
1355 name it is given, it returns its number. Alternatively, if the name is NULL, it
1356 returns when it reaches a given numbered subpattern. This is used for forward
1357 references to subpatterns. We used to be able to start this scan from the
1358 current compiling point, using the current count value from cd->bracount, and
1359 do it all in a single loop, but the addition of the possibility of duplicate
1360 subpattern numbers means that we have to scan from the very start, in order to
1361 take account of such duplicates, and to use a recursive function to keep track
1362 of the different types of group.
1363
1364 Arguments:
1365 cd compile background data
1366 name name to seek, or NULL if seeking a numbered subpattern
1367 lorn name length, or subpattern number if name is NULL
1368 xmode TRUE if we are in /x mode
1369 utf8 TRUE if we are in UTF-8 mode
1370
1371 Returns: the number of the found subpattern, or -1 if not found
1372 */
1373
1374 static int
1375 find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
1376 BOOL utf8)
1377 {
1378 uschar *ptr = (uschar *)cd->start_pattern;
1379 int count = 0;
1380 int rc;
1381
1382 /* If the pattern does not start with an opening parenthesis, the first call
1383 to find_parens_sub() will scan right to the end (if necessary). However, if it
1384 does start with a parenthesis, find_parens_sub() will return when it hits the
1385 matching closing parens. That is why we have to have a loop. */
1386
1387 for (;;)
1388 {
1389 rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
1390 if (rc > 0 || *ptr++ == 0) break;
1391 }
1392
1393 return rc;
1394 }
1395
1396
1397
1398
1399 /*************************************************
1400 * Find first significant op code *
1401 *************************************************/
1402
1403 /* This is called by several functions that scan a compiled expression looking
1404 for a fixed first character, or an anchoring op code etc. It skips over things
1405 that do not influence this. For some calls, it makes sense to skip negative
1406 forward and all backward assertions, and also the \b assertion; for others it
1407 does not.
1408
1409 Arguments:
1410 code pointer to the start of the group
1411 skipassert TRUE if certain assertions are to be skipped
1412
1413 Returns: pointer to the first significant opcode
1414 */
1415
1416 static const uschar*
1417 first_significant_code(const uschar *code, BOOL skipassert)
1418 {
1419 for (;;)
1420 {
1421 switch ((int)*code)
1422 {
1423 case OP_ASSERT_NOT:
1424 case OP_ASSERTBACK:
1425 case OP_ASSERTBACK_NOT:
1426 if (!skipassert) return code;
1427 do code += GET(code, 1); while (*code == OP_ALT);
1428 code += _pcre_OP_lengths[*code];
1429 break;
1430
1431 case OP_WORD_BOUNDARY:
1432 case OP_NOT_WORD_BOUNDARY:
1433 if (!skipassert) return code;
1434 /* Fall through */
1435
1436 case OP_CALLOUT:
1437 case OP_CREF:
1438 case OP_NCREF:
1439 case OP_RREF:
1440 case OP_NRREF:
1441 case OP_DEF:
1442 code += _pcre_OP_lengths[*code];
1443 break;
1444
1445 default:
1446 return code;
1447 }
1448 }
1449 /* Control never reaches here */
1450 }
1451
1452
1453
1454
1455 /*************************************************
1456 * Find the fixed length of a branch *
1457 *************************************************/
1458
1459 /* Scan a branch and compute the fixed length of subject that will match it,
1460 if the length is fixed. This is needed for dealing with backward assertions.
1461 In UTF8 mode, the result is in characters rather than bytes. The branch is
1462 temporarily terminated with OP_END when this function is called.
1463
1464 This function is called when a backward assertion is encountered, so that if it
1465 fails, the error message can point to the correct place in the pattern.
1466 However, we cannot do this when the assertion contains subroutine calls,
1467 because they can be forward references. We solve this by remembering this case
1468 and doing the check at the end; a flag specifies which mode we are running in.
1469
1470 Arguments:
1471 code points to the start of the pattern (the bracket)
1472 utf8 TRUE in UTF-8 mode
1473 atend TRUE if called when the pattern is complete
1474 cd the "compile data" structure
1475
1476 Returns: the fixed length,
1477 or -1 if there is no fixed length,
1478 or -2 if \C was encountered
1479 or -3 if an OP_RECURSE item was encountered and atend is FALSE
1480 */
1481
1482 static int
1483 find_fixedlength(uschar *code, BOOL utf8, BOOL atend, compile_data *cd)
1484 {
1485 int length = -1;
1486
1487 register int branchlength = 0;
1488 register uschar *cc = code + 1 + LINK_SIZE;
1489
1490 /* Scan along the opcodes for this branch. If we get to the end of the
1491 branch, check the length against that of the other branches. */
1492
1493 for (;;)
1494 {
1495 int d;
1496 uschar *ce, *cs;
1497 register int op = *cc;
1498 switch (op)
1499 {
1500 /* We only need to continue for OP_CBRA (normal capturing bracket) and
1501 OP_BRA (normal non-capturing bracket) because the other variants of these
1502 opcodes are all concerned with unlimited repeated groups, which of course
1503 are not of fixed length. They will cause a -1 response from the default
1504 case of this switch. */
1505
1506 case OP_CBRA:
1507 case OP_BRA:
1508 case OP_ONCE:
1509 case OP_COND:
1510 d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), utf8, atend, cd);
1511 if (d < 0) return d;
1512 branchlength += d;
1513 do cc += GET(cc, 1); while (*cc == OP_ALT);
1514 cc += 1 + LINK_SIZE;
1515 break;
1516
1517 /* Reached end of a branch; if it's a ket it is the end of a nested
1518 call. If it's ALT it is an alternation in a nested call. If it is
1519 END it's the end of the outer call. All can be handled by the same code.
1520 Note that we must not include the OP_KETRxxx opcodes here, because they
1521 all imply an unlimited repeat. */
1522
1523 case OP_ALT:
1524 case OP_KET:
1525 case OP_END:
1526 if (length < 0) length = branchlength;
1527 else if (length != branchlength) return -1;
1528 if (*cc != OP_ALT) return length;
1529 cc += 1 + LINK_SIZE;
1530 branchlength = 0;
1531 break;
1532
1533 /* A true recursion implies not fixed length, but a subroutine call may
1534 be OK. If the subroutine is a forward reference, we can't deal with
1535 it until the end of the pattern, so return -3. */
1536
1537 case OP_RECURSE:
1538 if (!atend) return -3;
1539 cs = ce = (uschar *)cd->start_code + GET(cc, 1); /* Start subpattern */
1540 do ce += GET(ce, 1); while (*ce == OP_ALT); /* End subpattern */
1541 if (cc > cs && cc < ce) return -1; /* Recursion */
1542 d = find_fixedlength(cs + 2, utf8, atend, cd);
1543 if (d < 0) return d;
1544 branchlength += d;
1545 cc += 1 + LINK_SIZE;
1546 break;
1547
1548 /* Skip over assertive subpatterns */
1549
1550 case OP_ASSERT:
1551 case OP_ASSERT_NOT:
1552 case OP_ASSERTBACK:
1553 case OP_ASSERTBACK_NOT:
1554 do cc += GET(cc, 1); while (*cc == OP_ALT);
1555 /* Fall through */
1556
1557 /* Skip over things that don't match chars */
1558
1559 case OP_REVERSE:
1560 case OP_CREF:
1561 case OP_NCREF:
1562 case OP_RREF:
1563 case OP_NRREF:
1564 case OP_DEF:
1565 case OP_CALLOUT:
1566 case OP_SOD:
1567 case OP_SOM:
1568 case OP_SET_SOM:
1569 case OP_EOD:
1570 case OP_EODN:
1571 case OP_CIRC:
1572 case OP_CIRCM:
1573 case OP_DOLL:
1574 case OP_DOLLM:
1575 case OP_NOT_WORD_BOUNDARY:
1576 case OP_WORD_BOUNDARY:
1577 cc += _pcre_OP_lengths[*cc];
1578 break;
1579
1580 /* Handle literal characters */
1581
1582 case OP_CHAR:
1583 case OP_CHARI:
1584 case OP_NOT:
1585 case OP_NOTI:
1586 branchlength++;
1587 cc += 2;
1588 #ifdef SUPPORT_UTF8
1589 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1590 #endif
1591 break;
1592
1593 /* Handle exact repetitions. The count is already in characters, but we
1594 need to skip over a multibyte character in UTF8 mode. */
1595
1596 case OP_EXACT:
1597 branchlength += GET2(cc,1);
1598 cc += 4;
1599 #ifdef SUPPORT_UTF8
1600 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1601 #endif
1602 break;
1603
1604 case OP_TYPEEXACT:
1605 branchlength += GET2(cc,1);
1606 if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
1607 cc += 4;
1608 break;
1609
1610 /* Handle single-char matchers */
1611
1612 case OP_PROP:
1613 case OP_NOTPROP:
1614 cc += 2;
1615 /* Fall through */
1616
1617 case OP_NOT_DIGIT:
1618 case OP_DIGIT:
1619 case OP_NOT_WHITESPACE:
1620 case OP_WHITESPACE:
1621 case OP_NOT_WORDCHAR:
1622 case OP_WORDCHAR:
1623 case OP_ANY:
1624 case OP_ALLANY:
1625 branchlength++;
1626 cc++;
1627 break;
1628
1629 /* The single-byte matcher isn't allowed */
1630
1631 case OP_ANYBYTE:
1632 return -2;
1633
1634 /* Check a class for variable quantification */
1635
1636 #ifdef SUPPORT_UTF8
1637 case OP_XCLASS:
1638 cc += GET(cc, 1) - 33;
1639 /* Fall through */
1640 #endif
1641
1642 case OP_CLASS:
1643 case OP_NCLASS:
1644 cc += 33;
1645
1646 switch (*cc)
1647 {
1648 case OP_CRSTAR:
1649 case OP_CRMINSTAR:
1650 case OP_CRQUERY:
1651 case OP_CRMINQUERY:
1652 return -1;
1653
1654 case OP_CRRANGE:
1655 case OP_CRMINRANGE:
1656 if (GET2(cc,1) != GET2(cc,3)) return -1;
1657 branchlength += GET2(cc,1);
1658 cc += 5;
1659 break;
1660
1661 default:
1662 branchlength++;
1663 }
1664 break;
1665
1666 /* Anything else is variable length */
1667
1668 default:
1669 return -1;
1670 }
1671 }
1672 /* Control never gets here */
1673 }
1674
1675
1676
1677
1678 /*************************************************
1679 * Scan compiled regex for specific bracket *
1680 *************************************************/
1681
1682 /* This little function scans through a compiled pattern until it finds a
1683 capturing bracket with the given number, or, if the number is negative, an
1684 instance of OP_REVERSE for a lookbehind. The function is global in the C sense
1685 so that it can be called from pcre_study() when finding the minimum matching
1686 length.
1687
1688 Arguments:
1689 code points to start of expression
1690 utf8 TRUE in UTF-8 mode
1691 number the required bracket number or negative to find a lookbehind
1692
1693 Returns: pointer to the opcode for the bracket, or NULL if not found
1694 */
1695
1696 const uschar *
1697 _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
1698 {
1699 for (;;)
1700 {
1701 register int c = *code;
1702
1703 if (c == OP_END) return NULL;
1704
1705 /* XCLASS is used for classes that cannot be represented just by a bit
1706 map. This includes negated single high-valued characters. The length in
1707 the table is zero; the actual length is stored in the compiled code. */
1708
1709 if (c == OP_XCLASS) code += GET(code, 1);
1710
1711 /* Handle recursion */
1712
1713 else if (c == OP_REVERSE)
1714 {
1715 if (number < 0) return (uschar *)code;
1716 code += _pcre_OP_lengths[c];
1717 }
1718
1719 /* Handle capturing bracket */
1720
1721 else if (c == OP_CBRA || c == OP_SCBRA ||
1722 c == OP_CBRAPOS || c == OP_SCBRAPOS)
1723 {
1724 int n = GET2(code, 1+LINK_SIZE);
1725 if (n == number) return (uschar *)code;
1726 code += _pcre_OP_lengths[c];
1727 }
1728
1729 /* Otherwise, we can get the item's length from the table, except that for
1730 repeated character types, we have to test for \p and \P, which have an extra
1731 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1732 must add in its length. */
1733
1734 else
1735 {
1736 switch(c)
1737 {
1738 case OP_TYPESTAR:
1739 case OP_TYPEMINSTAR:
1740 case OP_TYPEPLUS:
1741 case OP_TYPEMINPLUS:
1742 case OP_TYPEQUERY:
1743 case OP_TYPEMINQUERY:
1744 case OP_TYPEPOSSTAR:
1745 case OP_TYPEPOSPLUS:
1746 case OP_TYPEPOSQUERY:
1747 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1748 break;
1749
1750 case OP_TYPEUPTO:
1751 case OP_TYPEMINUPTO:
1752 case OP_TYPEEXACT:
1753 case OP_TYPEPOSUPTO:
1754 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1755 break;
1756
1757 case OP_MARK:
1758 case OP_PRUNE_ARG:
1759 case OP_SKIP_ARG:
1760 code += code[1];
1761 break;
1762
1763 case OP_THEN_ARG:
1764 code += code[1+LINK_SIZE];
1765 break;
1766 }
1767
1768 /* Add in the fixed length from the table */
1769
1770 code += _pcre_OP_lengths[c];
1771
1772 /* In UTF-8 mode, opcodes that are followed by a character may be followed by
1773 a multi-byte character. The length in the table is a minimum, so we have to
1774 arrange to skip the extra bytes. */
1775
1776 #ifdef SUPPORT_UTF8
1777 if (utf8) switch(c)
1778 {
1779 case OP_CHAR:
1780 case OP_CHARI:
1781 case OP_EXACT:
1782 case OP_EXACTI:
1783 case OP_UPTO:
1784 case OP_UPTOI:
1785 case OP_MINUPTO:
1786 case OP_MINUPTOI:
1787 case OP_POSUPTO:
1788 case OP_POSUPTOI:
1789 case OP_STAR:
1790 case OP_STARI:
1791 case OP_MINSTAR:
1792 case OP_MINSTARI:
1793 case OP_POSSTAR:
1794 case OP_POSSTARI:
1795 case OP_PLUS:
1796 case OP_PLUSI:
1797 case OP_MINPLUS:
1798 case OP_MINPLUSI:
1799 case OP_POSPLUS:
1800 case OP_POSPLUSI:
1801 case OP_QUERY:
1802 case OP_QUERYI:
1803 case OP_MINQUERY:
1804 case OP_MINQUERYI:
1805 case OP_POSQUERY:
1806 case OP_POSQUERYI:
1807 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
1808 break;
1809 }
1810 #else
1811 (void)(utf8); /* Keep compiler happy by referencing function argument */
1812 #endif
1813 }
1814 }
1815 }
1816
1817
1818
1819 /*************************************************
1820 * Scan compiled regex for recursion reference *
1821 *************************************************/
1822
1823 /* This little function scans through a compiled pattern until it finds an
1824 instance of OP_RECURSE.
1825
1826 Arguments:
1827 code points to start of expression
1828 utf8 TRUE in UTF-8 mode
1829
1830 Returns: pointer to the opcode for OP_RECURSE, or NULL if not found
1831 */
1832
1833 static const uschar *
1834 find_recurse(const uschar *code, BOOL utf8)
1835 {
1836 for (;;)
1837 {
1838 register int c = *code;
1839 if (c == OP_END) return NULL;
1840 if (c == OP_RECURSE) return code;
1841
1842 /* XCLASS is used for classes that cannot be represented just by a bit
1843 map. This includes negated single high-valued characters. The length in
1844 the table is zero; the actual length is stored in the compiled code. */
1845
1846 if (c == OP_XCLASS) code += GET(code, 1);
1847
1848 /* Otherwise, we can get the item's length from the table, except that for
1849 repeated character types, we have to test for \p and \P, which have an extra
1850 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1851 must add in its length. */
1852
1853 else
1854 {
1855 switch(c)
1856 {
1857 case OP_TYPESTAR:
1858 case OP_TYPEMINSTAR:
1859 case OP_TYPEPLUS:
1860 case OP_TYPEMINPLUS:
1861 case OP_TYPEQUERY:
1862 case OP_TYPEMINQUERY:
1863 case OP_TYPEPOSSTAR:
1864 case OP_TYPEPOSPLUS:
1865 case OP_TYPEPOSQUERY:
1866 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1867 break;
1868
1869 case OP_TYPEPOSUPTO:
1870 case OP_TYPEUPTO:
1871 case OP_TYPEMINUPTO:
1872 case OP_TYPEEXACT:
1873 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1874 break;
1875
1876 case OP_MARK:
1877 case OP_PRUNE_ARG:
1878 case OP_SKIP_ARG:
1879 code += code[1];
1880 break;
1881
1882 case OP_THEN_ARG:
1883 code += code[1+LINK_SIZE];
1884 break;
1885 }
1886
1887 /* Add in the fixed length from the table */
1888
1889 code += _pcre_OP_lengths[c];
1890
1891 /* In UTF-8 mode, opcodes that are followed by a character may be followed
1892 by a multi-byte character. The length in the table is a minimum, so we have
1893 to arrange to skip the extra bytes. */
1894
1895 #ifdef SUPPORT_UTF8
1896 if (utf8) switch(c)
1897 {
1898 case OP_CHAR:
1899 case OP_CHARI:
1900 case OP_EXACT:
1901 case OP_EXACTI:
1902 case OP_UPTO:
1903 case OP_UPTOI:
1904 case OP_MINUPTO:
1905 case OP_MINUPTOI:
1906 case OP_POSUPTO:
1907 case OP_POSUPTOI:
1908 case OP_STAR:
1909 case OP_STARI:
1910 case OP_MINSTAR:
1911 case OP_MINSTARI:
1912 case OP_POSSTAR:
1913 case OP_POSSTARI:
1914 case OP_PLUS:
1915 case OP_PLUSI:
1916 case OP_MINPLUS:
1917 case OP_MINPLUSI:
1918 case OP_POSPLUS:
1919 case OP_POSPLUSI:
1920 case OP_QUERY:
1921 case OP_QUERYI:
1922 case OP_MINQUERY:
1923 case OP_MINQUERYI:
1924 case OP_POSQUERY:
1925 case OP_POSQUERYI:
1926 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
1927 break;
1928 }
1929 #else
1930 (void)(utf8); /* Keep compiler happy by referencing function argument */
1931 #endif
1932 }
1933 }
1934 }
1935
1936
1937
1938 /*************************************************
1939 * Scan compiled branch for non-emptiness *
1940 *************************************************/
1941
1942 /* This function scans through a branch of a compiled pattern to see whether it
1943 can match the empty string or not. It is called from could_be_empty()
1944 below and from compile_branch() when checking for an unlimited repeat of a
1945 group that can match nothing. Note that first_significant_code() skips over
1946 backward and negative forward assertions when its final argument is TRUE. If we
1947 hit an unclosed bracket, we return "empty" - this means we've struck an inner
1948 bracket whose current branch will already have been scanned.
1949
1950 Arguments:
1951 code points to start of search
1952 endcode points to where to stop
1953 utf8 TRUE if in UTF8 mode
1954 cd contains pointers to tables etc.
1955
1956 Returns: TRUE if what is matched could be empty
1957 */
1958
1959 static BOOL
1960 could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
1961 compile_data *cd)
1962 {
1963 register int c;
1964 for (code = first_significant_code(code + _pcre_OP_lengths[*code], TRUE);
1965 code < endcode;
1966 code = first_significant_code(code + _pcre_OP_lengths[c], TRUE))
1967 {
1968 const uschar *ccode;
1969
1970 c = *code;
1971
1972 /* Skip over forward assertions; the other assertions are skipped by
1973 first_significant_code() with a TRUE final argument. */
1974
1975 if (c == OP_ASSERT)
1976 {
1977 do code += GET(code, 1); while (*code == OP_ALT);
1978 c = *code;
1979 continue;
1980 }
1981
1982 /* For a recursion/subroutine call, if its end has been reached, which
1983 implies a backward reference subroutine call, we can scan it. If it's a
1984 forward reference subroutine call, we can't. To detect forward reference
1985 we have to scan up the list that is kept in the workspace. This function is
1986 called only when doing the real compile, not during the pre-compile that
1987 measures the size of the compiled pattern. */
1988
1989 if (c == OP_RECURSE)
1990 {
1991 const uschar *scode;
1992 BOOL empty_branch;
1993
1994 /* Test for forward reference */
1995
1996 for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
1997 if (GET(scode, 0) == code + 1 - cd->start_code) return TRUE;
1998
1999 /* Not a forward reference, test for completed backward reference */
2000
2001 empty_branch = FALSE;
2002 scode = cd->start_code + GET(code, 1);
2003 if (GET(scode, 1) == 0) return TRUE; /* Unclosed */
2004
2005 /* Completed backwards reference */
2006
2007 do
2008 {
2009 if (could_be_empty_branch(scode, endcode, utf8, cd))
2010 {
2011 empty_branch = TRUE;
2012 break;
2013 }
2014 scode += GET(scode, 1);
2015 }
2016 while (*scode == OP_ALT);
2017
2018 if (!empty_branch) return FALSE; /* All branches are non-empty */
2019 continue;
2020 }
2021
2022 /* Groups with zero repeats can of course be empty; skip them. */
2023
2024 if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
2025 c == OP_BRAPOSZERO)
2026 {
2027 code += _pcre_OP_lengths[c];
2028 do code += GET(code, 1); while (*code == OP_ALT);
2029 c = *code;
2030 continue;
2031 }
2032
2033 /* A nested group that is already marked as "could be empty" can just be
2034 skipped. */
2035
2036 if (c == OP_SBRA || c == OP_SBRAPOS ||
2037 c == OP_SCBRA || c == OP_SCBRAPOS)
2038 {
2039 do code += GET(code, 1); while (*code == OP_ALT);
2040 c = *code;
2041 continue;
2042 }
2043
2044 /* For other groups, scan the branches. */
2045
2046 if (c == OP_BRA || c == OP_BRAPOS ||
2047 c == OP_CBRA || c == OP_CBRAPOS ||
2048 c == OP_ONCE || c == OP_COND)
2049 {
2050 BOOL empty_branch;
2051 if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
2052
2053 /* If a conditional group has only one branch, there is a second, implied,
2054 empty branch, so just skip over the conditional, because it could be empty.
2055 Otherwise, scan the individual branches of the group. */
2056
2057 if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
2058 code += GET(code, 1);
2059 else
2060 {
2061 empty_branch = FALSE;
2062 do
2063 {
2064 if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
2065 empty_branch = TRUE;
2066 code += GET(code, 1);
2067 }
2068 while (*code == OP_ALT);
2069 if (!empty_branch) return FALSE; /* All branches are non-empty */
2070 }
2071
2072 c = *code;
2073 continue;
2074 }
2075
2076 /* Handle the other opcodes */
2077
2078 switch (c)
2079 {
2080 /* Check for quantifiers after a class. XCLASS is used for classes that
2081 cannot be represented just by a bit map. This includes negated single
2082 high-valued characters. The length in _pcre_OP_lengths[] is zero; the
2083 actual length is stored in the compiled code, so we must update "code"
2084 here. */
2085
2086 #ifdef SUPPORT_UTF8
2087 case OP_XCLASS:
2088 ccode = code += GET(code, 1);
2089 goto CHECK_CLASS_REPEAT;
2090 #endif
2091
2092 case OP_CLASS:
2093 case OP_NCLASS:
2094 ccode = code + 33;
2095
2096 #ifdef SUPPORT_UTF8
2097 CHECK_CLASS_REPEAT:
2098 #endif
2099
2100 switch (*ccode)
2101 {
2102 case OP_CRSTAR: /* These could be empty; continue */
2103 case OP_CRMINSTAR:
2104 case OP_CRQUERY:
2105 case OP_CRMINQUERY:
2106 break;
2107
2108 default: /* Non-repeat => class must match */
2109 case OP_CRPLUS: /* These repeats aren't empty */
2110 case OP_CRMINPLUS:
2111 return FALSE;
2112
2113 case OP_CRRANGE:
2114 case OP_CRMINRANGE:
2115 if (GET2(ccode, 1) > 0) return FALSE; /* Minimum > 0 */
2116 break;
2117 }
2118 break;
2119
2120 /* Opcodes that must match a character */
2121
2122 case OP_PROP:
2123 case OP_NOTPROP:
2124 case OP_EXTUNI:
2125 case OP_NOT_DIGIT:
2126 case OP_DIGIT:
2127 case OP_NOT_WHITESPACE:
2128 case OP_WHITESPACE:
2129 case OP_NOT_WORDCHAR:
2130 case OP_WORDCHAR:
2131 case OP_ANY:
2132 case OP_ALLANY:
2133 case OP_ANYBYTE:
2134 case OP_CHAR:
2135 case OP_CHARI:
2136 case OP_NOT:
2137 case OP_NOTI:
2138 case OP_PLUS:
2139 case OP_MINPLUS:
2140 case OP_POSPLUS:
2141 case OP_EXACT:
2142 case OP_NOTPLUS:
2143 case OP_NOTMINPLUS:
2144 case OP_NOTPOSPLUS:
2145 case OP_NOTEXACT:
2146 case OP_TYPEPLUS:
2147 case OP_TYPEMINPLUS:
2148 case OP_TYPEPOSPLUS:
2149 case OP_TYPEEXACT:
2150 return FALSE;
2151
2152 /* These are going to continue, as they may be empty, but we have to
2153 fudge the length for the \p and \P cases. */
2154
2155 case OP_TYPESTAR:
2156 case OP_TYPEMINSTAR:
2157 case OP_TYPEPOSSTAR:
2158 case OP_TYPEQUERY:
2159 case OP_TYPEMINQUERY:
2160 case OP_TYPEPOSQUERY:
2161 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2162 break;
2163
2164 /* Same for these */
2165
2166 case OP_TYPEUPTO:
2167 case OP_TYPEMINUPTO:
2168 case OP_TYPEPOSUPTO:
2169 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2170 break;
2171
2172 /* End of branch */
2173
2174 case OP_KET:
2175 case OP_KETRMAX:
2176 case OP_KETRMIN:
2177 case OP_KETRPOS:
2178 case OP_ALT:
2179 return TRUE;
2180
2181 /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
2182 MINUPTO, and POSUPTO may be followed by a multibyte character */
2183
2184 #ifdef SUPPORT_UTF8
2185 case OP_STAR:
2186 case OP_STARI:
2187 case OP_MINSTAR:
2188 case OP_MINSTARI:
2189 case OP_POSSTAR:
2190 case OP_POSSTARI:
2191 case OP_QUERY:
2192 case OP_QUERYI:
2193 case OP_MINQUERY:
2194 case OP_MINQUERYI:
2195 case OP_POSQUERY:
2196 case OP_POSQUERYI:
2197 if (utf8 && code[1] >= 0xc0) code += _pcre_utf8_table4[code[1] & 0x3f];
2198 break;
2199
2200 case OP_UPTO:
2201 case OP_UPTOI:
2202 case OP_MINUPTO:
2203 case OP_MINUPTOI:
2204 case OP_POSUPTO:
2205 case OP_POSUPTOI:
2206 if (utf8 && code[3] >= 0xc0) code += _pcre_utf8_table4[code[3] & 0x3f];
2207 break;
2208 #endif
2209
2210 /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
2211 string. */
2212
2213 case OP_MARK:
2214 case OP_PRUNE_ARG:
2215 case OP_SKIP_ARG:
2216 code += code[1];
2217 break;
2218
2219 case OP_THEN_ARG:
2220 code += code[1+LINK_SIZE];
2221 break;
2222
2223 /* None of the remaining opcodes are required to match a character. */
2224
2225 default:
2226 break;
2227 }
2228 }
2229
2230 return TRUE;
2231 }
2232
2233
2234
2235 /*************************************************
2236 * Scan compiled regex for non-emptiness *
2237 *************************************************/
2238
2239 /* This function is called to check for left recursive calls. We want to check
2240 the current branch of the current pattern to see if it could match the empty
2241 string. If it could, we must look outwards for branches at other levels,
2242 stopping when we pass beyond the bracket which is the subject of the recursion.
2243 This function is called only during the real compile, not during the
2244 pre-compile.
2245
2246 Arguments:
2247 code points to start of the recursion
2248 endcode points to where to stop (current RECURSE item)
2249 bcptr points to the chain of current (unclosed) branch starts
2250 utf8 TRUE if in UTF-8 mode
2251 cd pointers to tables etc
2252
2253 Returns: TRUE if what is matched could be empty
2254 */
2255
2256 static BOOL
2257 could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,
2258 BOOL utf8, compile_data *cd)
2259 {
2260 while (bcptr != NULL && bcptr->current_branch >= code)
2261 {
2262 if (!could_be_empty_branch(bcptr->current_branch, endcode, utf8, cd))
2263 return FALSE;
2264 bcptr = bcptr->outer;
2265 }
2266 return TRUE;
2267 }
2268
2269
2270
2271 /*************************************************
2272 * Check for POSIX class syntax *
2273 *************************************************/
2274
2275 /* This function is called when the sequence "[:" or "[." or "[=" is
2276 encountered in a character class. It checks whether this is followed by a
2277 sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
2278 reach an unescaped ']' without the special preceding character, return FALSE.
2279
2280 Originally, this function only recognized a sequence of letters between the
2281 terminators, but it seems that Perl recognizes any sequence of characters,
2282 though of course unknown POSIX names are subsequently rejected. Perl gives an
2283 "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
2284 didn't consider this to be a POSIX class. Likewise for [:1234:].
2285
2286 The problem in trying to be exactly like Perl is in the handling of escapes. We
2287 have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
2288 class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
2289 below handles the special case of \], but does not try to do any other escape
2290 processing. This makes it different from Perl for cases such as [:l\ower:]
2291 where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
2292 "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
2293 I think.
2294
2295 A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
2296 It seems that the appearance of a nested POSIX class supersedes an apparent
2297 external class. For example, [:a[:digit:]b:] matches "a", "b", ":", or
2298 a digit.
2299
2300 In Perl, unescaped square brackets may also appear as part of class names. For
2301 example, [:a[:abc]b:] gives unknown POSIX class "[:abc]b:]". However, for
2302 [:a[:abc]b][b:] it gives unknown POSIX class "[:abc]b][b:]", which does not
2303 seem right at all. PCRE does not allow closing square brackets in POSIX class
2304 names.
2305
2306 Arguments:
2307 ptr pointer to the initial [
2308 endptr where to return the end pointer
2309
2310 Returns: TRUE or FALSE
2311 */
2312
2313 static BOOL
2314 check_posix_syntax(const uschar *ptr, const uschar **endptr)
2315 {
2316 int terminator; /* Don't combine these lines; the Solaris cc */
2317 terminator = *(++ptr); /* compiler warns about "non-constant" initializer. */
2318 for (++ptr; *ptr != 0; ptr++)
2319 {
2320 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2321 ptr++;
2322 else if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
2323 else
2324 {
2325 if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2326 {
2327 *endptr = ptr;
2328 return TRUE;
2329 }
2330 if (*ptr == CHAR_LEFT_SQUARE_BRACKET &&
2331 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
2332 ptr[1] == CHAR_EQUALS_SIGN) &&
2333 check_posix_syntax(ptr, endptr))
2334 return FALSE;
2335 }
2336 }
2337 return FALSE;
2338 }
2339
2340
2341
2342
2343 /*************************************************
2344 * Check POSIX class name *
2345 *************************************************/
2346
2347 /* This function is called to check the name given in a POSIX-style class entry
2348 such as [:alnum:].
2349
2350 Arguments:
2351 ptr points to the first letter
2352 len the length of the name
2353
2354 Returns: a value representing the name, or -1 if unknown
2355 */
2356
2357 static int
2358 check_posix_name(const uschar *ptr, int len)
2359 {
2360 const char *pn = posix_names;
2361 register int yield = 0;
2362 while (posix_name_lengths[yield] != 0)
2363 {
2364 if (len == posix_name_lengths[yield] &&
2365 strncmp((const char *)ptr, pn, len) == 0) return yield;
2366 pn += posix_name_lengths[yield] + 1;
2367 yield++;
2368 }
2369 return -1;
2370 }
2371
2372
2373 /*************************************************
2374 * Adjust OP_RECURSE items in repeated group *
2375 *************************************************/
2376
2377 /* OP_RECURSE items contain an offset from the start of the regex to the group
2378 that is referenced. This means that groups can be replicated for fixed
2379 repetition simply by copying (because the recursion is allowed to refer to
2380 earlier groups that are outside the current group). However, when a group is
2381 optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
2382 inserted before it, after it has been compiled. This means that any OP_RECURSE
2383 items within it that refer to the group itself or any contained groups have to
2384 have their offsets adjusted. That one of the jobs of this function. Before it
2385 is called, the partially compiled regex must be temporarily terminated with
2386 OP_END.
2387
2388 This function has been extended with the possibility of forward references for
2389 recursions and subroutine calls. It must also check the list of such references
2390 for the group we are dealing with. If it finds that one of the recursions in
2391 the current group is on this list, it adjusts the offset in the list, not the
2392 value in the reference (which is a group number).
2393
2394 Arguments:
2395 group points to the start of the group
2396 adjust the amount by which the group is to be moved
2397 utf8 TRUE in UTF-8 mode
2398 cd contains pointers to tables etc.
2399 save_hwm the hwm forward reference pointer at the start of the group
2400
2401 Returns: nothing
2402 */
2403
2404 static void
2405 adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd,
2406 uschar *save_hwm)
2407 {
2408 uschar *ptr = group;
2409
2410 while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
2411 {
2412 int offset;
2413 uschar *hc;
2414
2415 /* See if this recursion is on the forward reference list. If so, adjust the
2416 reference. */
2417
2418 for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
2419 {
2420 offset = GET(hc, 0);
2421 if (cd->start_code + offset == ptr + 1)
2422 {
2423 PUT(hc, 0, offset + adjust);
2424 break;
2425 }
2426 }
2427
2428 /* Otherwise, adjust the recursion offset if it's after the start of this
2429 group. */
2430
2431 if (hc >= cd->hwm)
2432 {
2433 offset = GET(ptr, 1);
2434 if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
2435 }
2436
2437 ptr += 1 + LINK_SIZE;
2438 }
2439 }
2440
2441
2442
2443 /*************************************************
2444 * Insert an automatic callout point *
2445 *************************************************/
2446
2447 /* This function is called when the PCRE_AUTO_CALLOUT option is set, to insert
2448 callout points before each pattern item.
2449
2450 Arguments:
2451 code current code pointer
2452 ptr current pattern pointer
2453 cd pointers to tables etc
2454
2455 Returns: new code pointer
2456 */
2457
2458 static uschar *
2459 auto_callout(uschar *code, const uschar *ptr, compile_data *cd)
2460 {
2461 *code++ = OP_CALLOUT;
2462 *code++ = 255;
2463 PUT(code, 0, (int)(ptr - cd->start_pattern)); /* Pattern offset */
2464 PUT(code, LINK_SIZE, 0); /* Default length */
2465 return code + 2*LINK_SIZE;
2466 }
2467
2468
2469
2470 /*************************************************
2471 * Complete a callout item *
2472 *************************************************/
2473
2474 /* A callout item contains the length of the next item in the pattern, which
2475 we can't fill in till after we have reached the relevant point. This is used
2476 for both automatic and manual callouts.
2477
2478 Arguments:
2479 previous_callout points to previous callout item
2480 ptr current pattern pointer
2481 cd pointers to tables etc
2482
2483 Returns: nothing
2484 */
2485
2486 static void
2487 complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)
2488 {
2489 int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
2490 PUT(previous_callout, 2 + LINK_SIZE, length);
2491 }
2492
2493
2494
2495 #ifdef SUPPORT_UCP
2496 /*************************************************
2497 * Get othercase range *
2498 *************************************************/
2499
2500 /* This function is passed the start and end of a class range, in UTF-8 mode
2501 with UCP support. It searches up the characters, looking for internal ranges of
2502 characters in the "other" case. Each call returns the next one, updating the
2503 start address.
2504
2505 Arguments:
2506 cptr points to starting character value; updated
2507 d end value
2508 ocptr where to put start of othercase range
2509 odptr where to put end of othercase range
2510
2511 Yield: TRUE when range returned; FALSE when no more
2512 */
2513
2514 static BOOL
2515 get_othercase_range(unsigned int *cptr, unsigned int d, unsigned int *ocptr,
2516 unsigned int *odptr)
2517 {
2518 unsigned int c, othercase, next;
2519
2520 for (c = *cptr; c <= d; c++)
2521 { if ((othercase = UCD_OTHERCASE(c)) != c) break; }
2522
2523 if (c > d) return FALSE;
2524
2525 *ocptr = othercase;
2526 next = othercase + 1;
2527
2528 for (++c; c <= d; c++)
2529 {
2530 if (UCD_OTHERCASE(c) != next) break;
2531 next++;
2532 }
2533
2534 *odptr = next - 1;
2535 *cptr = c;
2536
2537 return TRUE;
2538 }
2539
2540
2541
2542 /*************************************************
2543 * Check a character and a property *
2544 *************************************************/
2545
2546 /* This function is called by check_auto_possessive() when a property item
2547 is adjacent to a fixed character.
2548
2549 Arguments:
2550 c the character
2551 ptype the property type
2552 pdata the data for the type
2553 negated TRUE if it's a negated property (\P or \p{^)
2554
2555 Returns: TRUE if auto-possessifying is OK
2556 */
2557
2558 static BOOL
2559 check_char_prop(int c, int ptype, int pdata, BOOL negated)
2560 {
2561 const ucd_record *prop = GET_UCD(c);
2562 switch(ptype)
2563 {
2564 case PT_LAMP:
2565 return (prop->chartype == ucp_Lu ||
2566 prop->chartype == ucp_Ll ||
2567 prop->chartype == ucp_Lt) == negated;
2568
2569 case PT_GC:
2570 return (pdata == _pcre_ucp_gentype[prop->chartype]) == negated;
2571
2572 case PT_PC:
2573 return (pdata == prop->chartype) == negated;
2574
2575 case PT_SC:
2576 return (pdata == prop->script) == negated;
2577
2578 /* These are specials */
2579
2580 case PT_ALNUM:
2581 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2582 _pcre_ucp_gentype[prop->chartype] == ucp_N) == negated;
2583
2584 case PT_SPACE: /* Perl space */
2585 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2586 c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
2587 == negated;
2588
2589 case PT_PXSPACE: /* POSIX space */
2590 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2591 c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
2592 c == CHAR_FF || c == CHAR_CR)
2593 == negated;
2594
2595 case PT_WORD:
2596 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2597 _pcre_ucp_gentype[prop->chartype] == ucp_N ||
2598 c == CHAR_UNDERSCORE) == negated;
2599 }
2600 return FALSE;
2601 }
2602 #endif /* SUPPORT_UCP */
2603
2604
2605
2606 /*************************************************
2607 * Check if auto-possessifying is possible *
2608 *************************************************/
2609
2610 /* This function is called for unlimited repeats of certain items, to see
2611 whether the next thing could possibly match the repeated item. If not, it makes
2612 sense to automatically possessify the repeated item.
2613
2614 Arguments:
2615 previous pointer to the repeated opcode
2616 utf8 TRUE in UTF-8 mode
2617 ptr next character in pattern
2618 options options bits
2619 cd contains pointers to tables etc.
2620
2621 Returns: TRUE if possessifying is wanted
2622 */
2623
2624 static BOOL
2625 check_auto_possessive(const uschar *previous, BOOL utf8, const uschar *ptr,
2626 int options, compile_data *cd)
2627 {
2628 int c, next;
2629 int op_code = *previous++;
2630
2631 /* Skip whitespace and comments in extended mode */
2632
2633 if ((options & PCRE_EXTENDED) != 0)
2634 {
2635 for (;;)
2636 {
2637 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2638 if (*ptr == CHAR_NUMBER_SIGN)
2639 {
2640 ptr++;
2641 while (*ptr != 0)
2642 {
2643 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2644 ptr++;
2645 #ifdef SUPPORT_UTF8
2646 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2647 #endif
2648 }
2649 }
2650 else break;
2651 }
2652 }
2653
2654 /* If the next item is one that we can handle, get its value. A non-negative
2655 value is a character, a negative value is an escape value. */
2656
2657 if (*ptr == CHAR_BACKSLASH)
2658 {
2659 int temperrorcode = 0;
2660 next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
2661 if (temperrorcode != 0) return FALSE;
2662 ptr++; /* Point after the escape sequence */
2663 }
2664
2665 else if ((cd->ctypes[*ptr] & ctype_meta) == 0)
2666 {
2667 #ifdef SUPPORT_UTF8
2668 if (utf8) { GETCHARINC(next, ptr); } else
2669 #endif
2670 next = *ptr++;
2671 }
2672
2673 else return FALSE;
2674
2675 /* Skip whitespace and comments in extended mode */
2676
2677 if ((options & PCRE_EXTENDED) != 0)
2678 {
2679 for (;;)
2680 {
2681 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2682 if (*ptr == CHAR_NUMBER_SIGN)
2683 {
2684 ptr++;
2685 while (*ptr != 0)
2686 {
2687 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2688 ptr++;
2689 #ifdef SUPPORT_UTF8
2690 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2691 #endif
2692 }
2693 }
2694 else break;
2695 }
2696 }
2697
2698 /* If the next thing is itself optional, we have to give up. */
2699
2700 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2701 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2702 return FALSE;
2703
2704 /* Now compare the next item with the previous opcode. First, handle cases when
2705 the next item is a character. */
2706
2707 if (next >= 0) switch(op_code)
2708 {
2709 case OP_CHAR:
2710 #ifdef SUPPORT_UTF8
2711 GETCHARTEST(c, previous);
2712 #else
2713 c = *previous;
2714 #endif
2715 return c != next;
2716
2717 /* For CHARI (caseless character) we must check the other case. If we have
2718 Unicode property support, we can use it to test the other case of
2719 high-valued characters. */
2720
2721 case OP_CHARI:
2722 #ifdef SUPPORT_UTF8
2723 GETCHARTEST(c, previous);
2724 #else
2725 c = *previous;
2726 #endif
2727 if (c == next) return FALSE;
2728 #ifdef SUPPORT_UTF8
2729 if (utf8)
2730 {
2731 unsigned int othercase;
2732 if (next < 128) othercase = cd->fcc[next]; else
2733 #ifdef SUPPORT_UCP
2734 othercase = UCD_OTHERCASE((unsigned int)next);
2735 #else
2736 othercase = NOTACHAR;
2737 #endif
2738 return (unsigned int)c != othercase;
2739 }
2740 else
2741 #endif /* SUPPORT_UTF8 */
2742 return (c != cd->fcc[next]); /* Non-UTF-8 mode */
2743
2744 /* For OP_NOT and OP_NOTI, the data is always a single-byte character. These
2745 opcodes are not used for multi-byte characters, because they are coded using
2746 an XCLASS instead. */
2747
2748 case OP_NOT:
2749 return (c = *previous) == next;
2750
2751 case OP_NOTI:
2752 if ((c = *previous) == next) return TRUE;
2753 #ifdef SUPPORT_UTF8
2754 if (utf8)
2755 {
2756 unsigned int othercase;
2757 if (next < 128) othercase = cd->fcc[next]; else
2758 #ifdef SUPPORT_UCP
2759 othercase = UCD_OTHERCASE(next);
2760 #else
2761 othercase = NOTACHAR;
2762 #endif
2763 return (unsigned int)c == othercase;
2764 }
2765 else
2766 #endif /* SUPPORT_UTF8 */
2767 return (c == cd->fcc[next]); /* Non-UTF-8 mode */
2768
2769 /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
2770 When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
2771
2772 case OP_DIGIT:
2773 return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
2774
2775 case OP_NOT_DIGIT:
2776 return next <= 127 && (cd->ctypes[next] & ctype_digit) != 0;
2777
2778 case OP_WHITESPACE:
2779 return next > 127 || (cd->ctypes[next] & ctype_space) == 0;
2780
2781 case OP_NOT_WHITESPACE:
2782 return next <= 127 && (cd->ctypes[next] & ctype_space) != 0;
2783
2784 case OP_WORDCHAR:
2785 return next > 127 || (cd->ctypes[next] & ctype_word) == 0;
2786
2787 case OP_NOT_WORDCHAR:
2788 return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
2789
2790 case OP_HSPACE:
2791 case OP_NOT_HSPACE:
2792 switch(next)
2793 {
2794 case 0x09:
2795 case 0x20:
2796 case 0xa0:
2797 case 0x1680:
2798 case 0x180e:
2799 case 0x2000:
2800 case 0x2001:
2801 case 0x2002:
2802 case 0x2003:
2803 case 0x2004:
2804 case 0x2005:
2805 case 0x2006:
2806 case 0x2007:
2807 case 0x2008:
2808 case 0x2009:
2809 case 0x200A:
2810 case 0x202f:
2811 case 0x205f:
2812 case 0x3000:
2813 return op_code == OP_NOT_HSPACE;
2814 default:
2815 return op_code != OP_NOT_HSPACE;
2816 }
2817
2818 case OP_ANYNL:
2819 case OP_VSPACE:
2820 case OP_NOT_VSPACE:
2821 switch(next)
2822 {
2823 case 0x0a:
2824 case 0x0b:
2825 case 0x0c:
2826 case 0x0d:
2827 case 0x85:
2828 case 0x2028:
2829 case 0x2029:
2830 return op_code == OP_NOT_VSPACE;
2831 default:
2832 return op_code != OP_NOT_VSPACE;
2833 }
2834
2835 #ifdef SUPPORT_UCP
2836 case OP_PROP:
2837 return check_char_prop(next, previous[0], previous[1], FALSE);
2838
2839 case OP_NOTPROP:
2840 return check_char_prop(next, previous[0], previous[1], TRUE);
2841 #endif
2842
2843 default:
2844 return FALSE;
2845 }
2846
2847
2848 /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
2849 is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
2850 generated only when PCRE_UCP is *not* set, that is, when only ASCII
2851 characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
2852 replaced by OP_PROP codes when PCRE_UCP is set. */
2853
2854 switch(op_code)
2855 {
2856 case OP_CHAR:
2857 case OP_CHARI:
2858 #ifdef SUPPORT_UTF8
2859 GETCHARTEST(c, previous);
2860 #else
2861 c = *previous;
2862 #endif
2863 switch(-next)
2864 {
2865 case ESC_d:
2866 return c > 127 || (cd->ctypes[c] & ctype_digit) == 0;
2867
2868 case ESC_D:
2869 return c <= 127 && (cd->ctypes[c] & ctype_digit) != 0;
2870
2871 case ESC_s:
2872 return c > 127 || (cd->ctypes[c] & ctype_space) == 0;
2873
2874 case ESC_S:
2875 return c <= 127 && (cd->ctypes[c] & ctype_space) != 0;
2876
2877 case ESC_w:
2878 return c > 127 || (cd->ctypes[c] & ctype_word) == 0;
2879
2880 case ESC_W:
2881 return c <= 127 && (cd->ctypes[c] & ctype_word) != 0;
2882
2883 case ESC_h:
2884 case ESC_H:
2885 switch(c)
2886 {
2887 case 0x09:
2888 case 0x20:
2889 case 0xa0:
2890 case 0x1680:
2891 case 0x180e:
2892 case 0x2000:
2893 case 0x2001:
2894 case 0x2002:
2895 case 0x2003:
2896 case 0x2004:
2897 case 0x2005:
2898 case 0x2006:
2899 case 0x2007:
2900 case 0x2008:
2901 case 0x2009:
2902 case 0x200A:
2903 case 0x202f:
2904 case 0x205f:
2905 case 0x3000:
2906 return -next != ESC_h;
2907 default:
2908 return -next == ESC_h;
2909 }
2910
2911 case ESC_v:
2912 case ESC_V:
2913 switch(c)
2914 {
2915 case 0x0a:
2916 case 0x0b:
2917 case 0x0c:
2918 case 0x0d:
2919 case 0x85:
2920 case 0x2028:
2921 case 0x2029:
2922 return -next != ESC_v;
2923 default:
2924 return -next == ESC_v;
2925 }
2926
2927 /* When PCRE_UCP is set, these values get generated for \d etc. Find
2928 their substitutions and process them. The result will always be either
2929 -ESC_p or -ESC_P. Then fall through to process those values. */
2930
2931 #ifdef SUPPORT_UCP
2932 case ESC_du:
2933 case ESC_DU:
2934 case ESC_wu:
2935 case ESC_WU:
2936 case ESC_su:
2937 case ESC_SU:
2938 {
2939 int temperrorcode = 0;
2940 ptr = substitutes[-next - ESC_DU];
2941 next = check_escape(&ptr, &temperrorcode, 0, options, FALSE);
2942 if (temperrorcode != 0) return FALSE;
2943 ptr++; /* For compatibility */
2944 }
2945 /* Fall through */
2946
2947 case ESC_p:
2948 case ESC_P:
2949 {
2950 int ptype, pdata, errorcodeptr;
2951 BOOL negated;
2952
2953 ptr--; /* Make ptr point at the p or P */
2954 ptype = get_ucp(&ptr, &negated, &pdata, &errorcodeptr);
2955 if (ptype < 0) return FALSE;
2956 ptr++; /* Point past the final curly ket */
2957
2958 /* If the property item is optional, we have to give up. (When generated
2959 from \d etc by PCRE_UCP, this test will have been applied much earlier,
2960 to the original \d etc. At this point, ptr will point to a zero byte. */
2961
2962 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2963 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2964 return FALSE;
2965
2966 /* Do the property check. */
2967
2968 return check_char_prop(c, ptype, pdata, (next == -ESC_P) != negated);
2969 }
2970 #endif
2971
2972 default:
2973 return FALSE;
2974 }
2975
2976 /* In principle, support for Unicode properties should be integrated here as
2977 well. It means re-organizing the above code so as to get hold of the property
2978 values before switching on the op-code. However, I wonder how many patterns
2979 combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
2980 these op-codes are never generated.) */
2981
2982 case OP_DIGIT:
2983 return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
2984 next == -ESC_h || next == -ESC_v || next == -ESC_R;
2985
2986 case OP_NOT_DIGIT:
2987 return next == -ESC_d;
2988
2989 case OP_WHITESPACE:
2990 return next == -ESC_S || next == -ESC_d || next == -ESC_w || next == -ESC_R;
2991
2992 case OP_NOT_WHITESPACE:
2993 return next == -ESC_s || next == -ESC_h || next == -ESC_v;
2994
2995 case OP_HSPACE:
2996 return next == -ESC_S || next == -ESC_H || next == -ESC_d ||
2997 next == -ESC_w || next == -ESC_v || next == -ESC_R;
2998
2999 case OP_NOT_HSPACE:
3000 return next == -ESC_h;
3001
3002 /* Can't have \S in here because VT matches \S (Perl anomaly) */
3003 case OP_ANYNL:
3004 case OP_VSPACE:
3005 return next == -ESC_V || next == -ESC_d || next == -ESC_w;
3006
3007 case OP_NOT_VSPACE:
3008 return next == -ESC_v || next == -ESC_R;
3009
3010 case OP_WORDCHAR:
3011 return next == -ESC_W || next == -ESC_s || next == -ESC_h ||
3012 next == -ESC_v || next == -ESC_R;
3013
3014 case OP_NOT_WORDCHAR:
3015 return next == -ESC_w || next == -ESC_d;
3016
3017 default:
3018 return FALSE;
3019 }
3020
3021 /* Control does not reach here */
3022 }
3023
3024
3025
3026 /*************************************************
3027 * Compile one branch *
3028 *************************************************/
3029
3030 /* Scan the pattern, compiling it into the a vector. If the options are
3031 changed during the branch, the pointer is used to change the external options
3032 bits. This function is used during the pre-compile phase when we are trying
3033 to find out the amount of memory needed, as well as during the real compile
3034 phase. The value of lengthptr distinguishes the two phases.
3035
3036 Arguments:
3037 optionsptr pointer to the option bits
3038 codeptr points to the pointer to the current code point
3039 ptrptr points to the current pattern pointer
3040 errorcodeptr points to error code variable
3041 firstbyteptr set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
3042 reqbyteptr set to the last literal character required, else < 0
3043 bcptr points to current branch chain
3044 cond_depth conditional nesting depth
3045 cd contains pointers to tables etc.
3046 lengthptr NULL during the real compile phase
3047 points to length accumulator during pre-compile phase
3048
3049 Returns: TRUE on success
3050 FALSE, with *errorcodeptr set non-zero on error
3051 */
3052
3053 static BOOL
3054 compile_branch(int *optionsptr, uschar **codeptr, const uschar **ptrptr,
3055 int *errorcodeptr, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
3056 int cond_depth, compile_data *cd, int *lengthptr)
3057 {
3058 int repeat_type, op_type;
3059 int repeat_min = 0, repeat_max = 0; /* To please picky compilers */
3060 int bravalue = 0;
3061 int greedy_default, greedy_non_default;
3062 int firstbyte, reqbyte;
3063 int zeroreqbyte, zerofirstbyte;
3064 int req_caseopt, reqvary, tempreqvary;
3065 int options = *optionsptr; /* May change dynamically */
3066 int after_manual_callout = 0;
3067 int length_prevgroup = 0;
3068 register int c;
3069 register uschar *code = *codeptr;
3070 uschar *last_code = code;
3071 uschar *orig_code = code;
3072 uschar *tempcode;
3073 BOOL inescq = FALSE;
3074 BOOL groupsetfirstbyte = FALSE;
3075 const uschar *ptr = *ptrptr;
3076 const uschar *tempptr;
3077 const uschar *nestptr = NULL;
3078 uschar *previous = NULL;
3079 uschar *previous_callout = NULL;
3080 uschar *save_hwm = NULL;
3081 uschar classbits[32];
3082
3083 /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
3084 must not do this for other options (e.g. PCRE_EXTENDED) because they may change
3085 dynamically as we process the pattern. */
3086
3087 #ifdef SUPPORT_UTF8
3088 BOOL class_utf8;
3089 BOOL utf8 = (options & PCRE_UTF8) != 0;
3090 uschar *class_utf8data;
3091 uschar *class_utf8data_base;
3092 uschar utf8_char[6];
3093 #else
3094 BOOL utf8 = FALSE;
3095 uschar *utf8_char = NULL;
3096 #endif
3097
3098 #ifdef PCRE_DEBUG
3099 if (lengthptr != NULL) DPRINTF((">> start branch\n"));
3100 #endif
3101
3102 /* Set up the default and non-default settings for greediness */
3103
3104 greedy_default = ((options & PCRE_UNGREEDY) != 0);
3105 greedy_non_default = greedy_default ^ 1;
3106
3107 /* Initialize no first byte, no required byte. REQ_UNSET means "no char
3108 matching encountered yet". It gets changed to REQ_NONE if we hit something that
3109 matches a non-fixed char first char; reqbyte just remains unset if we never
3110 find one.
3111
3112 When we hit a repeat whose minimum is zero, we may have to adjust these values
3113 to take the zero repeat into account. This is implemented by setting them to
3114 zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
3115 item types that can be repeated set these backoff variables appropriately. */
3116
3117 firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
3118
3119 /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
3120 according to the current setting of the caseless flag. REQ_CASELESS is a bit
3121 value > 255. It is added into the firstbyte or reqbyte variables to record the
3122 case status of the value. This is used only for ASCII characters. */
3123
3124 req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
3125
3126 /* Switch on next character until the end of the branch */
3127
3128 for (;; ptr++)
3129 {
3130 BOOL negate_class;
3131 BOOL should_flip_negation;
3132 BOOL possessive_quantifier;
3133 BOOL is_quantifier;
3134 BOOL is_recurse;
3135 BOOL reset_bracount;
3136 int class_charcount;
3137 int class_lastchar;
3138 int newoptions;
3139 int recno;
3140 int refsign;
3141 int skipbytes;
3142 int subreqbyte;
3143 int subfirstbyte;
3144 int terminator;
3145 int mclength;
3146 uschar mcbuffer[8];
3147
3148 /* Get next byte in the pattern */
3149
3150 c = *ptr;
3151
3152 /* If we are at the end of a nested substitution, revert to the outer level
3153 string. Nesting only happens one level deep. */
3154
3155 if (c == 0 && nestptr != NULL)
3156 {
3157 ptr = nestptr;
3158 nestptr = NULL;
3159 c = *ptr;
3160 }
3161
3162 /* If we are in the pre-compile phase, accumulate the length used for the
3163 previous cycle of this loop. */
3164
3165 if (lengthptr != NULL)
3166 {
3167 #ifdef PCRE_DEBUG
3168 if (code > cd->hwm) cd->hwm = code; /* High water info */
3169 #endif
3170 if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
3171 {
3172 *errorcodeptr = ERR52;
3173 goto FAILED;
3174 }
3175
3176 /* There is at least one situation where code goes backwards: this is the
3177 case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
3178 the class is simply eliminated. However, it is created first, so we have to
3179 allow memory for it. Therefore, don't ever reduce the length at this point.
3180 */
3181
3182 if (code < last_code) code = last_code;
3183
3184 /* Paranoid check for integer overflow */
3185
3186 if (OFLOW_MAX - *lengthptr < code - last_code)
3187 {
3188 *errorcodeptr = ERR20;
3189 goto FAILED;
3190 }
3191
3192 *lengthptr += (int)(code - last_code);
3193 DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));
3194
3195 /* If "previous" is set and it is not at the start of the work space, move
3196 it back to there, in order to avoid filling up the work space. Otherwise,
3197 if "previous" is NULL, reset the current code pointer to the start. */
3198
3199 if (previous != NULL)
3200 {
3201 if (previous > orig_code)
3202 {
3203 memmove(orig_code, previous, code - previous);
3204 code -= previous - orig_code;
3205 previous = orig_code;
3206 }
3207 }
3208 else code = orig_code;
3209
3210 /* Remember where this code item starts so we can pick up the length
3211 next time round. */
3212
3213 last_code = code;
3214 }
3215
3216 /* In the real compile phase, just check the workspace used by the forward
3217 reference list. */
3218
3219 else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
3220 {
3221 *errorcodeptr = ERR52;
3222 goto FAILED;
3223 }
3224
3225 /* If in \Q...\E, check for the end; if not, we have a literal */
3226
3227 if (inescq && c != 0)
3228 {
3229 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3230 {
3231 inescq = FALSE;
3232 ptr++;
3233 continue;
3234 }
3235 else
3236 {
3237 if (previous_callout != NULL)
3238 {
3239 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3240 complete_callout(previous_callout, ptr, cd);
3241 previous_callout = NULL;
3242 }
3243 if ((options & PCRE_AUTO_CALLOUT) != 0)
3244 {
3245 previous_callout = code;
3246 code = auto_callout(code, ptr, cd);
3247 }
3248 goto NORMAL_CHAR;
3249 }
3250 }
3251
3252 /* Fill in length of a previous callout, except when the next thing is
3253 a quantifier. */
3254
3255 is_quantifier =
3256 c == CHAR_ASTERISK || c == CHAR_PLUS || c == CHAR_QUESTION_MARK ||
3257 (c == CHAR_LEFT_CURLY_BRACKET && is_counted_repeat(ptr+1));
3258
3259 if (!is_quantifier && previous_callout != NULL &&
3260 after_manual_callout-- <= 0)
3261 {
3262 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3263 complete_callout(previous_callout, ptr, cd);
3264 previous_callout = NULL;
3265 }
3266
3267 /* In extended mode, skip white space and comments. */
3268
3269 if ((options & PCRE_EXTENDED) != 0)
3270 {
3271 if ((cd->ctypes[c] & ctype_space) != 0) continue;
3272 if (c == CHAR_NUMBER_SIGN)
3273 {
3274 ptr++;
3275 while (*ptr != 0)
3276 {
3277 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
3278 ptr++;
3279 #ifdef SUPPORT_UTF8
3280 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
3281 #endif
3282 }
3283 if (*ptr != 0) continue;
3284
3285 /* Else fall through to handle end of string */
3286 c = 0;
3287 }
3288 }
3289
3290 /* No auto callout for quantifiers. */
3291
3292 if ((options & PCRE_AUTO_CALLOUT) != 0 && !is_quantifier)
3293 {
3294 previous_callout = code;
3295 code = auto_callout(code, ptr, cd);
3296 }
3297
3298 switch(c)
3299 {
3300 /* ===================================================================*/
3301 case 0: /* The branch terminates at string end */
3302 case CHAR_VERTICAL_LINE: /* or | or ) */
3303 case CHAR_RIGHT_PARENTHESIS:
3304 *firstbyteptr = firstbyte;
3305 *reqbyteptr = reqbyte;
3306 *codeptr = code;
3307 *ptrptr = ptr;
3308 if (lengthptr != NULL)
3309 {
3310 if (OFLOW_MAX - *lengthptr < code - last_code)
3311 {
3312 *errorcodeptr = ERR20;
3313 goto FAILED;
3314 }
3315 *lengthptr += (int)(code - last_code); /* To include callout length */
3316 DPRINTF((">> end branch\n"));
3317 }
3318 return TRUE;
3319
3320
3321 /* ===================================================================*/
3322 /* Handle single-character metacharacters. In multiline mode, ^ disables
3323 the setting of any following char as a first character. */
3324
3325 case CHAR_CIRCUMFLEX_ACCENT:
3326 previous = NULL;
3327 if ((options & PCRE_MULTILINE) != 0)
3328 {
3329 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3330 *code++ = OP_CIRCM;
3331 }
3332 else *code++ = OP_CIRC;
3333 break;
3334
3335 case CHAR_DOLLAR_SIGN:
3336 previous = NULL;
3337 *code++ = ((options & PCRE_MULTILINE) != 0)? OP_DOLLM : OP_DOLL;
3338 break;
3339
3340 /* There can never be a first char if '.' is first, whatever happens about
3341 repeats. The value of reqbyte doesn't change either. */
3342
3343 case CHAR_DOT:
3344 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3345 zerofirstbyte = firstbyte;
3346 zeroreqbyte = reqbyte;
3347 previous = code;
3348 *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
3349 break;
3350
3351
3352 /* ===================================================================*/
3353 /* Character classes. If the included characters are all < 256, we build a
3354 32-byte bitmap of the permitted characters, except in the special case
3355 where there is only one such character. For negated classes, we build the
3356 map as usual, then invert it at the end. However, we use a different opcode
3357 so that data characters > 255 can be handled correctly.
3358
3359 If the class contains characters outside the 0-255 range, a different
3360 opcode is compiled. It may optionally have a bit map for characters < 256,
3361 but those above are are explicitly listed afterwards. A flag byte tells
3362 whether the bitmap is present, and whether this is a negated class or not.
3363
3364 In JavaScript compatibility mode, an isolated ']' causes an error. In
3365 default (Perl) mode, it is treated as a data character. */
3366
3367 case CHAR_RIGHT_SQUARE_BRACKET:
3368 if ((cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3369 {
3370 *errorcodeptr = ERR64;
3371 goto FAILED;
3372 }
3373 goto NORMAL_CHAR;
3374
3375 case CHAR_LEFT_SQUARE_BRACKET:
3376 previous = code;
3377
3378 /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
3379 they are encountered at the top level, so we'll do that too. */
3380
3381 if ((ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3382 ptr[1] == CHAR_EQUALS_SIGN) &&
3383 check_posix_syntax(ptr, &tempptr))
3384 {
3385 *errorcodeptr = (ptr[1] == CHAR_COLON)? ERR13 : ERR31;
3386 goto FAILED;
3387 }
3388
3389 /* If the first character is '^', set the negation flag and skip it. Also,
3390 if the first few characters (either before or after ^) are \Q\E or \E we
3391 skip them too. This makes for compatibility with Perl. */
3392
3393 negate_class = FALSE;
3394 for (;;)
3395 {
3396 c = *(++ptr);
3397 if (c == CHAR_BACKSLASH)
3398 {
3399 if (ptr[1] == CHAR_E)
3400 ptr++;
3401 else if (strncmp((const char *)ptr+1,
3402 STR_Q STR_BACKSLASH STR_E, 3) == 0)
3403 ptr += 3;
3404 else
3405 break;
3406 }
3407 else if (!negate_class && c == CHAR_CIRCUMFLEX_ACCENT)
3408 negate_class = TRUE;
3409 else break;
3410 }
3411
3412 /* Empty classes are allowed in JavaScript compatibility mode. Otherwise,
3413 an initial ']' is taken as a data character -- the code below handles
3414 that. In JS mode, [] must always fail, so generate OP_FAIL, whereas
3415 [^] must match any character, so generate OP_ALLANY. */
3416
3417 if (c == CHAR_RIGHT_SQUARE_BRACKET &&
3418 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3419 {
3420 *code++ = negate_class? OP_ALLANY : OP_FAIL;
3421 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3422 zerofirstbyte = firstbyte;
3423 break;
3424 }
3425
3426 /* If a class contains a negative special such as \S, we need to flip the
3427 negation flag at the end, so that support for characters > 255 works
3428 correctly (they are all included in the class). */
3429
3430 should_flip_negation = FALSE;
3431
3432 /* Keep a count of chars with values < 256 so that we can optimize the case
3433 of just a single character (as long as it's < 256). However, For higher
3434 valued UTF-8 characters, we don't yet do any optimization. */
3435
3436 class_charcount = 0;
3437 class_lastchar = -1;
3438
3439 /* Initialize the 32-char bit map to all zeros. We build the map in a
3440 temporary bit of memory, in case the class contains only 1 character (less
3441 than 256), because in that case the compiled code doesn't use the bit map.
3442 */
3443
3444 memset(classbits, 0, 32 * sizeof(uschar));
3445
3446 #ifdef SUPPORT_UTF8
3447 class_utf8 = FALSE; /* No chars >= 256 */
3448 class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
3449 class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
3450 #endif
3451
3452 /* Process characters until ] is reached. By writing this as a "do" it
3453 means that an initial ] is taken as a data character. At the start of the
3454 loop, c contains the first byte of the character. */
3455
3456 if (c != 0) do
3457 {
3458 const uschar *oldptr;
3459
3460 #ifdef SUPPORT_UTF8
3461 if (utf8 && c > 127)
3462 { /* Braces are required because the */
3463 GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
3464 }
3465
3466 /* In the pre-compile phase, accumulate the length of any UTF-8 extra
3467 data and reset the pointer. This is so that very large classes that
3468 contain a zillion UTF-8 characters no longer overwrite the work space
3469 (which is on the stack). */
3470
3471 if (lengthptr != NULL)
3472 {
3473 *lengthptr += class_utf8data - class_utf8data_base;
3474 class_utf8data = class_utf8data_base;
3475 }
3476
3477 #endif
3478
3479 /* Inside \Q...\E everything is literal except \E */
3480
3481 if (inescq)
3482 {
3483 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E) /* If we are at \E */
3484 {
3485 inescq = FALSE; /* Reset literal state */
3486 ptr++; /* Skip the 'E' */
3487 continue; /* Carry on with next */
3488 }
3489 goto CHECK_RANGE; /* Could be range if \E follows */
3490 }
3491
3492 /* Handle POSIX class names. Perl allows a negation extension of the
3493 form [:^name:]. A square bracket that doesn't match the syntax is
3494 treated as a literal. We also recognize the POSIX constructions
3495 [.ch.] and [=ch=] ("collating elements") and fault them, as Perl
3496 5.6 and 5.8 do. */
3497
3498 if (c == CHAR_LEFT_SQUARE_BRACKET &&
3499 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3500 ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &tempptr))
3501 {
3502 BOOL local_negate = FALSE;
3503 int posix_class, taboffset, tabopt;
3504 register const uschar *cbits = cd->cbits;
3505 uschar pbits[32];
3506
3507 if (ptr[1] != CHAR_COLON)
3508 {
3509 *errorcodeptr = ERR31;
3510 goto FAILED;
3511 }
3512
3513 ptr += 2;
3514 if (*ptr == CHAR_CIRCUMFLEX_ACCENT)
3515 {
3516 local_negate = TRUE;
3517 should_flip_negation = TRUE; /* Note negative special */
3518 ptr++;
3519 }
3520
3521 posix_class = check_posix_name(ptr, (int)(tempptr - ptr));
3522 if (posix_class < 0)
3523 {
3524 *errorcodeptr = ERR30;
3525 goto FAILED;
3526 }
3527
3528 /* If matching is caseless, upper and lower are converted to
3529 alpha. This relies on the fact that the class table starts with
3530 alpha, lower, upper as the first 3 entries. */
3531
3532 if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)
3533 posix_class = 0;
3534
3535 /* When PCRE_UCP is set, some of the POSIX classes are converted to
3536 different escape sequences that use Unicode properties. */
3537
3538 #ifdef SUPPORT_UCP
3539 if ((options & PCRE_UCP) != 0)
3540 {
3541 int pc = posix_class + ((local_negate)? POSIX_SUBSIZE/2 : 0);
3542 if (posix_substitutes[pc] != NULL)
3543 {
3544 nestptr = tempptr + 1;
3545 ptr = posix_substitutes[pc] - 1;
3546 continue;
3547 }
3548 }
3549 #endif
3550 /* In the non-UCP case, we build the bit map for the POSIX class in a
3551 chunk of local store because we may be adding and subtracting from it,
3552 and we don't want to subtract bits that may be in the main map already.
3553 At the end we or the result into the bit map that is being built. */
3554
3555 posix_class *= 3;
3556
3557 /* Copy in the first table (always present) */
3558
3559 memcpy(pbits, cbits + posix_class_maps[posix_class],
3560 32 * sizeof(uschar));
3561
3562 /* If there is a second table, add or remove it as required. */
3563
3564 taboffset = posix_class_maps[posix_class + 1];
3565 tabopt = posix_class_maps[posix_class + 2];
3566
3567 if (taboffset >= 0)
3568 {
3569 if (tabopt >= 0)
3570 for (c = 0; c < 32; c++) pbits[c] |= cbits[c + taboffset];
3571 else
3572 for (c = 0; c < 32; c++) pbits[c] &= ~cbits[c + taboffset];
3573 }
3574
3575 /* Not see if we need to remove any special characters. An option
3576 value of 1 removes vertical space and 2 removes underscore. */
3577
3578 if (tabopt < 0) tabopt = -tabopt;
3579 if (tabopt == 1) pbits[1] &= ~0x3c;
3580 else if (tabopt == 2) pbits[11] &= 0x7f;
3581
3582 /* Add the POSIX table or its complement into the main table that is
3583 being built and we are done. */
3584
3585 if (local_negate)
3586 for (c = 0; c < 32; c++) classbits[c] |= ~pbits[c];
3587 else
3588 for (c = 0; c < 32; c++) classbits[c] |= pbits[c];
3589
3590 ptr = tempptr + 1;
3591 class_charcount = 10; /* Set > 1; assumes more than 1 per class */
3592 continue; /* End of POSIX syntax handling */
3593 }
3594
3595 /* Backslash may introduce a single character, or it may introduce one
3596 of the specials, which just set a flag. The sequence \b is a special
3597 case. Inside a class (and only there) it is treated as backspace. We
3598 assume that other escapes have more than one character in them, so set
3599 class_charcount bigger than one. Unrecognized escapes fall through and
3600 are either treated as literal characters (by default), or are faulted if
3601 PCRE_EXTRA is set. */
3602
3603 if (c == CHAR_BACKSLASH)
3604 {
3605 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
3606 if (*errorcodeptr != 0) goto FAILED;
3607
3608 if (-c == ESC_b) c = CHAR_BS; /* \b is backspace in a class */
3609 else if (-c == ESC_Q) /* Handle start of quoted string */
3610 {
3611 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
3612 {
3613 ptr += 2; /* avoid empty string */
3614 }
3615 else inescq = TRUE;
3616 continue;
3617 }
3618 else if (-c == ESC_E) continue; /* Ignore orphan \E */
3619
3620 if (c < 0)
3621 {
3622 register const uschar *cbits = cd->cbits;
3623 class_charcount += 2; /* Greater than 1 is what matters */
3624
3625 switch (-c)
3626 {
3627 #ifdef SUPPORT_UCP
3628 case ESC_du: /* These are the values given for \d etc */
3629 case ESC_DU: /* when PCRE_UCP is set. We replace the */
3630 case ESC_wu: /* escape sequence with an appropriate \p */
3631 case ESC_WU: /* or \P to test Unicode properties instead */
3632 case ESC_su: /* of the default ASCII testing. */
3633 case ESC_SU:
3634 nestptr = ptr;
3635 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
3636 class_charcount -= 2; /* Undo! */
3637 continue;
3638 #endif
3639 case ESC_d:
3640 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
3641 continue;
3642
3643 case ESC_D:
3644 should_flip_negation = TRUE;
3645 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];
3646 continue;
3647
3648 case ESC_w:
3649 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_word];
3650 continue;
3651
3652 case ESC_W:
3653 should_flip_negation = TRUE;
3654 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];
3655 continue;
3656
3657 /* Perl 5.004 onwards omits VT from \s, but we must preserve it
3658 if it was previously set by something earlier in the character
3659 class. */
3660
3661 case ESC_s:
3662 classbits[0] |= cbits[cbit_space];
3663 classbits[1] |= cbits[cbit_space+1] & ~0x08;
3664 for (c = 2; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
3665 continue;
3666
3667 case ESC_S:
3668 should_flip_negation = TRUE;
3669 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];
3670 classbits[1] |= 0x08; /* Perl 5.004 onwards omits VT from \s */
3671 continue;
3672
3673 case ESC_h:
3674 SETBIT(classbits, 0x09); /* VT */
3675 SETBIT(classbits, 0x20); /* SPACE */
3676 SETBIT(classbits, 0xa0); /* NSBP */
3677 #ifdef SUPPORT_UTF8
3678 if (utf8)
3679 {
3680 class_utf8 = TRUE;
3681 *class_utf8data++ = XCL_SINGLE;
3682 class_utf8data += _pcre_ord2utf8(0x1680, class_utf8data);
3683 *class_utf8data++ = XCL_SINGLE;
3684 class_utf8data += _pcre_ord2utf8(0x180e, class_utf8data);
3685 *class_utf8data++ = XCL_RANGE;
3686 class_utf8data += _pcre_ord2utf8(0x2000, class_utf8data);
3687 class_utf8data += _pcre_ord2utf8(0x200A, class_utf8data);
3688 *class_utf8data++ = XCL_SINGLE;
3689 class_utf8data += _pcre_ord2utf8(0x202f, class_utf8data);
3690 *class_utf8data++ = XCL_SINGLE;
3691 class_utf8data += _pcre_ord2utf8(0x205f, class_utf8data);
3692 *class_utf8data++ = XCL_SINGLE;
3693 class_utf8data += _pcre_ord2utf8(0x3000, class_utf8data);
3694 }
3695 #endif
3696 continue;
3697
3698 case ESC_H:
3699 for (c = 0; c < 32; c++)
3700 {
3701 int x = 0xff;
3702 switch (c)
3703 {
3704 case 0x09/8: x ^= 1 << (0x09%8); break;
3705 case 0x20/8: x ^= 1 << (0x20%8); break;
3706 case 0xa0/8: x ^= 1 << (0xa0%8); break;
3707 default: break;
3708 }
3709 classbits[c] |= x;
3710 }
3711
3712 #ifdef SUPPORT_UTF8
3713 if (utf8)
3714 {
3715 class_utf8 = TRUE;
3716 *class_utf8data++ = XCL_RANGE;
3717 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3718 class_utf8data += _pcre_ord2utf8(0x167f, class_utf8data);
3719 *class_utf8data++ = XCL_RANGE;
3720 class_utf8data += _pcre_ord2utf8(0x1681, class_utf8data);
3721 class_utf8data += _pcre_ord2utf8(0x180d, class_utf8data);
3722 *class_utf8data++ = XCL_RANGE;
3723 class_utf8data += _pcre_ord2utf8(0x180f, class_utf8data);
3724 class_utf8data += _pcre_ord2utf8(0x1fff, class_utf8data);
3725 *class_utf8data++ = XCL_RANGE;
3726 class_utf8data += _pcre_ord2utf8(0x200B, class_utf8data);
3727 class_utf8data += _pcre_ord2utf8(0x202e, class_utf8data);
3728 *class_utf8data++ = XCL_RANGE;
3729 class_utf8data += _pcre_ord2utf8(0x2030, class_utf8data);
3730 class_utf8data += _pcre_ord2utf8(0x205e, class_utf8data);
3731 *class_utf8data++ = XCL_RANGE;
3732 class_utf8data += _pcre_ord2utf8(0x2060, class_utf8data);
3733 class_utf8data += _pcre_ord2utf8(0x2fff, class_utf8data);
3734 *class_utf8data++ = XCL_RANGE;
3735 class_utf8data += _pcre_ord2utf8(0x3001, class_utf8data);
3736 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3737 }
3738 #endif
3739 continue;
3740
3741 case ESC_v:
3742 SETBIT(classbits, 0x0a); /* LF */
3743 SETBIT(classbits, 0x0b); /* VT */
3744 SETBIT(classbits, 0x0c); /* FF */
3745 SETBIT(classbits, 0x0d); /* CR */
3746 SETBIT(classbits, 0x85); /* NEL */
3747 #ifdef SUPPORT_UTF8
3748 if (utf8)
3749 {
3750 class_utf8 = TRUE;
3751 *class_utf8data++ = XCL_RANGE;
3752 class_utf8data += _pcre_ord2utf8(0x2028, class_utf8data);
3753 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3754 }
3755 #endif
3756 continue;
3757
3758 case ESC_V:
3759 for (c = 0; c < 32; c++)
3760 {
3761 int x = 0xff;
3762 switch (c)
3763 {
3764 case 0x0a/8: x ^= 1 << (0x0a%8);
3765 x ^= 1 << (0x0b%8);
3766 x ^= 1 << (0x0c%8);
3767 x ^= 1 << (0x0d%8);
3768 break;
3769 case 0x85/8: x ^= 1 << (0x85%8); break;
3770 default: break;
3771 }
3772 classbits[c] |= x;
3773 }
3774
3775 #ifdef SUPPORT_UTF8
3776 if (utf8)
3777 {
3778 class_utf8 = TRUE;
3779 *class_utf8data++ = XCL_RANGE;
3780 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3781 class_utf8data += _pcre_ord2utf8(0x2027, class_utf8data);
3782 *class_utf8data++ = XCL_RANGE;
3783 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3784 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3785 }
3786 #endif
3787 continue;
3788
3789 #ifdef SUPPORT_UCP
3790 case ESC_p:
3791 case ESC_P:
3792 {
3793 BOOL negated;
3794 int pdata;
3795 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
3796 if (ptype < 0) goto FAILED;
3797 class_utf8 = TRUE;
3798 *class_utf8data++ = ((-c == ESC_p) != negated)?
3799 XCL_PROP : XCL_NOTPROP;
3800 *class_utf8data++ = ptype;
3801 *class_utf8data++ = pdata;
3802 class_charcount -= 2; /* Not a < 256 character */
3803 continue;
3804 }
3805 #endif
3806 /* Unrecognized escapes are faulted if PCRE is running in its
3807 strict mode. By default, for compatibility with Perl, they are
3808 treated as literals. */
3809
3810 default:
3811 if ((options & PCRE_EXTRA) != 0)
3812 {
3813 *errorcodeptr = ERR7;
3814 goto FAILED;
3815 }
3816 class_charcount -= 2; /* Undo the default count from above */
3817 c = *ptr; /* Get the final character and fall through */
3818 break;
3819 }
3820 }
3821
3822 /* Fall through if we have a single character (c >= 0). This may be
3823 greater than 256 in UTF-8 mode. */
3824
3825 } /* End of backslash handling */
3826
3827 /* A single character may be followed by '-' to form a range. However,
3828 Perl does not permit ']' to be the end of the range. A '-' character
3829 at the end is treated as a literal. Perl ignores orphaned \E sequences
3830 entirely. The code for handling \Q and \E is messy. */
3831
3832 CHECK_RANGE:
3833 while (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
3834 {
3835 inescq = FALSE;
3836 ptr += 2;
3837 }
3838
3839 oldptr = ptr;
3840
3841 /* Remember \r or \n */
3842
3843 if (c == CHAR_CR || c == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
3844
3845 /* Check for range */
3846
3847 if (!inescq && ptr[1] == CHAR_MINUS)
3848 {
3849 int d;
3850 ptr += 2;
3851 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E) ptr += 2;
3852
3853 /* If we hit \Q (not followed by \E) at this point, go into escaped
3854 mode. */
3855
3856 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
3857 {
3858 ptr += 2;
3859 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3860 { ptr += 2; continue; }
3861 inescq = TRUE;
3862 break;
3863 }
3864
3865 if (*ptr == 0 || (!inescq && *ptr == CHAR_RIGHT_SQUARE_BRACKET))
3866 {
3867 ptr = oldptr;
3868 goto LONE_SINGLE_CHARACTER;
3869 }
3870
3871 #ifdef SUPPORT_UTF8
3872 if (utf8)
3873 { /* Braces are required because the */
3874 GETCHARLEN(d, ptr, ptr); /* macro generates multiple statements */
3875 }
3876 else
3877 #endif
3878 d = *ptr; /* Not UTF-8 mode */
3879
3880 /* The second part of a range can be a single-character escape, but
3881 not any of the other escapes. Perl 5.6 treats a hyphen as a literal
3882 in such circumstances. */
3883
3884 if (!inescq && d == CHAR_BACKSLASH)
3885 {
3886 d = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
3887 if (*errorcodeptr != 0) goto FAILED;
3888
3889 /* \b is backspace; any other special means the '-' was literal */
3890
3891 if (d < 0)
3892 {
3893 if (d == -ESC_b) d = CHAR_BS; else
3894 {
3895 ptr = oldptr;
3896 goto LONE_SINGLE_CHARACTER; /* A few lines below */
3897 }
3898 }
3899 }
3900
3901 /* Check that the two values are in the correct order. Optimize
3902 one-character ranges */
3903
3904 if (d < c)
3905 {
3906 *errorcodeptr = ERR8;
3907 goto FAILED;
3908 }
3909
3910 if (d == c) goto LONE_SINGLE_CHARACTER; /* A few lines below */
3911
3912 /* Remember \r or \n */
3913
3914 if (d == CHAR_CR || d == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
3915
3916 /* In UTF-8 mode, if the upper limit is > 255, or > 127 for caseless
3917 matching, we have to use an XCLASS with extra data items. Caseless
3918 matching for characters > 127 is available only if UCP support is
3919 available. */
3920
3921 #ifdef SUPPORT_UTF8
3922 if (utf8 && (d > 255 || ((options & PCRE_CASELESS) != 0 && d > 127)))
3923 {
3924 class_utf8 = TRUE;
3925
3926 /* With UCP support, we can find the other case equivalents of
3927 the relevant characters. There may be several ranges. Optimize how
3928 they fit with the basic range. */
3929
3930 #ifdef SUPPORT_UCP
3931 if ((options & PCRE_CASELESS) != 0)
3932 {
3933 unsigned int occ, ocd;
3934 unsigned int cc = c;
3935 unsigned int origd = d;
3936 while (get_othercase_range(&cc, origd, &occ, &ocd))
3937 {
3938 if (occ >= (unsigned int)c &&
3939 ocd <= (unsigned int)d)
3940 continue; /* Skip embedded ranges */
3941
3942 if (occ < (unsigned int)c &&
3943 ocd >= (unsigned int)c - 1) /* Extend the basic range */
3944 { /* if there is overlap, */
3945 c = occ; /* noting that if occ < c */
3946 continue; /* we can't have ocd > d */
3947 } /* because a subrange is */
3948 if (ocd > (unsigned int)d &&
3949 occ <= (unsigned int)d + 1) /* always shorter than */
3950 { /* the basic range. */
3951 d = ocd;
3952 continue;
3953 }
3954
3955 if (occ == ocd)
3956 {
3957 *class_utf8data++ = XCL_SINGLE;
3958 }
3959 else
3960 {
3961 *class_utf8data++ = XCL_RANGE;
3962 class_utf8data += _pcre_ord2utf8(occ, class_utf8data);
3963 }
3964 class_utf8data += _pcre_ord2utf8(ocd, class_utf8data);
3965 }
3966 }
3967 #endif /* SUPPORT_UCP */
3968
3969 /* Now record the original range, possibly modified for UCP caseless
3970 overlapping ranges. */
3971
3972 *class_utf8data++ = XCL_RANGE;
3973 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
3974 class_utf8data += _pcre_ord2utf8(d, class_utf8data);
3975
3976 /* With UCP support, we are done. Without UCP support, there is no
3977 caseless matching for UTF-8 characters > 127; we can use the bit map
3978 for the smaller ones. */
3979
3980 #ifdef SUPPORT_UCP
3981 continue; /* With next character in the class */
3982 #else
3983 if ((options & PCRE_CASELESS) == 0 || c > 127) continue;
3984
3985 /* Adjust upper limit and fall through to set up the map */
3986
3987 d = 127;
3988
3989 #endif /* SUPPORT_UCP */
3990 }
3991 #endif /* SUPPORT_UTF8 */
3992
3993 /* We use the bit map for all cases when not in UTF-8 mode; else
3994 ranges that lie entirely within 0-127 when there is UCP support; else
3995 for partial ranges without UCP support. */
3996
3997 class_charcount += d - c + 1;
3998 class_lastchar = d;
3999
4000 /* We can save a bit of time by skipping this in the pre-compile. */
4001
4002 if (lengthptr == NULL) for (; c <= d; c++)
4003 {
4004 classbits[c/8] |= (1 << (c&7));
4005 if ((options & PCRE_CASELESS) != 0)
4006 {
4007 int uc = cd->fcc[c]; /* flip case */
4008 classbits[uc/8] |= (1 << (uc&7));
4009 }
4010 }
4011
4012 continue; /* Go get the next char in the class */
4013 }
4014
4015 /* Handle a lone single character - we can get here for a normal
4016 non-escape char, or after \ that introduces a single character or for an
4017 apparent range that isn't. */
4018
4019 LONE_SINGLE_CHARACTER:
4020
4021 /* Handle a character that cannot go in the bit map */
4022
4023 #ifdef SUPPORT_UTF8
4024 if (utf8 && (c > 255 || ((options & PCRE_CASELESS) != 0 && c > 127)))
4025 {
4026 class_utf8 = TRUE;
4027 *class_utf8data++ = XCL_SINGLE;
4028 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
4029
4030 #ifdef SUPPORT_UCP
4031 if ((options & PCRE_CASELESS) != 0)
4032 {
4033 unsigned int othercase;
4034 if ((othercase = UCD_OTHERCASE(c)) != c)
4035 {
4036 *class_utf8data++ = XCL_SINGLE;
4037 class_utf8data += _pcre_ord2utf8(othercase, class_utf8data);
4038 }
4039 }
4040 #endif /* SUPPORT_UCP */
4041
4042 }
4043 else
4044 #endif /* SUPPORT_UTF8 */
4045
4046 /* Handle a single-byte character */
4047 {
4048 classbits[c/8] |= (1 << (c&7));
4049 if ((options & PCRE_CASELESS) != 0)
4050 {
4051 c = cd->fcc[c]; /* flip case */
4052 classbits[c/8] |= (1 << (c&7));
4053 }
4054 class_charcount++;
4055 class_lastchar = c;
4056 }
4057 }
4058
4059 /* Loop until ']' reached. This "while" is the end of the "do" far above.
4060 If we are at the end of an internal nested string, revert to the outer
4061 string. */
4062
4063 while (((c = *(++ptr)) != 0 ||
4064 (nestptr != NULL &&
4065 (ptr = nestptr, nestptr = NULL, c = *(++ptr)) != 0)) &&
4066 (c != CHAR_RIGHT_SQUARE_BRACKET || inescq));
4067
4068 /* Check for missing terminating ']' */
4069
4070 if (c == 0)
4071 {
4072 *errorcodeptr = ERR6;
4073 goto FAILED;
4074 }
4075
4076 /* If class_charcount is 1, we saw precisely one character whose value is
4077 less than 256. As long as there were no characters >= 128 and there was no
4078 use of \p or \P, in other words, no use of any XCLASS features, we can
4079 optimize.
4080
4081 In UTF-8 mode, we can optimize the negative case only if there were no
4082 characters >= 128 because OP_NOT and the related opcodes like OP_NOTSTAR
4083 operate on single-bytes characters only. This is an historical hangover.
4084 Maybe one day we can tidy these opcodes to handle multi-byte characters.
4085
4086 The optimization throws away the bit map. We turn the item into a
4087 1-character OP_CHAR[I] if it's positive, or OP_NOT[I] if it's negative.
4088 Note that OP_NOT[I] does not support multibyte characters. In the positive
4089 case, it can cause firstbyte to be set. Otherwise, there can be no first
4090 char if this item is first, whatever repeat count may follow. In the case
4091 of reqbyte, save the previous value for reinstating. */
4092
4093 #ifdef SUPPORT_UTF8
4094 if (class_charcount == 1 && !class_utf8 &&
4095 (!utf8 || !negate_class || class_lastchar < 128))
4096 #else
4097 if (class_charcount == 1)
4098 #endif
4099 {
4100 zeroreqbyte = reqbyte;
4101
4102 /* The OP_NOT[I] opcodes work on one-byte characters only. */
4103
4104 if (negate_class)
4105 {
4106 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4107 zerofirstbyte = firstbyte;
4108 *code++ = ((options & PCRE_CASELESS) != 0)? OP_NOTI: OP_NOT;
4109 *code++ = class_lastchar;
4110 break;
4111 }
4112
4113 /* For a single, positive character, get the value into mcbuffer, and
4114 then we can handle this with the normal one-character code. */
4115
4116 #ifdef SUPPORT_UTF8
4117 if (utf8 && class_lastchar > 127)
4118 mclength = _pcre_ord2utf8(class_lastchar, mcbuffer);
4119 else
4120 #endif
4121 {
4122 mcbuffer[0] = class_lastchar;
4123 mclength = 1;
4124 }
4125 goto ONE_CHAR;
4126 } /* End of 1-char optimization */
4127
4128 /* The general case - not the one-char optimization. If this is the first
4129 thing in the branch, there can be no first char setting, whatever the
4130 repeat count. Any reqbyte setting must remain unchanged after any kind of
4131 repeat. */
4132
4133 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4134 zerofirstbyte = firstbyte;
4135 zeroreqbyte = reqbyte;
4136
4137 /* If there are characters with values > 255, we have to compile an
4138 extended class, with its own opcode, unless there was a negated special
4139 such as \S in the class, and PCRE_UCP is not set, because in that case all
4140 characters > 255 are in the class, so any that were explicitly given as
4141 well can be ignored. If (when there are explicit characters > 255 that must
4142 be listed) there are no characters < 256, we can omit the bitmap in the
4143 actual compiled code. */
4144
4145 #ifdef SUPPORT_UTF8
4146 if (class_utf8 && (!should_flip_negation || (options & PCRE_UCP) != 0))
4147 {
4148 *class_utf8data++ = XCL_END; /* Marks the end of extra data */
4149 *code++ = OP_XCLASS;
4150 code += LINK_SIZE;
4151 *code = negate_class? XCL_NOT : 0;
4152
4153 /* If the map is required, move up the extra data to make room for it;
4154 otherwise just move the code pointer to the end of the extra data. */
4155
4156 if (class_charcount > 0)
4157 {
4158 *code++ |= XCL_MAP;
4159 memmove(code + 32, code, class_utf8data - code);
4160 memcpy(code, classbits, 32);
4161 code = class_utf8data + 32;
4162 }
4163 else code = class_utf8data;
4164
4165 /* Now fill in the complete length of the item */
4166
4167 PUT(previous, 1, code - previous);
4168 break; /* End of class handling */
4169 }
4170 #endif
4171
4172 /* If there are no characters > 255, or they are all to be included or
4173 excluded, set the opcode to OP_CLASS or OP_NCLASS, depending on whether the
4174 whole class was negated and whether there were negative specials such as \S
4175 (non-UCP) in the class. Then copy the 32-byte map into the code vector,
4176 negating it if necessary. */
4177
4178 *code++ = (negate_class == should_flip_negation) ? OP_CLASS : OP_NCLASS;
4179 if (negate_class)
4180 {
4181 if (lengthptr == NULL) /* Save time in the pre-compile phase */
4182 for (c = 0; c < 32; c++) code[c] = ~classbits[c];
4183 }
4184 else
4185 {
4186 memcpy(code, classbits, 32);
4187 }
4188 code += 32;
4189 break;
4190
4191
4192 /* ===================================================================*/
4193 /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
4194 has been tested above. */
4195
4196 case CHAR_LEFT_CURLY_BRACKET:
4197 if (!is_quantifier) goto NORMAL_CHAR;
4198 ptr = read_repeat_counts(ptr+1, &repeat_min, &repeat_max, errorcodeptr);
4199 if (*errorcodeptr != 0) goto FAILED;
4200 goto REPEAT;
4201
4202 case CHAR_ASTERISK:
4203 repeat_min = 0;
4204 repeat_max = -1;
4205 goto REPEAT;
4206
4207 case CHAR_PLUS:
4208 repeat_min = 1;
4209 repeat_max = -1;
4210 goto REPEAT;
4211
4212 case CHAR_QUESTION_MARK:
4213 repeat_min = 0;
4214 repeat_max = 1;
4215
4216 REPEAT:
4217 if (previous == NULL)
4218 {
4219 *errorcodeptr = ERR9;
4220 goto FAILED;
4221 }
4222
4223 if (repeat_min == 0)
4224 {
4225 firstbyte = zerofirstbyte; /* Adjust for zero repeat */
4226 reqbyte = zeroreqbyte; /* Ditto */
4227 }
4228
4229 /* Remember whether this is a variable length repeat */
4230
4231 reqvary = (repeat_min == repeat_max)? 0 : REQ_VARY;
4232
4233 op_type = 0; /* Default single-char op codes */
4234 possessive_quantifier = FALSE; /* Default not possessive quantifier */
4235
4236 /* Save start of previous item, in case we have to move it up in order to
4237 insert something before it. */
4238
4239 tempcode = previous;
4240
4241 /* If the next character is '+', we have a possessive quantifier. This
4242 implies greediness, whatever the setting of the PCRE_UNGREEDY option.
4243 If the next character is '?' this is a minimizing repeat, by default,
4244 but if PCRE_UNGREEDY is set, it works the other way round. We change the
4245 repeat type to the non-default. */
4246
4247 if (ptr[1] == CHAR_PLUS)
4248 {
4249 repeat_type = 0; /* Force greedy */
4250 possessive_quantifier = TRUE;
4251 ptr++;
4252 }
4253 else if (ptr[1] == CHAR_QUESTION_MARK)
4254 {
4255 repeat_type = greedy_non_default;
4256 ptr++;
4257 }
4258 else repeat_type = greedy_default;
4259
4260 /* If previous was a recursion call, wrap it in atomic brackets so that
4261 previous becomes the atomic group. All recursions were so wrapped in the
4262 past, but it no longer happens for non-repeated recursions. In fact, the
4263 repeated ones could be re-implemented independently so as not to need this,
4264 but for the moment we rely on the code for repeating groups. */
4265
4266 if (*previous == OP_RECURSE)
4267 {
4268 memmove(previous + 1 + LINK_SIZE, previous, 1 + LINK_SIZE);
4269 *previous = OP_ONCE;
4270 PUT(previous, 1, 2 + 2*LINK_SIZE);
4271 previous[2 + 2*LINK_SIZE] = OP_KET;
4272 PUT(previous, 3 + 2*LINK_SIZE, 2 + 2*LINK_SIZE);
4273 code += 2 + 2 * LINK_SIZE;
4274 length_prevgroup = 3 + 3*LINK_SIZE;
4275
4276 /* When actually compiling, we need to check whether this was a forward
4277 reference, and if so, adjust the offset. */
4278
4279 if (lengthptr == NULL && cd->hwm >= cd->start_workspace + LINK_SIZE)
4280 {
4281 int offset = GET(cd->hwm, -LINK_SIZE);
4282 if (offset == previous + 1 - cd->start_code)
4283 PUT(cd->hwm, -LINK_SIZE, offset + 1 + LINK_SIZE);
4284 }
4285 }
4286
4287 /* Now handle repetition for the different types of item. */
4288
4289 /* If previous was a character match, abolish the item and generate a
4290 repeat item instead. If a char item has a minumum of more than one, ensure
4291 that it is set in reqbyte - it might not be if a sequence such as x{3} is
4292 the first thing in a branch because the x will have gone into firstbyte
4293 instead. */
4294
4295 if (*previous == OP_CHAR || *previous == OP_CHARI)
4296 {
4297 op_type = (*previous == OP_CHAR)? 0 : OP_STARI - OP_STAR;
4298
4299 /* Deal with UTF-8 characters that take up more than one byte. It's
4300 easier to write this out separately than try to macrify it. Use c to
4301 hold the length of the character in bytes, plus 0x80 to flag that it's a
4302 length rather than a small character. */
4303
4304 #ifdef SUPPORT_UTF8
4305 if (utf8 && (code[-1] & 0x80) != 0)
4306 {
4307 uschar *lastchar = code - 1;
4308 while((*lastchar & 0xc0) == 0x80) lastchar--;
4309 c = code - lastchar; /* Length of UTF-8 character */
4310 memcpy(utf8_char, lastchar, c); /* Save the char */
4311 c |= 0x80; /* Flag c as a length */
4312 }
4313 else
4314 #endif
4315
4316 /* Handle the case of a single byte - either with no UTF8 support, or
4317 with UTF-8 disabled, or for a UTF-8 character < 128. */
4318
4319 {
4320 c = code[-1];
4321 if (repeat_min > 1) reqbyte = c | req_caseopt | cd->req_varyopt;
4322 }
4323
4324 /* If the repetition is unlimited, it pays to see if the next thing on
4325 the line is something that cannot possibly match this character. If so,
4326 automatically possessifying this item gains some performance in the case
4327 where the match fails. */
4328
4329 if (!possessive_quantifier &&
4330 repeat_max < 0 &&
4331 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4332 {
4333 repeat_type = 0; /* Force greedy */
4334 possessive_quantifier = TRUE;
4335 }
4336
4337 goto OUTPUT_SINGLE_REPEAT; /* Code shared with single character types */
4338 }
4339
4340 /* If previous was a single negated character ([^a] or similar), we use
4341 one of the special opcodes, replacing it. The code is shared with single-
4342 character repeats by setting opt_type to add a suitable offset into
4343 repeat_type. We can also test for auto-possessification. OP_NOT and OP_NOTI
4344 are currently used only for single-byte chars. */
4345
4346 else if (*previous == OP_NOT || *previous == OP_NOTI)
4347 {
4348 op_type = ((*previous == OP_NOT)? OP_NOTSTAR : OP_NOTSTARI) - OP_STAR;
4349 c = previous[1];
4350 if (!possessive_quantifier &&
4351 repeat_max < 0 &&
4352 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4353 {
4354 repeat_type = 0; /* Force greedy */
4355 possessive_quantifier = TRUE;
4356 }
4357 goto OUTPUT_SINGLE_REPEAT;
4358 }
4359
4360 /* If previous was a character type match (\d or similar), abolish it and
4361 create a suitable repeat item. The code is shared with single-character
4362 repeats by setting op_type to add a suitable offset into repeat_type. Note
4363 the the Unicode property types will be present only when SUPPORT_UCP is
4364 defined, but we don't wrap the little bits of code here because it just
4365 makes it horribly messy. */
4366
4367 else if (*previous < OP_EODN)
4368 {
4369 uschar *oldcode;
4370 int prop_type, prop_value;
4371 op_type = OP_TYPESTAR - OP_STAR; /* Use type opcodes */
4372 c = *previous;
4373
4374 if (!possessive_quantifier &&
4375 repeat_max < 0 &&
4376 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4377 {
4378 repeat_type = 0; /* Force greedy */
4379 possessive_quantifier = TRUE;
4380 }
4381
4382 OUTPUT_SINGLE_REPEAT:
4383 if (*previous == OP_PROP || *previous == OP_NOTPROP)
4384 {
4385 prop_type = previous[1];
4386 prop_value = previous[2];
4387 }
4388 else prop_type = prop_value = -1;
4389
4390 oldcode = code;
4391 code = previous; /* Usually overwrite previous item */
4392
4393 /* If the maximum is zero then the minimum must also be zero; Perl allows
4394 this case, so we do too - by simply omitting the item altogether. */
4395
4396 if (repeat_max == 0) goto END_REPEAT;
4397
4398 /*--------------------------------------------------------------------*/
4399 /* This code is obsolete from release 8.00; the restriction was finally
4400 removed: */
4401
4402 /* All real repeats make it impossible to handle partial matching (maybe
4403 one day we will be able to remove this restriction). */
4404
4405 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4406 /*--------------------------------------------------------------------*/
4407
4408 /* Combine the op_type with the repeat_type */
4409
4410 repeat_type += op_type;
4411
4412 /* A minimum of zero is handled either as the special case * or ?, or as
4413 an UPTO, with the maximum given. */
4414
4415 if (repeat_min == 0)
4416 {
4417 if (repeat_max == -1) *code++ = OP_STAR + repeat_type;
4418 else if (repeat_max == 1) *code++ = OP_QUERY + repeat_type;
4419 else
4420 {
4421 *code++ = OP_UPTO + repeat_type;
4422 PUT2INC(code, 0, repeat_max);
4423 }
4424 }
4425
4426 /* A repeat minimum of 1 is optimized into some special cases. If the
4427 maximum is unlimited, we use OP_PLUS. Otherwise, the original item is
4428 left in place and, if the maximum is greater than 1, we use OP_UPTO with
4429 one less than the maximum. */
4430
4431 else if (repeat_min == 1)
4432 {
4433 if (repeat_max == -1)
4434 *code++ = OP_PLUS + repeat_type;
4435 else
4436 {
4437 code = oldcode; /* leave previous item in place */
4438 if (repeat_max == 1) goto END_REPEAT;
4439 *code++ = OP_UPTO + repeat_type;
4440 PUT2INC(code, 0, repeat_max - 1);
4441 }
4442 }
4443
4444 /* The case {n,n} is just an EXACT, while the general case {n,m} is
4445 handled as an EXACT followed by an UPTO. */
4446
4447 else
4448 {
4449 *code++ = OP_EXACT + op_type; /* NB EXACT doesn't have repeat_type */
4450 PUT2INC(code, 0, repeat_min);
4451
4452 /* If the maximum is unlimited, insert an OP_STAR. Before doing so,
4453 we have to insert the character for the previous code. For a repeated
4454 Unicode property match, there are two extra bytes that define the
4455 required property. In UTF-8 mode, long characters have their length in
4456 c, with the 0x80 bit as a flag. */
4457
4458 if (repeat_max < 0)
4459 {
4460 #ifdef SUPPORT_UTF8
4461 if (utf8 && c >= 128)
4462 {
4463 memcpy(code, utf8_char, c & 7);
4464 code += c & 7;
4465 }
4466 else
4467 #endif
4468 {
4469 *code++ = c;
4470 if (prop_type >= 0)
4471 {
4472 *code++ = prop_type;
4473 *code++ = prop_value;
4474 }
4475 }
4476 *code++ = OP_STAR + repeat_type;
4477 }
4478
4479 /* Else insert an UPTO if the max is greater than the min, again
4480 preceded by the character, for the previously inserted code. If the
4481 UPTO is just for 1 instance, we can use QUERY instead. */
4482
4483 else if (repeat_max != repeat_min)
4484 {
4485 #ifdef SUPPORT_UTF8
4486 if (utf8 && c >= 128)
4487 {
4488 memcpy(code, utf8_char, c & 7);
4489 code += c & 7;
4490 }
4491 else
4492 #endif
4493 *code++ = c;
4494 if (prop_type >= 0)
4495 {
4496 *code++ = prop_type;
4497 *code++ = prop_value;
4498 }
4499 repeat_max -= repeat_min;
4500
4501 if (repeat_max == 1)
4502 {
4503 *code++ = OP_QUERY + repeat_type;
4504 }
4505 else
4506 {
4507 *code++ = OP_UPTO + repeat_type;
4508 PUT2INC(code, 0, repeat_max);
4509 }
4510 }
4511 }
4512
4513 /* The character or character type itself comes last in all cases. */
4514
4515 #ifdef SUPPORT_UTF8
4516 if (utf8 && c >= 128)
4517 {
4518 memcpy(code, utf8_char, c & 7);
4519 code += c & 7;
4520 }
4521 else
4522 #endif
4523 *code++ = c;
4524
4525 /* For a repeated Unicode property match, there are two extra bytes that
4526 define the required property. */
4527
4528 #ifdef SUPPORT_UCP
4529 if (prop_type >= 0)
4530 {
4531 *code++ = prop_type;
4532 *code++ = prop_value;
4533 }
4534 #endif
4535 }
4536
4537 /* If previous was a character class or a back reference, we put the repeat
4538 stuff after it, but just skip the item if the repeat was {0,0}. */
4539
4540 else if (*previous == OP_CLASS ||
4541 *previous == OP_NCLASS ||
4542 #ifdef SUPPORT_UTF8
4543 *previous == OP_XCLASS ||
4544 #endif
4545 *previous == OP_REF ||
4546 *previous == OP_REFI)
4547 {
4548 if (repeat_max == 0)
4549 {
4550 code = previous;
4551 goto END_REPEAT;
4552 }
4553
4554 /*--------------------------------------------------------------------*/
4555 /* This code is obsolete from release 8.00; the restriction was finally
4556 removed: */
4557
4558 /* All real repeats make it impossible to handle partial matching (maybe
4559 one day we will be able to remove this restriction). */
4560
4561 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4562 /*--------------------------------------------------------------------*/
4563
4564 if (repeat_min == 0 && repeat_max == -1)
4565 *code++ = OP_CRSTAR + repeat_type;
4566 else if (repeat_min == 1 && repeat_max == -1)
4567 *code++ = OP_CRPLUS + repeat_type;
4568 else if (repeat_min == 0 && repeat_max == 1)
4569 *code++ = OP_CRQUERY + repeat_type;
4570 else
4571 {
4572 *code++ = OP_CRRANGE + repeat_type;
4573 PUT2INC(code, 0, repeat_min);
4574 if (repeat_max == -1) repeat_max = 0; /* 2-byte encoding for max */
4575 PUT2INC(code, 0, repeat_max);
4576 }
4577 }
4578
4579 /* If previous was a bracket group, we may have to replicate it in certain
4580 cases. Note that at this point we can encounter only the "basic" bracket
4581 opcodes such as BRA and CBRA, as this is the place where they get converted
4582 into the more special varieties such as BRAPOS and SBRA. A test for >=
4583 OP_ASSERT and <= OP_COND includes ASSERT, ASSERT_NOT, ASSERTBACK,
4584 ASSERTBACK_NOT, ONCE, BRA, CBRA, and COND. Originally, PCRE did not allow
4585 repetition of assertions, but now it does, for Perl compatibility. */
4586
4587 else if (*previous >= OP_ASSERT && *previous <= OP_COND)
4588 {
4589 register int i;
4590 int len = (int)(code - previous);
4591 uschar *bralink = NULL;
4592 uschar *brazeroptr = NULL;
4593
4594 /* Repeating a DEFINE group is pointless, but Perl allows the syntax, so
4595 we just ignore the repeat. */
4596
4597 if (*previous == OP_COND && previous[LINK_SIZE+1] == OP_DEF)
4598 goto END_REPEAT;
4599
4600 /* There is no sense in actually repeating assertions. The only potential
4601 use of repetition is in cases when the assertion is optional. Therefore,
4602 if the minimum is greater than zero, just ignore the repeat. If the
4603 maximum is not not zero or one, set it to 1. */
4604
4605 if (*previous < OP_ONCE) /* Assertion */
4606 {
4607 if (repeat_min > 0) goto END_REPEAT;
4608 if (repeat_max < 0 || repeat_max > 1) repeat_max = 1;
4609 }
4610
4611 /* The case of a zero minimum is special because of the need to stick
4612 OP_BRAZERO in front of it, and because the group appears once in the
4613 data, whereas in other cases it appears the minimum number of times. For
4614 this reason, it is simplest to treat this case separately, as otherwise
4615 the code gets far too messy. There are several special subcases when the
4616 minimum is zero. */
4617
4618 if (repeat_min == 0)
4619 {
4620 /* If the maximum is also zero, we used to just omit the group from the
4621 output altogether, like this:
4622
4623 ** if (repeat_max == 0)
4624 ** {
4625 ** code = previous;
4626 ** goto END_REPEAT;
4627 ** }
4628
4629 However, that fails when a group or a subgroup within it is referenced
4630 as a subroutine from elsewhere in the pattern, so now we stick in
4631 OP_SKIPZERO in front of it so that it is skipped on execution. As we
4632 don't have a list of which groups are referenced, we cannot do this
4633 selectively.
4634
4635 If the maximum is 1 or unlimited, we just have to stick in the BRAZERO
4636 and do no more at this point. However, we do need to adjust any
4637 OP_RECURSE calls inside the group that refer to the group itself or any
4638 internal or forward referenced group, because the offset is from the
4639 start of the whole regex. Temporarily terminate the pattern while doing
4640 this. */
4641
4642 if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
4643 {
4644 *code = OP_END;
4645 adjust_recurse(previous, 1, utf8, cd, save_hwm);
4646 memmove(previous+1, previous, len);
4647 code++;
4648 if (repeat_max == 0)
4649 {
4650 *previous++ = OP_SKIPZERO;
4651 goto END_REPEAT;
4652 }
4653 brazeroptr = previous; /* Save for possessive optimizing */
4654 *previous++ = OP_BRAZERO + repeat_type;
4655 }
4656
4657 /* If the maximum is greater than 1 and limited, we have to replicate
4658 in a nested fashion, sticking OP_BRAZERO before each set of brackets.
4659 The first one has to be handled carefully because it's the original
4660 copy, which has to be moved up. The remainder can be handled by code
4661 that is common with the non-zero minimum case below. We have to
4662 adjust the value or repeat_max, since one less copy is required. Once
4663 again, we may have to adjust any OP_RECURSE calls inside the group. */
4664
4665 else
4666 {
4667 int offset;
4668 *code = OP_END;
4669 adjust_recurse(previous, 2 + LINK_SIZE, utf8, cd, save_hwm);
4670 memmove(previous + 2 + LINK_SIZE, previous, len);
4671 code += 2 + LINK_SIZE;
4672 *previous++ = OP_BRAZERO + repeat_type;
4673 *previous++ = OP_BRA;
4674
4675 /* We chain together the bracket offset fields that have to be
4676 filled in later when the ends of the brackets are reached. */
4677
4678 offset = (bralink == NULL)? 0 : (int)(previous - bralink);
4679 bralink = previous;
4680 PUTINC(previous, 0, offset);
4681 }
4682
4683 repeat_max--;
4684 }
4685
4686 /* If the minimum is greater than zero, replicate the group as many
4687 times as necessary, and adjust the maximum to the number of subsequent
4688 copies that we need. If we set a first char from the group, and didn't
4689 set a required char, copy the latter from the former. If there are any
4690 forward reference subroutine calls in the group, there will be entries on
4691 the workspace list; replicate these with an appropriate increment. */
4692
4693 else
4694 {
4695 if (repeat_min > 1)
4696 {
4697 /* In the pre-compile phase, we don't actually do the replication. We
4698 just adjust the length as if we had. Do some paranoid checks for
4699 potential integer overflow. The INT64_OR_DOUBLE type is a 64-bit
4700 integer type when available, otherwise double. */
4701
4702 if (lengthptr != NULL)
4703 {
4704 int delta = (repeat_min - 1)*length_prevgroup;
4705 if ((INT64_OR_DOUBLE)(repeat_min - 1)*
4706 (INT64_OR_DOUBLE)length_prevgroup >
4707 (INT64_OR_DOUBLE)INT_MAX ||
4708 OFLOW_MAX - *lengthptr < delta)
4709 {
4710 *errorcodeptr = ERR20;
4711 goto FAILED;
4712 }
4713 *lengthptr += delta;
4714 }
4715
4716 /* This is compiling for real */
4717
4718 else
4719 {
4720 if (groupsetfirstbyte && reqbyte < 0) reqbyte = firstbyte;
4721 for (i = 1; i < repeat_min; i++)
4722 {
4723 uschar *hc;
4724 uschar *this_hwm = cd->hwm;
4725 memcpy(code, previous, len);
4726 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4727 {
4728 PUT(cd->hwm, 0, GET(hc, 0) + len);
4729 cd->hwm += LINK_SIZE;
4730 }
4731 save_hwm = this_hwm;
4732 code += len;
4733 }
4734 }
4735 }
4736
4737 if (repeat_max > 0) repeat_max -= repeat_min;
4738 }
4739
4740 /* This code is common to both the zero and non-zero minimum cases. If
4741 the maximum is limited, it replicates the group in a nested fashion,
4742 remembering the bracket starts on a stack. In the case of a zero minimum,
4743 the first one was set up above. In all cases the repeat_max now specifies
4744 the number of additional copies needed. Again, we must remember to
4745 replicate entries on the forward reference list. */
4746
4747 if (repeat_max >= 0)
4748 {
4749 /* In the pre-compile phase, we don't actually do the replication. We
4750 just adjust the length as if we had. For each repetition we must add 1
4751 to the length for BRAZERO and for all but the last repetition we must
4752 add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
4753 paranoid checks to avoid integer overflow. The INT64_OR_DOUBLE type is
4754 a 64-bit integer type when available, otherwise double. */
4755
4756 if (lengthptr != NULL && repeat_max > 0)
4757 {
4758 int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
4759 2 - 2*LINK_SIZE; /* Last one doesn't nest */
4760 if ((INT64_OR_DOUBLE)repeat_max *
4761 (INT64_OR_DOUBLE)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
4762 > (INT64_OR_DOUBLE)INT_MAX ||
4763 OFLOW_MAX - *lengthptr < delta)
4764 {
4765 *errorcodeptr = ERR20;
4766 goto FAILED;
4767 }
4768 *lengthptr += delta;
4769 }
4770
4771 /* This is compiling for real */
4772
4773 else for (i = repeat_max - 1; i >= 0; i--)
4774 {
4775 uschar *hc;
4776 uschar *this_hwm = cd->hwm;
4777
4778 *code++ = OP_BRAZERO + repeat_type;
4779
4780 /* All but the final copy start a new nesting, maintaining the
4781 chain of brackets outstanding. */
4782
4783 if (i != 0)
4784 {
4785 int offset;
4786 *code++ = OP_BRA;
4787 offset = (bralink == NULL)? 0 : (int)(code - bralink);
4788 bralink = code;
4789 PUTINC(code, 0, offset);
4790 }
4791
4792 memcpy(code, previous, len);
4793 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4794 {
4795 PUT(cd->hwm, 0, GET(hc, 0) + len + ((i != 0)? 2+LINK_SIZE : 1));
4796 cd->hwm += LINK_SIZE;
4797 }
4798 save_hwm = this_hwm;
4799 code += len;
4800 }
4801
4802 /* Now chain through the pending brackets, and fill in their length
4803 fields (which are holding the chain links pro tem). */
4804
4805 while (bralink != NULL)
4806 {
4807 int oldlinkoffset;
4808 int offset = (int)(code - bralink + 1);
4809 uschar *bra = code - offset;
4810 oldlinkoffset = GET(bra, 1);
4811 bralink = (oldlinkoffset == 0)? NULL : bralink - oldlinkoffset;
4812 *code++ = OP_KET;
4813 PUTINC(code, 0, offset);
4814 PUT(bra, 1, offset);
4815 }
4816 }
4817
4818 /* If the maximum is unlimited, set a repeater in the final copy. For
4819 ONCE brackets, that's all we need to do. However, possessively repeated
4820 ONCE brackets can be converted into non-capturing brackets, as the
4821 behaviour of (?:xx)++ is the same as (?>xx)++ and this saves having to
4822 deal with possessive ONCEs specially.
4823
4824 Otherwise, if the quantifier was possessive, we convert the BRA code to
4825 the POS form, and the KET code to KETRPOS. (It turns out to be convenient
4826 at runtime to detect this kind of subpattern at both the start and at the
4827 end.) The use of special opcodes makes it possible to reduce greatly the
4828 stack usage in pcre_exec(). If the group is preceded by OP_BRAZERO,
4829 convert this to OP_BRAPOSZERO. Then cancel the possessive flag so that
4830 the default action below, of wrapping everything inside atomic brackets,
4831 does not happen.
4832
4833 Then, when we are doing the actual compile phase, check to see whether
4834 this group is one that could match an empty string. If so, convert the
4835 initial operator to the S form (e.g. OP_BRA -> OP_SBRA) so that runtime
4836 checking can be done. [This check is also applied to ONCE groups at
4837 runtime, but in a different way.] */
4838
4839 else
4840 {
4841 uschar *ketcode = code - 1 - LINK_SIZE;
4842 uschar *bracode = ketcode - GET(ketcode, 1);
4843
4844 if (*bracode == OP_ONCE && possessive_quantifier) *bracode = OP_BRA;
4845 if (*bracode == OP_ONCE)
4846 *ketcode = OP_KETRMAX + repeat_type;
4847 else
4848 {
4849 if (possessive_quantifier)
4850 {
4851 *bracode += 1; /* Switch to xxxPOS opcodes */
4852 *ketcode = OP_KETRPOS;
4853 if (brazeroptr != NULL) *brazeroptr = OP_BRAPOSZERO;
4854 possessive_quantifier = FALSE;
4855 }
4856 else *ketcode = OP_KETRMAX + repeat_type;
4857
4858 if (lengthptr == NULL)
4859 {
4860 uschar *scode = bracode;
4861 do
4862 {
4863 if (could_be_empty_branch(scode, ketcode, utf8, cd))
4864 {
4865 *bracode += OP_SBRA - OP_BRA;
4866 break;
4867 }
4868 scode += GET(scode, 1);
4869 }
4870 while (*scode == OP_ALT);
4871 }
4872 }
4873 }
4874 }
4875
4876 /* If previous is OP_FAIL, it was generated by an empty class [] in
4877 JavaScript mode. The other ways in which OP_FAIL can be generated, that is
4878 by (*FAIL) or (?!) set previous to NULL, which gives a "nothing to repeat"
4879 error above. We can just ignore the repeat in JS case. */
4880
4881 else if (*previous == OP_FAIL) goto END_REPEAT;
4882
4883 /* Else there's some kind of shambles */
4884
4885 else
4886 {
4887 *errorcodeptr = ERR11;
4888 goto FAILED;
4889 }
4890
4891 /* If the character following a repeat is '+', or if certain optimization
4892 tests above succeeded, possessive_quantifier is TRUE. For some opcodes,
4893 there are special alternative opcodes for this case. For anything else, we
4894 wrap the entire repeated item inside OP_ONCE brackets. Logically, the '+'
4895 notation is just syntactic sugar, taken from Sun's Java package, but the
4896 special opcodes can optimize it.
4897
4898 Possessively repeated subpatterns have already been handled in the code
4899 just above, so possessive_quantifier is always FALSE for them at this
4900 stage.
4901
4902 Note that the repeated item starts at tempcode, not at previous, which
4903 might be the first part of a string whose (former) last char we repeated.
4904
4905 Possessifying an 'exact' quantifier has no effect, so we can ignore it. But
4906 an 'upto' may follow. We skip over an 'exact' item, and then test the
4907 length of what remains before proceeding. */
4908
4909 if (possessive_quantifier)
4910 {
4911 int len;
4912
4913 if (*tempcode == OP_TYPEEXACT)
4914 tempcode += _pcre_OP_lengths[*tempcode] +
4915 ((tempcode[3] == OP_PROP || tempcode[3] == OP_NOTPROP)? 2 : 0);
4916
4917 else if (*tempcode == OP_EXACT || *tempcode == OP_NOTEXACT)
4918 {
4919 tempcode += _pcre_OP_lengths[*tempcode];
4920 #ifdef SUPPORT_UTF8
4921 if (utf8 && tempcode[-1] >= 0xc0)
4922 tempcode += _pcre_utf8_table4[tempcode[-1] & 0x3f];
4923 #endif
4924 }
4925
4926 len = (int)(code - tempcode);
4927 if (len > 0) switch (*tempcode)
4928 {
4929 case OP_STAR: *tempcode = OP_POSSTAR; break;
4930 case OP_PLUS: *tempcode = OP_POSPLUS; break;
4931 case OP_QUERY: *tempcode = OP_POSQUERY; break;
4932 case OP_UPTO: *tempcode = OP_POSUPTO; break;
4933
4934 case OP_STARI: *tempcode = OP_POSSTARI; break;
4935 case OP_PLUSI: *tempcode = OP_POSPLUSI; break;
4936 case OP_QUERYI: *tempcode = OP_POSQUERYI; break;
4937 case OP_UPTOI: *tempcode = OP_POSUPTOI; break;
4938
4939 case OP_NOTSTAR: *tempcode = OP_NOTPOSSTAR; break;
4940 case OP_NOTPLUS: *tempcode = OP_NOTPOSPLUS; break;
4941 case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
4942 case OP_NOTUPTO: *tempcode = OP_NOTPOSUPTO; break;
4943
4944 case OP_NOTSTARI: *tempcode = OP_NOTPOSSTARI; break;
4945 case OP_NOTPLUSI: *tempcode = OP_NOTPOSPLUSI; break;
4946 case OP_NOTQUERYI: *tempcode = OP_NOTPOSQUERYI; break;
4947 case OP_NOTUPTOI: *tempcode = OP_NOTPOSUPTOI; break;
4948
4949 case OP_TYPESTAR: *tempcode = OP_TYPEPOSSTAR; break;
4950 case OP_TYPEPLUS: *tempcode = OP_TYPEPOSPLUS; break;
4951 case OP_TYPEQUERY: *tempcode = OP_TYPEPOSQUERY; break;
4952 case OP_TYPEUPTO: *tempcode = OP_TYPEPOSUPTO; break;
4953
4954 /* Because we are moving code along, we must ensure that any
4955 pending recursive references are updated. */
4956
4957 default:
4958 *code = OP_END;
4959 adjust_recurse(tempcode, 1 + LINK_SIZE, utf8, cd, save_hwm);
4960 memmove(tempcode + 1+LINK_SIZE, tempcode, len);
4961 code += 1 + LINK_SIZE;
4962 len += 1 + LINK_SIZE;
4963 tempcode[0] = OP_ONCE;
4964 *code++ = OP_KET;
4965 PUTINC(code, 0, len);
4966 PUT(tempcode, 1, len);
4967 break;
4968 }
4969 }
4970
4971 /* In all case we no longer have a previous item. We also set the
4972 "follows varying string" flag for subsequently encountered reqbytes if
4973 it isn't already set and we have just passed a varying length item. */
4974
4975 END_REPEAT:
4976 previous = NULL;
4977 cd->req_varyopt |= reqvary;
4978 break;
4979
4980
4981 /* ===================================================================*/
4982 /* Start of nested parenthesized sub-expression, or comment or lookahead or
4983 lookbehind or option setting or condition or all the other extended
4984 parenthesis forms. */
4985
4986 case CHAR_LEFT_PARENTHESIS:
4987 newoptions = options;
4988 skipbytes = 0;
4989 bravalue = OP_CBRA;
4990 save_hwm = cd->hwm;
4991 reset_bracount = FALSE;
4992
4993 /* First deal with various "verbs" that can be introduced by '*'. */
4994
4995 if (*(++ptr) == CHAR_ASTERISK &&
4996 ((cd->ctypes[ptr[1]] & ctype_letter) != 0 || ptr[1] == ':'))
4997 {
4998 int i, namelen;
4999 int arglen = 0;
5000 const char *vn = verbnames;
5001 const uschar *name = ptr + 1;
5002 const uschar *arg = NULL;
5003 previous = NULL;
5004 while ((cd->ctypes[*++ptr] & ctype_letter) != 0) {};
5005 namelen = (int)(ptr - name);
5006
5007 /* It appears that Perl allows any characters whatsoever, other than
5008 a closing parenthesis, to appear in arguments, so we no longer insist on
5009 letters, digits, and underscores. */
5010
5011 if (*ptr == CHAR_COLON)
5012 {
5013 arg = ++ptr;
5014 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5015 arglen = (int)(ptr - arg);
5016 }
5017
5018 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5019 {
5020 *errorcodeptr = ERR60;
5021 goto FAILED;
5022 }
5023
5024 /* Scan the table of verb names */
5025
5026 for (i = 0; i < verbcount; i++)
5027 {
5028 if (namelen == verbs[i].len &&
5029 strncmp((char *)name, vn, namelen) == 0)
5030 {
5031 /* Check for open captures before ACCEPT and convert it to
5032 ASSERT_ACCEPT if in an assertion. */
5033
5034 if (verbs[i].op == OP_ACCEPT)
5035 {
5036 open_capitem *oc;
5037 if (arglen != 0)
5038 {
5039 *errorcodeptr = ERR59;
5040 goto FAILED;
5041 }
5042 cd->had_accept = TRUE;
5043 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
5044 {
5045 *code++ = OP_CLOSE;
5046 PUT2INC(code, 0, oc->number);
5047 }
5048 *code++ = (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
5049 }
5050
5051 /* Handle other cases with/without an argument */
5052
5053 else if (arglen == 0)
5054 {
5055 if (verbs[i].op < 0) /* Argument is mandatory */
5056 {
5057 *errorcodeptr = ERR66;
5058 goto FAILED;
5059 }
5060 *code = verbs[i].op;
5061 if (*code++ == OP_THEN)
5062 {
5063 PUT(code, 0, code - bcptr->current_branch - 1);
5064 code += LINK_SIZE;
5065 }
5066 }
5067
5068 else
5069 {
5070 if (verbs[i].op_arg < 0) /* Argument is forbidden */
5071 {
5072 *errorcodeptr = ERR59;
5073 goto FAILED;
5074 }
5075 *code = verbs[i].op_arg;
5076 if (*code++ == OP_THEN_ARG)
5077 {
5078 PUT(code, 0, code - bcptr->current_branch - 1);
5079 code += LINK_SIZE;
5080 }
5081 *code++ = arglen;
5082 memcpy(code, arg, arglen);
5083 code += arglen;
5084 *code++ = 0;
5085 }
5086
5087 break; /* Found verb, exit loop */
5088 }
5089
5090 vn += verbs[i].len + 1;
5091 }
5092
5093 if (i < verbcount) continue; /* Successfully handled a verb */
5094 *errorcodeptr = ERR60; /* Verb not recognized */
5095 goto FAILED;
5096 }
5097
5098 /* Deal with the extended parentheses; all are introduced by '?', and the
5099 appearance of any of them means that this is not a capturing group. */
5100
5101 else if (*ptr == CHAR_QUESTION_MARK)
5102 {
5103 int i, set, unset, namelen;
5104 int *optset;
5105 const uschar *name;
5106 uschar *slot;
5107
5108 switch (*(++ptr))
5109 {
5110 case CHAR_NUMBER_SIGN: /* Comment; skip to ket */
5111 ptr++;
5112 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5113 if (*ptr == 0)
5114 {
5115 *errorcodeptr = ERR18;
5116 goto FAILED;
5117 }
5118 continue;
5119
5120
5121 /* ------------------------------------------------------------ */
5122 case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
5123 reset_bracount = TRUE;
5124 /* Fall through */
5125
5126 /* ------------------------------------------------------------ */
5127 case CHAR_COLON: /* Non-capturing bracket */
5128 bravalue = OP_BRA;
5129 ptr++;
5130 break;
5131
5132
5133 /* ------------------------------------------------------------ */
5134 case CHAR_LEFT_PARENTHESIS:
5135 bravalue = OP_COND; /* Conditional group */
5136
5137 /* A condition can be an assertion, a number (referring to a numbered
5138 group), a name (referring to a named group), or 'R', referring to
5139 recursion. R<digits> and R&name are also permitted for recursion tests.
5140
5141 There are several syntaxes for testing a named group: (?(name)) is used
5142 by Python; Perl 5.10 onwards uses (?(<name>) or (?('name')).
5143
5144 There are two unfortunate ambiguities, caused by history. (a) 'R' can
5145 be the recursive thing or the name 'R' (and similarly for 'R' followed
5146 by digits), and (b) a number could be a name that consists of digits.
5147 In both cases, we look for a name first; if not found, we try the other
5148 cases. */
5149
5150 /* For conditions that are assertions, check the syntax, and then exit
5151 the switch. This will take control down to where bracketed groups,
5152 including assertions, are processed. */
5153
5154 if (ptr[1] == CHAR_QUESTION_MARK && (ptr[2] == CHAR_EQUALS_SIGN ||
5155 ptr[2] == CHAR_EXCLAMATION_MARK || ptr[2] == CHAR_LESS_THAN_SIGN))
5156 break;
5157
5158 /* Most other conditions use OP_CREF (a couple change to OP_RREF
5159 below), and all need to skip 3 bytes at the start of the group. */
5160
5161 code[1+LINK_SIZE] = OP_CREF;
5162 skipbytes = 3;
5163 refsign = -1;
5164
5165 /* Check for a test for recursion in a named group. */
5166
5167 if (ptr[1] == CHAR_R && ptr[2] == CHAR_AMPERSAND)
5168 {
5169 terminator = -1;
5170 ptr += 2;
5171 code[1+LINK_SIZE] = OP_RREF; /* Change the type of test */
5172 }
5173
5174 /* Check for a test for a named group's having been set, using the Perl
5175 syntax (?(<name>) or (?('name') */
5176
5177 else if (ptr[1] == CHAR_LESS_THAN_SIGN)
5178 {
5179 terminator = CHAR_GREATER_THAN_SIGN;
5180 ptr++;
5181 }
5182 else if (ptr[1] == CHAR_APOSTROPHE)
5183 {
5184 terminator = CHAR_APOSTROPHE;
5185 ptr++;
5186 }
5187 else
5188 {
5189 terminator = 0;
5190 if (ptr[1] == CHAR_MINUS || ptr[1] == CHAR_PLUS) refsign = *(++ptr);
5191 }
5192
5193 /* We now expect to read a name; any thing else is an error */
5194
5195 if ((cd->ctypes[ptr[1]] & ctype_word) == 0)
5196 {
5197 ptr += 1; /* To get the right offset */
5198 *errorcodeptr = ERR28;
5199 goto FAILED;
5200 }
5201
5202 /* Read the name, but also get it as a number if it's all digits */
5203
5204 recno = 0;
5205 name = ++ptr;
5206 while ((cd->ctypes[*ptr] & ctype_word) != 0)
5207 {
5208 if (recno >= 0)
5209 recno = ((digitab[*ptr] & ctype_digit) != 0)?
5210 recno * 10 + *ptr - CHAR_0 : -1;
5211 ptr++;
5212 }
5213 namelen = (int)(ptr - name);
5214
5215 if ((terminator > 0 && *ptr++ != terminator) ||
5216 *ptr++ != CHAR_RIGHT_PARENTHESIS)
5217 {
5218 ptr--; /* Error offset */
5219 *errorcodeptr = ERR26;
5220 goto FAILED;
5221 }
5222
5223 /* Do no further checking in the pre-compile phase. */
5224
5225 if (lengthptr != NULL) break;
5226
5227 /* In the real compile we do the work of looking for the actual
5228 reference. If the string started with "+" or "-" we require the rest to
5229 be digits, in which case recno will be set. */
5230
5231 if (refsign > 0)
5232 {
5233 if (recno <= 0)
5234 {
5235 *errorcodeptr = ERR58;
5236 goto FAILED;
5237 }
5238 recno = (refsign == CHAR_MINUS)?
5239 cd->bracount - recno + 1 : recno +cd->bracount;
5240 if (recno <= 0 || recno > cd->final_bracount)
5241 {
5242 *errorcodeptr = ERR15;
5243 goto FAILED;
5244 }
5245 PUT2(code, 2+LINK_SIZE, recno);
5246 break;
5247 }
5248
5249 /* Otherwise (did not start with "+" or "-"), start by looking for the
5250 name. If we find a name, add one to the opcode to change OP_CREF or
5251 OP_RREF into OP_NCREF or OP_NRREF. These behave exactly the same,
5252 except they record that the reference was originally to a name. The
5253 information is used to check duplicate names. */
5254
5255 slot = cd->name_table;
5256 for (i = 0; i < cd->names_found; i++)
5257 {
5258 if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
5259 slot += cd->name_entry_size;
5260 }
5261
5262 /* Found a previous named subpattern */
5263
5264 if (i < cd->names_found)
5265 {
5266 recno = GET2(slot, 0);
5267 PUT2(code, 2+LINK_SIZE, recno);
5268 code[1+LINK_SIZE]++;
5269 }
5270
5271 /* Search the pattern for a forward reference */
5272
5273 else if ((i = find_parens(cd, name, namelen,
5274 (options & PCRE_EXTENDED) != 0, utf8)) > 0)
5275 {
5276 PUT2(code, 2+LINK_SIZE, i);
5277 code[1+LINK_SIZE]++;
5278 }
5279
5280 /* If terminator == 0 it means that the name followed directly after
5281 the opening parenthesis [e.g. (?(abc)...] and in this case there are
5282 some further alternatives to try. For the cases where terminator != 0
5283 [things like (?(<name>... or (?('name')... or (?(R&name)... ] we have
5284 now checked all the possibilities, so give an error. */
5285
5286 else if (terminator != 0)
5287 {
5288 *errorcodeptr = ERR15;
5289 goto FAILED;
5290 }
5291
5292 /* Check for (?(R) for recursion. Allow digits after R to specify a
5293 specific group number. */
5294
5295 else if (*name == CHAR_R)
5296 {
5297 recno = 0;
5298 for (i = 1; i < namelen; i++)
5299 {
5300 if ((digitab[name[i]] & ctype_digit) == 0)
5301 {
5302 *errorcodeptr = ERR15;
5303 goto FAILED;
5304 }
5305 recno = recno * 10 + name[i] - CHAR_0;
5306 }
5307 if (recno == 0) recno = RREF_ANY;
5308 code[1+LINK_SIZE] = OP_RREF; /* Change test type */
5309 PUT2(code, 2+LINK_SIZE, recno);
5310 }
5311
5312 /* Similarly, check for the (?(DEFINE) "condition", which is always
5313 false. */
5314
5315 else if (namelen == 6 && strncmp((char *)name, STRING_DEFINE, 6) == 0)
5316 {
5317 code[1+LINK_SIZE] = OP_DEF;
5318 skipbytes = 1;
5319 }
5320
5321 /* Check for the "name" actually being a subpattern number. We are
5322 in the second pass here, so final_bracount is set. */
5323
5324 else if (recno > 0 && recno <= cd->final_bracount)
5325 {
5326 PUT2(code, 2+LINK_SIZE, recno);
5327 }
5328
5329 /* Either an unidentified subpattern, or a reference to (?(0) */
5330
5331 else
5332 {
5333 *errorcodeptr = (recno == 0)? ERR35: ERR15;
5334 goto FAILED;
5335 }
5336 break;
5337
5338
5339 /* ------------------------------------------------------------ */
5340 case CHAR_EQUALS_SIGN: /* Positive lookahead */
5341 bravalue = OP_ASSERT;
5342 cd->assert_depth += 1;
5343 ptr++;
5344 break;
5345
5346
5347 /* ------------------------------------------------------------ */
5348 case CHAR_EXCLAMATION_MARK: /* Negative lookahead */
5349 ptr++;
5350 if (*ptr == CHAR_RIGHT_PARENTHESIS) /* Optimize (?!) */
5351 {
5352 *code++ = OP_FAIL;
5353 previous = NULL;
5354 continue;
5355 }
5356 bravalue = OP_ASSERT_NOT;
5357 cd->assert_depth += 1;
5358 break;
5359
5360
5361 /* ------------------------------------------------------------ */
5362 case CHAR_LESS_THAN_SIGN: /* Lookbehind or named define */
5363 switch (ptr[1])
5364 {
5365 case CHAR_EQUALS_SIGN: /* Positive lookbehind */
5366 bravalue = OP_ASSERTBACK;
5367 cd->assert_depth += 1;
5368 ptr += 2;
5369 break;
5370
5371 case CHAR_EXCLAMATION_MARK: /* Negative lookbehind */
5372 bravalue = OP_ASSERTBACK_NOT;
5373 cd->assert_depth += 1;
5374 ptr += 2;
5375 break;
5376
5377 default: /* Could be name define, else bad */
5378 if ((cd->ctypes[ptr[1]] & ctype_word) != 0) goto DEFINE_NAME;
5379 ptr++; /* Correct offset for error */
5380 *errorcodeptr = ERR24;
5381 goto FAILED;
5382 }
5383 break;
5384
5385
5386 /* ------------------------------------------------------------ */
5387 case CHAR_GREATER_THAN_SIGN: /* One-time brackets */
5388 bravalue = OP_ONCE;
5389 ptr++;
5390 break;
5391
5392
5393 /* ------------------------------------------------------------ */
5394 case CHAR_C: /* Callout - may be followed by digits; */
5395 previous_callout = code; /* Save for later completion */
5396 after_manual_callout = 1; /* Skip one item before completing */
5397 *code++ = OP_CALLOUT;
5398 {
5399 int n = 0;
5400 while ((digitab[*(++ptr)] & ctype_digit) != 0)
5401 n = n * 10 + *ptr - CHAR_0;
5402 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5403 {
5404 *errorcodeptr = ERR39;
5405 goto FAILED;
5406 }
5407 if (n > 255)
5408 {
5409 *errorcodeptr = ERR38;
5410 goto FAILED;
5411 }
5412 *code++ = n;
5413 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
5414 PUT(code, LINK_SIZE, 0); /* Default length */
5415 code += 2 * LINK_SIZE;
5416 }
5417 previous = NULL;
5418 continue;
5419
5420
5421 /* ------------------------------------------------------------ */
5422 case CHAR_P: /* Python-style named subpattern handling */
5423 if (*(++ptr) == CHAR_EQUALS_SIGN ||
5424 *ptr == CHAR_GREATER_THAN_SIGN) /* Reference or recursion */
5425 {
5426 is_recurse = *ptr == CHAR_GREATER_THAN_SIGN;
5427 terminator = CHAR_RIGHT_PARENTHESIS;
5428 goto NAMED_REF_OR_RECURSE;
5429 }
5430 else if (*ptr != CHAR_LESS_THAN_SIGN) /* Test for Python-style defn */
5431 {
5432 *errorcodeptr = ERR41;
5433 goto FAILED;
5434 }
5435 /* Fall through to handle (?P< as (?< is handled */
5436
5437
5438 /* ------------------------------------------------------------ */
5439 DEFINE_NAME: /* Come here from (?< handling */
5440 case CHAR_APOSTROPHE:
5441 {
5442 terminator = (*ptr == CHAR_LESS_THAN_SIGN)?
5443 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
5444 name = ++ptr;
5445
5446 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5447 namelen = (int)(ptr - name);
5448
5449 /* In the pre-compile phase, just do a syntax check. */
5450
5451 if (lengthptr != NULL)
5452 {
5453 if (*ptr != terminator)
5454 {
5455 *errorcodeptr = ERR42;
5456 goto FAILED;
5457 }
5458 if (cd->names_found >= MAX_NAME_COUNT)
5459 {
5460 *errorcodeptr = ERR49;
5461 goto FAILED;
5462 }
5463 if (namelen + 3 > cd->name_entry_size)
5464 {
5465 cd->name_entry_size = namelen + 3;
5466 if (namelen > MAX_NAME_SIZE)
5467 {
5468 *errorcodeptr = ERR48;
5469 goto FAILED;
5470 }
5471 }
5472 }
5473
5474 /* In the real compile, create the entry in the table, maintaining
5475 alphabetical order. Duplicate names for different numbers are
5476 permitted only if PCRE_DUPNAMES is set. Duplicate names for the same
5477 number are always OK. (An existing number can be re-used if (?|
5478 appears in the pattern.) In either event, a duplicate name results in
5479 a duplicate entry in the table, even if the number is the same. This
5480 is because the number of names, and hence the table size, is computed
5481 in the pre-compile, and it affects various numbers and pointers which
5482 would all have to be modified, and the compiled code moved down, if
5483 duplicates with the same number were omitted from the table. This
5484 doesn't seem worth the hassle. However, *different* names for the
5485 same number are not permitted. */
5486
5487 else
5488 {
5489 BOOL dupname = FALSE;
5490 slot = cd->name_table;
5491
5492 for (i = 0; i < cd->names_found; i++)
5493 {
5494 int crc = memcmp(name, slot+2, namelen);
5495 if (crc == 0)
5496 {
5497 if (slot[2+namelen] == 0)
5498 {
5499 if (GET2(slot, 0) != cd->bracount + 1 &&
5500 (options & PCRE_DUPNAMES) == 0)
5501 {
5502 *errorcodeptr = ERR43;
5503 goto FAILED;
5504 }
5505 else dupname = TRUE;
5506 }
5507 else crc = -1; /* Current name is a substring */
5508 }
5509
5510 /* Make space in the table and break the loop for an earlier
5511 name. For a duplicate or later name, carry on. We do this for
5512 duplicates so that in the simple case (when ?(| is not used) they
5513 are in order of their numbers. */
5514
5515 if (crc < 0)
5516 {
5517 memmove(slot + cd->name_entry_size, slot,
5518 (cd->names_found - i) * cd->name_entry_size);
5519 break;
5520 }
5521
5522 /* Continue the loop for a later or duplicate name */
5523
5524 slot += cd->name_entry_size;
5525 }
5526
5527 /* For non-duplicate names, check for a duplicate number before
5528 adding the new name. */
5529
5530 if (!dupname)
5531 {
5532 uschar *cslot = cd->name_table;
5533 for (i = 0; i < cd->names_found; i++)
5534 {
5535 if (cslot != slot)
5536 {
5537 if (GET2(cslot, 0) == cd->bracount + 1)
5538 {
5539 *errorcodeptr = ERR65;
5540 goto FAILED;
5541 }
5542 }
5543 else i--;
5544 cslot += cd->name_entry_size;
5545 }
5546 }
5547
5548 PUT2(slot, 0, cd->bracount + 1);
5549 memcpy(slot + 2, name, namelen);
5550 slot[2+namelen] = 0;
5551 }
5552 }
5553
5554 /* In both pre-compile and compile, count the number of names we've
5555 encountered. */
5556
5557 cd->names_found++;
5558 ptr++; /* Move past > or ' */
5559 goto NUMBERED_GROUP;
5560
5561
5562 /* ------------------------------------------------------------ */
5563 case CHAR_AMPERSAND: /* Perl recursion/subroutine syntax */
5564 terminator = CHAR_RIGHT_PARENTHESIS;
5565 is_recurse = TRUE;
5566 /* Fall through */
5567
5568 /* We come here from the Python syntax above that handles both
5569 references (?P=name) and recursion (?P>name), as well as falling
5570 through from the Perl recursion syntax (?&name). We also come here from
5571 the Perl \k<name> or \k'name' back reference syntax and the \k{name}
5572 .NET syntax, and the Oniguruma \g<...> and \g'...' subroutine syntax. */
5573
5574 NAMED_REF_OR_RECURSE:
5575 name = ++ptr;
5576 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5577 namelen = (int)(ptr - name);
5578
5579 /* In the pre-compile phase, do a syntax check. We used to just set
5580 a dummy reference number, because it was not used in the first pass.
5581 However, with the change of recursive back references to be atomic,
5582 we have to look for the number so that this state can be identified, as
5583 otherwise the incorrect length is computed. If it's not a backwards
5584 reference, the dummy number will do. */
5585
5586 if (lengthptr != NULL)
5587 {
5588 const uschar *temp;
5589
5590 if (namelen == 0)
5591 {
5592 *errorcodeptr = ERR62;
5593 goto FAILED;
5594 }
5595 if (*ptr != terminator)
5596 {
5597 *errorcodeptr = ERR42;
5598 goto FAILED;
5599 }
5600 if (namelen > MAX_NAME_SIZE)
5601 {
5602 *errorcodeptr = ERR48;
5603 goto FAILED;
5604 }
5605
5606 /* The name table does not exist in the first pass, so we cannot
5607 do a simple search as in the code below. Instead, we have to scan the
5608 pattern to find the number. It is important that we scan it only as
5609 far as we have got because the syntax of named subpatterns has not
5610 been checked for the rest of the pattern, and find_parens() assumes
5611 correct syntax. In any case, it's a waste of resources to scan
5612 further. We stop the scan at the current point by temporarily
5613 adjusting the value of cd->endpattern. */
5614
5615 temp = cd->end_pattern;
5616 cd->end_pattern = ptr;
5617 recno = find_parens(cd, name, namelen,
5618 (options & PCRE_EXTENDED) != 0, utf8);
5619 cd->end_pattern = temp;
5620 if (recno < 0) recno = 0; /* Forward ref; set dummy number */
5621 }
5622
5623 /* In the real compile, seek the name in the table. We check the name
5624 first, and then check that we have reached the end of the name in the
5625 table. That way, if the name that is longer than any in the table,
5626 the comparison will fail without reading beyond the table entry. */
5627
5628 else
5629 {
5630 slot = cd->name_table;
5631 for (i = 0; i < cd->names_found; i++)
5632 {
5633 if (strncmp((char *)name, (char *)slot+2, namelen) == 0 &&
5634 slot[2+namelen] == 0)
5635 break;
5636 slot += cd->name_entry_size;
5637 }
5638
5639 if (i < cd->names_found) /* Back reference */
5640 {
5641 recno = GET2(slot, 0);
5642 }
5643 else if ((recno = /* Forward back reference */
5644 find_parens(cd, name, namelen,
5645 (options & PCRE_EXTENDED) != 0, utf8)) <= 0)
5646 {
5647 *errorcodeptr = ERR15;
5648 goto FAILED;
5649 }
5650 }
5651
5652 /* In both phases, we can now go to the code than handles numerical
5653 recursion or backreferences. */
5654
5655 if (is_recurse) goto HANDLE_RECURSION;
5656 else goto HANDLE_REFERENCE;
5657
5658
5659 /* ------------------------------------------------------------ */
5660 case CHAR_R: /* Recursion */
5661 ptr++; /* Same as (?0) */
5662 /* Fall through */
5663
5664
5665 /* ------------------------------------------------------------ */
5666 case CHAR_MINUS: case CHAR_PLUS: /* Recursion or subroutine */
5667 case CHAR_0: case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4:
5668 case CHAR_5: case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
5669 {
5670 const uschar *called;
5671 terminator = CHAR_RIGHT_PARENTHESIS;
5672
5673 /* Come here from the \g<...> and \g'...' code (Oniguruma
5674 compatibility). However, the syntax has been checked to ensure that
5675 the ... are a (signed) number, so that neither ERR63 nor ERR29 will
5676 be called on this path, nor with the jump to OTHER_CHAR_AFTER_QUERY
5677 ever be taken. */
5678
5679 HANDLE_NUMERICAL_RECURSION:
5680
5681 if ((refsign = *ptr) == CHAR_PLUS)
5682 {
5683 ptr++;
5684 if ((digitab[*ptr] & ctype_digit) == 0)
5685 {
5686 *errorcodeptr = ERR63;
5687 goto FAILED;
5688 }
5689 }
5690 else if (refsign == CHAR_MINUS)
5691 {
5692 if ((digitab[ptr[1]] & ctype_digit) == 0)
5693 goto OTHER_CHAR_AFTER_QUERY;
5694 ptr++;
5695 }
5696
5697 recno = 0;
5698 while((digitab[*ptr] & ctype_digit) != 0)
5699 recno = recno * 10 + *ptr++ - CHAR_0;
5700
5701 if (*ptr != terminator)
5702 {
5703 *errorcodeptr = ERR29;
5704 goto FAILED;
5705 }
5706
5707 if (refsign == CHAR_MINUS)
5708 {
5709 if (recno == 0)
5710 {
5711 *errorcodeptr = ERR58;
5712 goto FAILED;
5713 }
5714 recno = cd->bracount - recno + 1;
5715 if (recno <= 0)
5716 {
5717 *errorcodeptr = ERR15;
5718 goto FAILED;
5719 }
5720 }
5721 else if (refsign == CHAR_PLUS)
5722 {
5723 if (recno == 0)
5724 {
5725 *errorcodeptr = ERR58;
5726 goto FAILED;
5727 }
5728 recno += cd->bracount;
5729 }
5730
5731 /* Come here from code above that handles a named recursion */
5732
5733 HANDLE_RECURSION:
5734
5735 previous = code;
5736 called = cd->start_code;
5737
5738 /* When we are actually compiling, find the bracket that is being
5739 referenced. Temporarily end the regex in case it doesn't exist before
5740 this point. If we end up with a forward reference, first check that
5741 the bracket does occur later so we can give the error (and position)
5742 now. Then remember this forward reference in the workspace so it can
5743 be filled in at the end. */
5744
5745 if (lengthptr == NULL)
5746 {
5747 *code = OP_END;
5748 if (recno != 0)
5749 called = _pcre_find_bracket(cd->start_code, utf8, recno);
5750
5751 /* Forward reference */
5752
5753 if (called == NULL)
5754 {
5755 if (find_parens(cd, NULL, recno,
5756 (options & PCRE_EXTENDED) != 0, utf8) < 0)
5757 {
5758 *errorcodeptr = ERR15;
5759 goto FAILED;
5760 }
5761
5762 /* Fudge the value of "called" so that when it is inserted as an
5763 offset below, what it actually inserted is the reference number
5764 of the group. Then remember the forward reference. */
5765
5766 called = cd->start_code + recno;
5767 PUTINC(cd->hwm, 0, (int)(code + 1 - cd->start_code));
5768 }
5769
5770 /* If not a forward reference, and the subpattern is still open,
5771 this is a recursive call. We check to see if this is a left
5772 recursion that could loop for ever, and diagnose that case. We
5773 must not, however, do this check if we are in a conditional
5774 subpattern because the condition might be testing for recursion in
5775 a pattern such as /(?(R)a+|(?R)b)/, which is perfectly valid.
5776 Forever loops are also detected at runtime, so those that occur in
5777 conditional subpatterns will be picked up then. */
5778
5779 else if (GET(called, 1) == 0 && cond_depth <= 0 &&
5780 could_be_empty(called, code, bcptr, utf8, cd))
5781 {
5782 *errorcodeptr = ERR40;
5783 goto FAILED;
5784 }
5785 }
5786
5787 /* Insert the recursion/subroutine item. */
5788
5789 *code = OP_RECURSE;
5790 PUT(code, 1, (int)(called - cd->start_code));
5791 code += 1 + LINK_SIZE;
5792 }
5793
5794 /* Can't determine a first byte now */
5795
5796 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
5797 continue;
5798
5799
5800 /* ------------------------------------------------------------ */
5801 default: /* Other characters: check option setting */
5802 OTHER_CHAR_AFTER_QUERY:
5803 set = unset = 0;
5804 optset = &set;
5805
5806 while (*ptr != CHAR_RIGHT_PARENTHESIS && *ptr != CHAR_COLON)
5807 {
5808 switch (*ptr++)
5809 {
5810 case CHAR_MINUS: optset = &unset; break;
5811
5812 case CHAR_J: /* Record that it changed in the external options */
5813 *optset |= PCRE_DUPNAMES;
5814 cd->external_flags |= PCRE_JCHANGED;
5815 break;
5816
5817 case CHAR_i: *optset |= PCRE_CASELESS; break;
5818 case CHAR_m: *optset |= PCRE_MULTILINE; break;
5819 case CHAR_s: *optset |= PCRE_DOTALL; break;
5820 case CHAR_x: *optset |= PCRE_EXTENDED; break;
5821 case CHAR_U: *optset |= PCRE_UNGREEDY; break;
5822 case CHAR_X: *optset |= PCRE_EXTRA; break;
5823
5824 default: *errorcodeptr = ERR12;
5825 ptr--; /* Correct the offset */
5826 goto FAILED;
5827 }
5828 }
5829
5830 /* Set up the changed option bits, but don't change anything yet. */
5831
5832 newoptions = (options | set) & (~unset);
5833
5834 /* If the options ended with ')' this is not the start of a nested
5835 group with option changes, so the options change at this level. If this
5836 item is right at the start of the pattern, the options can be
5837 abstracted and made external in the pre-compile phase, and ignored in
5838 the compile phase. This can be helpful when matching -- for instance in
5839 caseless checking of required bytes.
5840
5841 If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are
5842 definitely *not* at the start of the pattern because something has been
5843 compiled. In the pre-compile phase, however, the code pointer can have
5844 that value after the start, because it gets reset as code is discarded
5845 during the pre-compile. However, this can happen only at top level - if
5846 we are within parentheses, the starting BRA will still be present. At
5847 any parenthesis level, the length value can be used to test if anything
5848 has been compiled at that level. Thus, a test for both these conditions
5849 is necessary to ensure we correctly detect the start of the pattern in
5850 both phases.
5851
5852 If we are not at the pattern start, reset the greedy defaults and the
5853 case value for firstbyte and reqbyte. */
5854
5855 if (*ptr == CHAR_RIGHT_PARENTHESIS)
5856 {
5857 if (code == cd->start_code + 1 + LINK_SIZE &&
5858 (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
5859 {
5860 cd->external_options = newoptions;
5861 }
5862 else
5863 {
5864 greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
5865 greedy_non_default = greedy_default ^ 1;
5866 req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
5867 }
5868
5869 /* Change options at this level, and pass them back for use
5870 in subsequent branches. */
5871
5872 *optionsptr = options = newoptions;
5873 previous = NULL; /* This item can't be repeated */
5874 continue; /* It is complete */
5875 }
5876
5877 /* If the options ended with ':' we are heading into a nested group
5878 with possible change of options. Such groups are non-capturing and are
5879 not assertions of any kind. All we need to do is skip over the ':';
5880 the newoptions value is handled below. */
5881
5882 bravalue = OP_BRA;
5883 ptr++;
5884 } /* End of switch for character following (? */
5885 } /* End of (? handling */
5886
5887 /* Opening parenthesis not followed by '*' or '?'. If PCRE_NO_AUTO_CAPTURE
5888 is set, all unadorned brackets become non-capturing and behave like (?:...)
5889 brackets. */
5890
5891 else if ((options & PCRE_NO_AUTO_CAPTURE) != 0)
5892 {
5893 bravalue = OP_BRA;
5894 }
5895
5896 /* Else we have a capturing group. */
5897
5898 else
5899 {
5900 NUMBERED_GROUP:
5901 cd->bracount += 1;
5902 PUT2(code, 1+LINK_SIZE, cd->bracount);
5903 skipbytes = 2;
5904 }
5905
5906 /* Process nested bracketed regex. Assertions used not to be repeatable,
5907 but this was changed for Perl compatibility, so all kinds can now be
5908 repeated. We copy code into a non-register variable (tempcode) in order to
5909 be able to pass its address because some compilers complain otherwise. */
5910
5911 previous = code; /* For handling repetition */
5912 *code = bravalue;
5913 tempcode = code;
5914 tempreqvary = cd->req_varyopt; /* Save value before bracket */
5915 length_prevgroup = 0; /* Initialize for pre-compile phase */
5916
5917 if (!compile_regex(
5918 newoptions, /* The complete new option state */
5919 &tempcode, /* Where to put code (updated) */
5920 &ptr, /* Input pointer (updated) */
5921 errorcodeptr, /* Where to put an error message */
5922 (bravalue == OP_ASSERTBACK ||
5923 bravalue == OP_ASSERTBACK_NOT), /* TRUE if back assert */
5924 reset_bracount, /* True if (?| group */
5925 skipbytes, /* Skip over bracket number */
5926 cond_depth +
5927 ((bravalue == OP_COND)?1:0), /* Depth of condition subpatterns */
5928 &subfirstbyte, /* For possible first char */
5929 &subreqbyte, /* For possible last char */
5930 bcptr, /* Current branch chain */
5931 cd, /* Tables block */
5932 (lengthptr == NULL)? NULL : /* Actual compile phase */
5933 &length_prevgroup /* Pre-compile phase */
5934 ))
5935 goto FAILED;
5936
5937 if (bravalue >= OP_ASSERT && bravalue <= OP_ASSERTBACK_NOT)
5938 cd->assert_depth -= 1;
5939
5940 /* At the end of compiling, code is still pointing to the start of the
5941 group, while tempcode has been updated to point past the end of the group
5942 and any option resetting that may follow it. The pattern pointer (ptr)
5943 is on the bracket. */
5944
5945 /* If this is a conditional bracket, check that there are no more than
5946 two branches in the group, or just one if it's a DEFINE group. We do this
5947 in the real compile phase, not in the pre-pass, where the whole group may
5948 not be available. */
5949
5950 if (bravalue == OP_COND && lengthptr == NULL)
5951 {
5952 uschar *tc = code;
5953 int condcount = 0;
5954
5955 do {
5956 condcount++;
5957 tc += GET(tc,1);
5958 }
5959 while (*tc != OP_KET);
5960
5961 /* A DEFINE group is never obeyed inline (the "condition" is always
5962 false). It must have only one branch. */
5963
5964 if (code[LINK_SIZE+1] == OP_DEF)
5965 {
5966 if (condcount > 1)
5967 {
5968 *errorcodeptr = ERR54;
5969 goto FAILED;
5970 }
5971 bravalue = OP_DEF; /* Just a flag to suppress char handling below */
5972 }
5973
5974 /* A "normal" conditional group. If there is just one branch, we must not
5975 make use of its firstbyte or reqbyte, because this is equivalent to an
5976 empty second branch. */
5977
5978 else
5979 {
5980 if (condcount > 2)
5981 {
5982 *errorcodeptr = ERR27;
5983 goto FAILED;
5984 }
5985 if (condcount == 1) subfirstbyte = subreqbyte = REQ_NONE;
5986 }
5987 }
5988
5989 /* Error if hit end of pattern */
5990
5991 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5992 {
5993 *errorcodeptr = ERR14;
5994 goto FAILED;
5995 }
5996
5997 /* In the pre-compile phase, update the length by the length of the group,
5998 less the brackets at either end. Then reduce the compiled code to just a
5999 set of non-capturing brackets so that it doesn't use much memory if it is
6000 duplicated by a quantifier.*/
6001
6002 if (lengthptr != NULL)
6003 {
6004 if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
6005 {
6006 *errorcodeptr = ERR20;
6007 goto FAILED;
6008 }
6009 *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;
6010 code++; /* This already contains bravalue */
6011 PUTINC(code, 0, 1 + LINK_SIZE);
6012 *code++ = OP_KET;
6013 PUTINC(code, 0, 1 + LINK_SIZE);
6014 break; /* No need to waste time with special character handling */
6015 }
6016
6017 /* Otherwise update the main code pointer to the end of the group. */
6018
6019 code = tempcode;
6020
6021 /* For a DEFINE group, required and first character settings are not
6022 relevant. */
6023
6024 if (bravalue == OP_DEF) break;
6025
6026 /* Handle updating of the required and first characters for other types of
6027 group. Update for normal brackets of all kinds, and conditions with two
6028 branches (see code above). If the bracket is followed by a quantifier with
6029 zero repeat, we have to back off. Hence the definition of zeroreqbyte and
6030 zerofirstbyte outside the main loop so that they can be accessed for the
6031 back off. */
6032
6033 zeroreqbyte = reqbyte;
6034 zerofirstbyte = firstbyte;
6035 groupsetfirstbyte = FALSE;
6036
6037 if (bravalue >= OP_ONCE)
6038 {
6039 /* If we have not yet set a firstbyte in this branch, take it from the
6040 subpattern, remembering that it was set here so that a repeat of more
6041 than one can replicate it as reqbyte if necessary. If the subpattern has
6042 no firstbyte, set "none" for the whole branch. In both cases, a zero
6043 repeat forces firstbyte to "none". */
6044
6045 if (firstbyte == REQ_UNSET)
6046 {
6047 if (subfirstbyte >= 0)
6048 {
6049 firstbyte = subfirstbyte;
6050 groupsetfirstbyte = TRUE;
6051 }
6052 else firstbyte = REQ_NONE;
6053 zerofirstbyte = REQ_NONE;
6054 }
6055
6056 /* If firstbyte was previously set, convert the subpattern's firstbyte
6057 into reqbyte if there wasn't one, using the vary flag that was in
6058 existence beforehand. */
6059
6060 else if (subfirstbyte >= 0 && subreqbyte < 0)
6061 subreqbyte = subfirstbyte | tempreqvary;
6062
6063 /* If the subpattern set a required byte (or set a first byte that isn't
6064 really the first byte - see above), set it. */
6065
6066 if (subreqbyte >= 0) reqbyte = subreqbyte;
6067 }
6068
6069 /* For a forward assertion, we take the reqbyte, if set. This can be
6070 helpful if the pattern that follows the assertion doesn't set a different
6071 char. For example, it's useful for /(?=abcde).+/. We can't set firstbyte
6072 for an assertion, however because it leads to incorrect effect for patterns
6073 such as /(?=a)a.+/ when the "real" "a" would then become a reqbyte instead
6074 of a firstbyte. This is overcome by a scan at the end if there's no
6075 firstbyte, looking for an asserted first char. */
6076
6077 else if (bravalue == OP_ASSERT && subreqbyte >= 0) reqbyte = subreqbyte;
6078 break; /* End of processing '(' */
6079
6080
6081 /* ===================================================================*/
6082 /* Handle metasequences introduced by \. For ones like \d, the ESC_ values
6083 are arranged to be the negation of the corresponding OP_values in the
6084 default case when PCRE_UCP is not set. For the back references, the values
6085 are ESC_REF plus the reference number. Only back references and those types
6086 that consume a character may be repeated. We can test for values between
6087 ESC_b and ESC_Z for the latter; this may have to change if any new ones are
6088 ever created. */
6089
6090 case CHAR_BACKSLASH:
6091 tempptr = ptr;
6092 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, FALSE);
6093 if (*errorcodeptr != 0) goto FAILED;
6094
6095 if (c < 0)
6096 {
6097 if (-c == ESC_Q) /* Handle start of quoted string */
6098 {
6099 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
6100 ptr += 2; /* avoid empty string */
6101 else inescq = TRUE;
6102 continue;
6103 }
6104
6105 if (-c == ESC_E) continue; /* Perl ignores an orphan \E */
6106
6107 /* For metasequences that actually match a character, we disable the
6108 setting of a first character if it hasn't already been set. */
6109
6110 if (firstbyte == REQ_UNSET && -c > ESC_b && -c < ESC_Z)
6111 firstbyte = REQ_NONE;
6112
6113 /* Set values to reset to if this is followed by a zero repeat. */
6114
6115 zerofirstbyte = firstbyte;
6116 zeroreqbyte = reqbyte;
6117
6118 /* \g<name> or \g'name' is a subroutine call by name and \g<n> or \g'n'
6119 is a subroutine call by number (Oniguruma syntax). In fact, the value
6120 -ESC_g is returned only for these cases. So we don't need to check for <
6121 or ' if the value is -ESC_g. For the Perl syntax \g{n} the value is
6122 -ESC_REF+n, and for the Perl syntax \g{name} the result is -ESC_k (as
6123 that is a synonym for a named back reference). */
6124
6125 if (-c == ESC_g)
6126 {
6127 const uschar *p;
6128 save_hwm = cd->hwm; /* Normally this is set when '(' is read */
6129 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6130 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
6131
6132 /* These two statements stop the compiler for warning about possibly
6133 unset variables caused by the jump to HANDLE_NUMERICAL_RECURSION. In
6134 fact, because we actually check for a number below, the paths that
6135 would actually be in error are never taken. */
6136
6137 skipbytes = 0;
6138 reset_bracount = FALSE;
6139
6140 /* Test for a name */
6141
6142 if (ptr[1] != CHAR_PLUS && ptr[1] != CHAR_MINUS)
6143 {
6144 BOOL isnumber = TRUE;
6145 for (p = ptr + 1; *p != 0 && *p != terminator; p++)
6146 {
6147 if ((cd->ctypes[*p] & ctype_digit) == 0) isnumber = FALSE;
6148 if ((cd->ctypes[*p] & ctype_word) == 0) break;
6149 }
6150 if (*p != terminator)
6151 {
6152 *errorcodeptr = ERR57;
6153 break;
6154 }
6155 if (isnumber)
6156 {
6157 ptr++;
6158 goto HANDLE_NUMERICAL_RECURSION;
6159 }
6160 is_recurse = TRUE;
6161 goto NAMED_REF_OR_RECURSE;
6162 }
6163
6164 /* Test a signed number in angle brackets or quotes. */
6165
6166 p = ptr + 2;
6167 while ((digitab[*p] & ctype_digit) != 0) p++;
6168 if (*p != terminator)
6169 {
6170 *errorcodeptr = ERR57;
6171 break;
6172 }
6173 ptr++;
6174 goto HANDLE_NUMERICAL_RECURSION;
6175 }
6176
6177 /* \k<name> or \k'name' is a back reference by name (Perl syntax).
6178 We also support \k{name} (.NET syntax). */
6179
6180 if (-c == ESC_k)
6181 {
6182 if ((ptr[1] != CHAR_LESS_THAN_SIGN &&
6183 ptr[1] != CHAR_APOSTROPHE && ptr[1] != CHAR_LEFT_CURLY_BRACKET))
6184 {
6185 *errorcodeptr = ERR69;
6186 break;
6187 }
6188 is_recurse = FALSE;
6189 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6190 CHAR_GREATER_THAN_SIGN : (*ptr == CHAR_APOSTROPHE)?
6191 CHAR_APOSTROPHE : CHAR_RIGHT_CURLY_BRACKET;
6192 goto NAMED_REF_OR_RECURSE;
6193 }
6194
6195 /* Back references are handled specially; must disable firstbyte if
6196 not set to cope with cases like (?=(\w+))\1: which would otherwise set
6197 ':' later. */
6198
6199 if (-c >= ESC_REF)
6200 {
6201 open_capitem *oc;
6202 recno = -c - ESC_REF;
6203
6204 HANDLE_REFERENCE: /* Come here from named backref handling */
6205 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
6206 previous = code;
6207 *code++ = ((options & PCRE_CASELESS) != 0)? OP_REFI : OP_REF;
6208 PUT2INC(code, 0, recno);
6209 cd->backref_map |= (recno < 32)? (1 << recno) : 1;
6210 if (recno > cd->top_backref) cd->top_backref = recno;
6211
6212 /* Check to see if this back reference is recursive, that it, it
6213 is inside the group that it references. A flag is set so that the
6214 group can be made atomic. */
6215
6216 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
6217 {
6218 if (oc->number == recno)
6219 {
6220 oc->flag = TRUE;
6221 break;
6222 }
6223 }
6224 }
6225
6226 /* So are Unicode property matches, if supported. */
6227
6228 #ifdef SUPPORT_UCP
6229 else if (-c == ESC_P || -c == ESC_p)
6230 {
6231 BOOL negated;
6232 int pdata;
6233 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
6234 if (ptype < 0) goto FAILED;
6235 previous = code;
6236 *code++ = ((-c == ESC_p) != negated)? OP_PROP : OP_NOTPROP;
6237 *code++ = ptype;
6238 *code++ = pdata;
6239 }
6240 #else
6241
6242 /* If Unicode properties are not supported, \X, \P, and \p are not
6243 allowed. */
6244
6245 else if (-c == ESC_X || -c == ESC_P || -c == ESC_p)
6246 {
6247 *errorcodeptr = ERR45;
6248 goto FAILED;
6249 }
6250 #endif
6251
6252 /* For the rest (including \X when Unicode properties are supported), we
6253 can obtain the OP value by negating the escape value in the default
6254 situation when PCRE_UCP is not set. When it *is* set, we substitute
6255 Unicode property tests. */
6256
6257 else
6258 {
6259 #ifdef SUPPORT_UCP
6260 if (-c >= ESC_DU && -c <= ESC_wu)
6261 {
6262 nestptr = ptr + 1; /* Where to resume */
6263 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
6264 }
6265 else
6266 #endif
6267 {
6268 previous = (-c > ESC_b && -c < ESC_Z)? code : NULL;
6269 *code++ = -c;
6270 }
6271 }
6272 continue;
6273 }
6274
6275 /* We have a data character whose value is in c. In UTF-8 mode it may have
6276 a value > 127. We set its representation in the length/buffer, and then
6277 handle it as a data character. */
6278
6279 #ifdef SUPPORT_UTF8
6280 if (utf8 && c > 127)
6281 mclength = _pcre_ord2utf8(c, mcbuffer);
6282 else
6283 #endif
6284
6285 {
6286 mcbuffer[0] = c;
6287 mclength = 1;
6288 }
6289 goto ONE_CHAR;
6290
6291
6292 /* ===================================================================*/
6293 /* Handle a literal character. It is guaranteed not to be whitespace or #
6294 when the extended flag is set. If we are in UTF-8 mode, it may be a
6295 multi-byte literal character. */
6296
6297 default:
6298 NORMAL_CHAR:
6299 mclength = 1;
6300 mcbuffer[0] = c;
6301
6302 #ifdef SUPPORT_UTF8
6303 if (utf8 && c >= 0xc0)
6304 {
6305 while ((ptr[1] & 0xc0) == 0x80)
6306 mcbuffer[mclength++] = *(++ptr);
6307 }
6308 #endif
6309
6310 /* At this point we have the character's bytes in mcbuffer, and the length
6311 in mclength. When not in UTF-8 mode, the length is always 1. */
6312
6313 ONE_CHAR:
6314 previous = code;
6315 *code++ = ((options & PCRE_CASELESS) != 0)? OP_CHARI : OP_CHAR;
6316 for (c = 0; c < mclength; c++) *code++ = mcbuffer[c];
6317
6318 /* Remember if \r or \n were seen */
6319
6320 if (mcbuffer[0] == CHAR_CR || mcbuffer[0] == CHAR_NL)
6321 cd->external_flags |= PCRE_HASCRORLF;
6322
6323 /* Set the first and required bytes appropriately. If no previous first
6324 byte, set it from this character, but revert to none on a zero repeat.
6325 Otherwise, leave the firstbyte value alone, and don't change it on a zero
6326 repeat. */
6327
6328 if (firstbyte == REQ_UNSET)
6329 {
6330 zerofirstbyte = REQ_NONE;
6331 zeroreqbyte = reqbyte;
6332
6333 /* If the character is more than one byte long, we can set firstbyte
6334 only if it is not to be matched caselessly. */
6335
6336 if (mclength == 1 || req_caseopt == 0)
6337 {
6338 firstbyte = mcbuffer[0] | req_caseopt;
6339 if (mclength != 1) reqbyte = code[-1] | cd->req_varyopt;
6340 }
6341 else firstbyte = reqbyte = REQ_NONE;
6342 }
6343
6344 /* firstbyte was previously set; we can set reqbyte only the length is
6345 1 or the matching is caseful. */
6346
6347 else
6348 {
6349 zerofirstbyte = firstbyte;
6350 zeroreqbyte = reqbyte;
6351 if (mclength == 1 || req_caseopt == 0)
6352 reqbyte = code[-1] | req_caseopt | cd->req_varyopt;
6353 }
6354
6355 break; /* End of literal character handling */
6356 }
6357 } /* end of big loop */
6358
6359
6360 /* Control never reaches here by falling through, only by a goto for all the
6361 error states. Pass back the position in the pattern so that it can be displayed
6362 to the user for diagnosing the error. */
6363
6364 FAILED:
6365 *ptrptr = ptr;
6366 return FALSE;
6367 }
6368
6369
6370
6371
6372 /*************************************************
6373 * Compile sequence of alternatives *
6374 *************************************************/
6375
6376 /* On entry, ptr is pointing past the bracket character, but on return it
6377 points to the closing bracket, or vertical bar, or end of string. The code
6378 variable is pointing at the byte into which the BRA operator has been stored.
6379 This function is used during the pre-compile phase when we are trying to find
6380 out the amount of memory needed, as well as during the real compile phase. The
6381 value of lengthptr distinguishes the two phases.
6382
6383 Arguments:
6384 options option bits, including any changes for this subpattern
6385 codeptr -> the address of the current code pointer
6386 ptrptr -> the address of the current pattern pointer
6387 errorcodeptr -> pointer to error code variable
6388 lookbehind TRUE if this is a lookbehind assertion
6389 reset_bracount TRUE to reset the count for each branch
6390 skipbytes skip this many bytes at start (for brackets and OP_COND)
6391 cond_depth depth of nesting for conditional subpatterns
6392 firstbyteptr place to put the first required character, or a negative number
6393 reqbyteptr place to put the last required character, or a negative number
6394 bcptr pointer to the chain of currently open branches
6395 cd points to the data block with tables pointers etc.
6396 lengthptr NULL during the real compile phase
6397 points to length accumulator during pre-compile phase
6398
6399 Returns: TRUE on success
6400 */
6401
6402 static BOOL
6403 compile_regex(int options, uschar **codeptr, const uschar **ptrptr,
6404 int *errorcodeptr, BOOL lookbehind, BOOL reset_bracount, int skipbytes,
6405 int cond_depth, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
6406 compile_data *cd, int *lengthptr)
6407 {
6408 const uschar *ptr = *ptrptr;
6409 uschar *code = *codeptr;
6410 uschar *last_branch = code;
6411 uschar *start_bracket = code;
6412 uschar *reverse_count = NULL;
6413 open_capitem capitem;
6414 int capnumber = 0;
6415 int firstbyte, reqbyte;
6416 int branchfirstbyte, branchreqbyte;
6417 int length;
6418 int orig_bracount;
6419 int max_bracount;
6420 branch_chain bc;
6421
6422 bc.outer = bcptr;
6423 bc.current_branch = code;
6424
6425 firstbyte = reqbyte = REQ_UNSET;
6426
6427 /* Accumulate the length for use in the pre-compile phase. Start with the
6428 length of the BRA and KET and any extra bytes that are required at the
6429 beginning. We accumulate in a local variable to save frequent testing of
6430 lenthptr for NULL. We cannot do this by looking at the value of code at the
6431 start and end of each alternative, because compiled items are discarded during
6432 the pre-compile phase so that the work space is not exceeded. */
6433
6434 length = 2 + 2*LINK_SIZE + skipbytes;
6435
6436 /* WARNING: If the above line is changed for any reason, you must also change
6437 the code that abstracts option settings at the start of the pattern and makes
6438 them global. It tests the value of length for (2 + 2*LINK_SIZE) in the
6439 pre-compile phase to find out whether anything has yet been compiled or not. */
6440
6441 /* If this is a capturing subpattern, add to the chain of open capturing items
6442 so that we can detect them if (*ACCEPT) is encountered. This is also used to
6443 detect groups that contain recursive back references to themselves. Note that
6444 only OP_CBRA need be tested here; changing this opcode to one of its variants,
6445 e.g. OP_SCBRAPOS, happens later, after the group has been compiled. */
6446
6447 if (*code == OP_CBRA)
6448 {
6449 capnumber = GET2(code, 1 + LINK_SIZE);
6450 capitem.number = capnumber;
6451 capitem.next = cd->open_caps;
6452 capitem.flag = FALSE;
6453 cd->open_caps = &capitem;
6454 }
6455
6456 /* Offset is set zero to mark that this bracket is still open */
6457
6458 PUT(code, 1, 0);
6459 code += 1 + LINK_SIZE + skipbytes;
6460
6461 /* Loop for each alternative branch */
6462
6463 orig_bracount = max_bracount = cd->bracount;
6464 for (;;)
6465 {
6466 /* For a (?| group, reset the capturing bracket count so that each branch
6467 uses the same numbers. */
6468
6469 if (reset_bracount) cd->bracount = orig_bracount;
6470
6471 /* Set up dummy OP_REVERSE if lookbehind assertion */
6472
6473 if (lookbehind)
6474 {
6475 *code++ = OP_REVERSE;
6476 reverse_count = code;
6477 PUTINC(code, 0, 0);
6478 length += 1 + LINK_SIZE;
6479 }
6480
6481 /* Now compile the branch; in the pre-compile phase its length gets added
6482 into the length. */
6483
6484 if (!compile_branch(&options, &code, &ptr, errorcodeptr, &branchfirstbyte,
6485 &branchreqbyte, &bc, cond_depth, cd,
6486 (lengthptr == NULL)? NULL : &length))
6487 {
6488 *ptrptr = ptr;
6489 return FALSE;
6490 }
6491
6492 /* Keep the highest bracket count in case (?| was used and some branch
6493 has fewer than the rest. */
6494
6495 if (cd->bracount > max_bracount) max_bracount = cd->bracount;
6496
6497 /* In the real compile phase, there is some post-processing to be done. */
6498
6499 if (lengthptr == NULL)
6500 {
6501 /* If this is the first branch, the firstbyte and reqbyte values for the
6502 branch become the values for the regex. */
6503
6504 if (*last_branch != OP_ALT)
6505 {
6506 firstbyte = branchfirstbyte;
6507 reqbyte = branchreqbyte;
6508 }
6509
6510 /* If this is not the first branch, the first char and reqbyte have to
6511 match the values from all the previous branches, except that if the
6512 previous value for reqbyte didn't have REQ_VARY set, it can still match,
6513 and we set REQ_VARY for the regex. */
6514
6515 else
6516 {
6517 /* If we previously had a firstbyte, but it doesn't match the new branch,
6518 we have to abandon the firstbyte for the regex, but if there was
6519 previously no reqbyte, it takes on the value of the old firstbyte. */
6520
6521 if (firstbyte >= 0 && firstbyte != branchfirstbyte)
6522 {
6523 if (reqbyte < 0) reqbyte = firstbyte;
6524 firstbyte = REQ_NONE;
6525 }
6526
6527 /* If we (now or from before) have no firstbyte, a firstbyte from the
6528 branch becomes a reqbyte if there isn't a branch reqbyte. */
6529
6530 if (firstbyte < 0 && branchfirstbyte >= 0 && branchreqbyte < 0)
6531 branchreqbyte = branchfirstbyte;
6532
6533 /* Now ensure that the reqbytes match */
6534
6535 if ((reqbyte & ~REQ_VARY) != (branchreqbyte & ~REQ_VARY))
6536 reqbyte = REQ_NONE;
6537 else reqbyte |= branchreqbyte; /* To "or" REQ_VARY */
6538 }
6539
6540 /* If lookbehind, check that this branch matches a fixed-length string, and
6541 put the length into the OP_REVERSE item. Temporarily mark the end of the
6542 branch with OP_END. If the branch contains OP_RECURSE, the result is -3
6543 because there may be forward references that we can't check here. Set a
6544 flag to cause another lookbehind check at the end. Why not do it all at the
6545 end? Because common, erroneous checks are picked up here and the offset of
6546 the problem can be shown. */
6547
6548 if (lookbehind)
6549 {
6550 int fixed_length;
6551 *code = OP_END;
6552 fixed_length = find_fixedlength(last_branch, (options & PCRE_UTF8) != 0,
6553 FALSE, cd);
6554 DPRINTF(("fixed length = %d\n", fixed_length));
6555 if (fixed_length == -3)
6556 {
6557 cd->check_lookbehind = TRUE;
6558 }
6559 else if (fixed_length < 0)
6560 {
6561 *errorcodeptr = (fixed_length == -2)? ERR36 : ERR25;
6562 *ptrptr = ptr;
6563 return FALSE;
6564 }
6565 else { PUT(reverse_count, 0, fixed_length); }
6566 }
6567 }
6568
6569 /* Reached end of expression, either ')' or end of pattern. In the real
6570 compile phase, go back through the alternative branches and reverse the chain
6571 of offsets, with the field in the BRA item now becoming an offset to the
6572 first alternative. If there are no alternatives, it points to the end of the
6573 group. The length in the terminating ket is always the length of the whole
6574 bracketed item. Return leaving the pointer at the terminating char. */
6575
6576 if (*ptr != CHAR_VERTICAL_LINE)
6577 {
6578 if (lengthptr == NULL)
6579 {
6580 int branch_length = (int)(code - last_branch);
6581 do
6582 {
6583 int prev_length = GET(last_branch, 1);
6584 PUT(last_branch, 1, branch_length);
6585 branch_length = prev_length;
6586 last_branch -= branch_length;
6587 }
6588 while (branch_length > 0);
6589 }
6590
6591 /* Fill in the ket */
6592
6593 *code = OP_KET;
6594 PUT(code, 1, (int)(code - start_bracket));
6595 code += 1 + LINK_SIZE;
6596
6597 /* If it was a capturing subpattern, check to see if it contained any
6598 recursive back references. If so, we must wrap it in atomic brackets.
6599 In any event, remove the block from the chain. */
6600
6601 if (capnumber > 0)
6602 {
6603 if (cd->open_caps->flag)
6604 {
6605 memmove(start_bracket + 1 + LINK_SIZE, start_bracket,
6606 code - start_bracket);
6607 *start_bracket = OP_ONCE;
6608 code += 1 + LINK_SIZE;
6609 PUT(start_bracket, 1, (int)(code - start_bracket));
6610 *code = OP_KET;
6611 PUT(code, 1, (int)(code - start_bracket));
6612 code += 1 + LINK_SIZE;
6613 length += 2 + 2*LINK_SIZE;
6614 }
6615 cd->open_caps = cd->open_caps->next;
6616 }
6617
6618 /* Retain the highest bracket number, in case resetting was used. */
6619
6620 cd->bracount = max_bracount;
6621
6622 /* Set values to pass back */
6623
6624 *codeptr = code;
6625 *ptrptr = ptr;
6626 *firstbyteptr = firstbyte;
6627 *reqbyteptr = reqbyte;
6628 if (lengthptr != NULL)
6629 {
6630 if (OFLOW_MAX - *lengthptr < length)
6631 {
6632 *errorcodeptr = ERR20;
6633 return FALSE;
6634 }
6635 *lengthptr += length;
6636 }
6637 return TRUE;
6638 }
6639
6640 /* Another branch follows. In the pre-compile phase, we can move the code
6641 pointer back to where it was for the start of the first branch. (That is,
6642 pretend that each branch is the only one.)
6643
6644 In the real compile phase, insert an ALT node. Its length field points back
6645 to the previous branch while the bracket remains open. At the end the chain
6646 is reversed. It's done like this so that the start of the bracket has a
6647 zero offset until it is closed, making it possible to detect recursion. */
6648