/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Contents of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 760 - (show annotations)
Tue Nov 22 11:23:43 2011 UTC (7 years, 9 months ago) by ph10
File MIME type: text/plain
File size: 251631 byte(s)
Test for workspace overflow with forward reference data.
1 /*************************************************
2 * Perl-Compatible Regular Expressions *
3 *************************************************/
4
5 /* PCRE is a library of functions to support regular expressions whose syntax
6 and semantics are as close as possible to those of the Perl 5 language.
7
8 Written by Philip Hazel
9 Copyright (c) 1997-2011 University of Cambridge
10
11 -----------------------------------------------------------------------------
12 Redistribution and use in source and binary forms, with or without
13 modification, are permitted provided that the following conditions are met:
14
15 * Redistributions of source code must retain the above copyright notice,
16 this list of conditions and the following disclaimer.
17
18 * Redistributions in binary form must reproduce the above copyright
19 notice, this list of conditions and the following disclaimer in the
20 documentation and/or other materials provided with the distribution.
21
22 * Neither the name of the University of Cambridge nor the names of its
23 contributors may be used to endorse or promote products derived from
24 this software without specific prior written permission.
25
26 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
27 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
30 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
37 -----------------------------------------------------------------------------
38 */
39
40
41 /* This module contains the external function pcre_compile(), along with
42 supporting internal functions that are not used by other modules. */
43
44
45 #ifdef HAVE_CONFIG_H
46 #include "config.h"
47 #endif
48
49 #define NLBLOCK cd /* Block containing newline information */
50 #define PSSTART start_pattern /* Field containing processed string start */
51 #define PSEND end_pattern /* Field containing processed string end */
52
53 #include "pcre_internal.h"
54
55
56 /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
57 also used by pcretest. PCRE_DEBUG is not defined when building a production
58 library. */
59
60 #ifdef PCRE_DEBUG
61 #include "pcre_printint.src"
62 #endif
63
64
65 /* Macro for setting individual bits in class bitmaps. */
66
67 #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
68
69 /* Maximum length value to check against when making sure that the integer that
70 holds the compiled pattern length does not overflow. We make it a bit less than
71 INT_MAX to allow for adding in group terminating bytes, so that we don't have
72 to check them every time. */
73
74 #define OFLOW_MAX (INT_MAX - 20)
75
76
77 /*************************************************
78 * Code parameters and static tables *
79 *************************************************/
80
81 /* This value specifies the size of stack workspace that is used during the
82 first pre-compile phase that determines how much memory is required. The regex
83 is partly compiled into this space, but the compiled parts are discarded as
84 soon as they can be, so that hopefully there will never be an overrun. The code
85 does, however, check for an overrun. The largest amount I've seen used is 218,
86 so this number is very generous.
87
88 The same workspace is used during the second, actual compile phase for
89 remembering forward references to groups so that they can be filled in at the
90 end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
91 is 4 there is plenty of room. */
92
93 #define COMPILE_WORK_SIZE (4096)
94
95 /* The overrun tests check for a slightly smaller size so that they detect the
96 overrun before it actually does run off the end of the data block. */
97
98 #define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
99
100
101 /* Table for handling escaped characters in the range '0'-'z'. Positive returns
102 are simple data values; negative values are for special things like \d and so
103 on. Zero means further processing is needed (for things like \x), or the escape
104 is invalid. */
105
106 #ifndef EBCDIC
107
108 /* This is the "normal" table for ASCII systems or for EBCDIC systems running
109 in UTF-8 mode. */
110
111 static const short int escapes[] = {
112 0, 0,
113 0, 0,
114 0, 0,
115 0, 0,
116 0, 0,
117 CHAR_COLON, CHAR_SEMICOLON,
118 CHAR_LESS_THAN_SIGN, CHAR_EQUALS_SIGN,
119 CHAR_GREATER_THAN_SIGN, CHAR_QUESTION_MARK,
120 CHAR_COMMERCIAL_AT, -ESC_A,
121 -ESC_B, -ESC_C,
122 -ESC_D, -ESC_E,
123 0, -ESC_G,
124 -ESC_H, 0,
125 0, -ESC_K,
126 0, 0,
127 -ESC_N, 0,
128 -ESC_P, -ESC_Q,
129 -ESC_R, -ESC_S,
130 0, 0,
131 -ESC_V, -ESC_W,
132 -ESC_X, 0,
133 -ESC_Z, CHAR_LEFT_SQUARE_BRACKET,
134 CHAR_BACKSLASH, CHAR_RIGHT_SQUARE_BRACKET,
135 CHAR_CIRCUMFLEX_ACCENT, CHAR_UNDERSCORE,
136 CHAR_GRAVE_ACCENT, 7,
137 -ESC_b, 0,
138 -ESC_d, ESC_e,
139 ESC_f, 0,
140 -ESC_h, 0,
141 0, -ESC_k,
142 0, 0,
143 ESC_n, 0,
144 -ESC_p, 0,
145 ESC_r, -ESC_s,
146 ESC_tee, 0,
147 -ESC_v, -ESC_w,
148 0, 0,
149 -ESC_z
150 };
151
152 #else
153
154 /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
155
156 static const short int escapes[] = {
157 /* 48 */ 0, 0, 0, '.', '<', '(', '+', '|',
158 /* 50 */ '&', 0, 0, 0, 0, 0, 0, 0,
159 /* 58 */ 0, 0, '!', '$', '*', ')', ';', '~',
160 /* 60 */ '-', '/', 0, 0, 0, 0, 0, 0,
161 /* 68 */ 0, 0, '|', ',', '%', '_', '>', '?',
162 /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0,
163 /* 78 */ 0, '`', ':', '#', '@', '\'', '=', '"',
164 /* 80 */ 0, 7, -ESC_b, 0, -ESC_d, ESC_e, ESC_f, 0,
165 /* 88 */-ESC_h, 0, 0, '{', 0, 0, 0, 0,
166 /* 90 */ 0, 0, -ESC_k, 'l', 0, ESC_n, 0, -ESC_p,
167 /* 98 */ 0, ESC_r, 0, '}', 0, 0, 0, 0,
168 /* A0 */ 0, '~', -ESC_s, ESC_tee, 0,-ESC_v, -ESC_w, 0,
169 /* A8 */ 0,-ESC_z, 0, 0, 0, '[', 0, 0,
170 /* B0 */ 0, 0, 0, 0, 0, 0, 0, 0,
171 /* B8 */ 0, 0, 0, 0, 0, ']', '=', '-',
172 /* C0 */ '{',-ESC_A, -ESC_B, -ESC_C, -ESC_D,-ESC_E, 0, -ESC_G,
173 /* C8 */-ESC_H, 0, 0, 0, 0, 0, 0, 0,
174 /* D0 */ '}', 0, -ESC_K, 0, 0,-ESC_N, 0, -ESC_P,
175 /* D8 */-ESC_Q,-ESC_R, 0, 0, 0, 0, 0, 0,
176 /* E0 */ '\\', 0, -ESC_S, 0, 0,-ESC_V, -ESC_W, -ESC_X,
177 /* E8 */ 0,-ESC_Z, 0, 0, 0, 0, 0, 0,
178 /* F0 */ 0, 0, 0, 0, 0, 0, 0, 0,
179 /* F8 */ 0, 0, 0, 0, 0, 0, 0, 0
180 };
181 #endif
182
183
184 /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
185 searched linearly. Put all the names into a single string, in order to reduce
186 the number of relocations when a shared library is dynamically linked. The
187 string is built from string macros so that it works in UTF-8 mode on EBCDIC
188 platforms. */
189
190 typedef struct verbitem {
191 int len; /* Length of verb name */
192 int op; /* Op when no arg, or -1 if arg mandatory */
193 int op_arg; /* Op when arg present, or -1 if not allowed */
194 } verbitem;
195
196 static const char verbnames[] =
197 "\0" /* Empty name is a shorthand for MARK */
198 STRING_MARK0
199 STRING_ACCEPT0
200 STRING_COMMIT0
201 STRING_F0
202 STRING_FAIL0
203 STRING_PRUNE0
204 STRING_SKIP0
205 STRING_THEN;
206
207 static const verbitem verbs[] = {
208 { 0, -1, OP_MARK },
209 { 4, -1, OP_MARK },
210 { 6, OP_ACCEPT, -1 },
211 { 6, OP_COMMIT, -1 },
212 { 1, OP_FAIL, -1 },
213 { 4, OP_FAIL, -1 },
214 { 5, OP_PRUNE, OP_PRUNE_ARG },
215 { 4, OP_SKIP, OP_SKIP_ARG },
216 { 4, OP_THEN, OP_THEN_ARG }
217 };
218
219 static const int verbcount = sizeof(verbs)/sizeof(verbitem);
220
221
222 /* Tables of names of POSIX character classes and their lengths. The names are
223 now all in a single string, to reduce the number of relocations when a shared
224 library is dynamically loaded. The list of lengths is terminated by a zero
225 length entry. The first three must be alpha, lower, upper, as this is assumed
226 for handling case independence. */
227
228 static const char posix_names[] =
229 STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
230 STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
231 STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
232 STRING_word0 STRING_xdigit;
233
234 static const uschar posix_name_lengths[] = {
235 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
236
237 /* Table of class bit maps for each POSIX class. Each class is formed from a
238 base map, with an optional addition or removal of another map. Then, for some
239 classes, there is some additional tweaking: for [:blank:] the vertical space
240 characters are removed, and for [:alpha:] and [:alnum:] the underscore
241 character is removed. The triples in the table consist of the base map offset,
242 second map offset or -1 if no second map, and a non-negative value for map
243 addition or a negative value for map subtraction (if there are two maps). The
244 absolute value of the third field has these meanings: 0 => no tweaking, 1 =>
245 remove vertical space characters, 2 => remove underscore. */
246
247 static const int posix_class_maps[] = {
248 cbit_word, cbit_digit, -2, /* alpha */
249 cbit_lower, -1, 0, /* lower */
250 cbit_upper, -1, 0, /* upper */
251 cbit_word, -1, 2, /* alnum - word without underscore */
252 cbit_print, cbit_cntrl, 0, /* ascii */
253 cbit_space, -1, 1, /* blank - a GNU extension */
254 cbit_cntrl, -1, 0, /* cntrl */
255 cbit_digit, -1, 0, /* digit */
256 cbit_graph, -1, 0, /* graph */
257 cbit_print, -1, 0, /* print */
258 cbit_punct, -1, 0, /* punct */
259 cbit_space, -1, 0, /* space */
260 cbit_word, -1, 0, /* word - a Perl extension */
261 cbit_xdigit,-1, 0 /* xdigit */
262 };
263
264 /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
265 substitutes must be in the order of the names, defined above, and there are
266 both positive and negative cases. NULL means no substitute. */
267
268 #ifdef SUPPORT_UCP
269 static const uschar *substitutes[] = {
270 (uschar *)"\\P{Nd}", /* \D */
271 (uschar *)"\\p{Nd}", /* \d */
272 (uschar *)"\\P{Xsp}", /* \S */ /* NOTE: Xsp is Perl space */
273 (uschar *)"\\p{Xsp}", /* \s */
274 (uschar *)"\\P{Xwd}", /* \W */
275 (uschar *)"\\p{Xwd}" /* \w */
276 };
277
278 static const uschar *posix_substitutes[] = {
279 (uschar *)"\\p{L}", /* alpha */
280 (uschar *)"\\p{Ll}", /* lower */
281 (uschar *)"\\p{Lu}", /* upper */
282 (uschar *)"\\p{Xan}", /* alnum */
283 NULL, /* ascii */
284 (uschar *)"\\h", /* blank */
285 NULL, /* cntrl */
286 (uschar *)"\\p{Nd}", /* digit */
287 NULL, /* graph */
288 NULL, /* print */
289 NULL, /* punct */
290 (uschar *)"\\p{Xps}", /* space */ /* NOTE: Xps is POSIX space */
291 (uschar *)"\\p{Xwd}", /* word */
292 NULL, /* xdigit */
293 /* Negated cases */
294 (uschar *)"\\P{L}", /* ^alpha */
295 (uschar *)"\\P{Ll}", /* ^lower */
296 (uschar *)"\\P{Lu}", /* ^upper */
297 (uschar *)"\\P{Xan}", /* ^alnum */
298 NULL, /* ^ascii */
299 (uschar *)"\\H", /* ^blank */
300 NULL, /* ^cntrl */
301 (uschar *)"\\P{Nd}", /* ^digit */
302 NULL, /* ^graph */
303 NULL, /* ^print */
304 NULL, /* ^punct */
305 (uschar *)"\\P{Xps}", /* ^space */ /* NOTE: Xps is POSIX space */
306 (uschar *)"\\P{Xwd}", /* ^word */
307 NULL /* ^xdigit */
308 };
309 #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
310 #endif
311
312 #define STRING(a) # a
313 #define XSTRING(s) STRING(s)
314
315 /* The texts of compile-time error messages. These are "char *" because they
316 are passed to the outside world. Do not ever re-use any error number, because
317 they are documented. Always add a new error instead. Messages marked DEAD below
318 are no longer used. This used to be a table of strings, but in order to reduce
319 the number of relocations needed when a shared library is loaded dynamically,
320 it is now one long string. We cannot use a table of offsets, because the
321 lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
322 simply count through to the one we want - this isn't a performance issue
323 because these strings are used only when there is a compilation error.
324
325 Each substring ends with \0 to insert a null character. This includes the final
326 substring, so that the whole string ends with \0\0, which can be detected when
327 counting through. */
328
329 static const char error_texts[] =
330 "no error\0"
331 "\\ at end of pattern\0"
332 "\\c at end of pattern\0"
333 "unrecognized character follows \\\0"
334 "numbers out of order in {} quantifier\0"
335 /* 5 */
336 "number too big in {} quantifier\0"
337 "missing terminating ] for character class\0"
338 "invalid escape sequence in character class\0"
339 "range out of order in character class\0"
340 "nothing to repeat\0"
341 /* 10 */
342 "operand of unlimited repeat could match the empty string\0" /** DEAD **/
343 "internal error: unexpected repeat\0"
344 "unrecognized character after (? or (?-\0"
345 "POSIX named classes are supported only within a class\0"
346 "missing )\0"
347 /* 15 */
348 "reference to non-existent subpattern\0"
349 "erroffset passed as NULL\0"
350 "unknown option bit(s) set\0"
351 "missing ) after comment\0"
352 "parentheses nested too deeply\0" /** DEAD **/
353 /* 20 */
354 "regular expression is too large\0"
355 "failed to get memory\0"
356 "unmatched parentheses\0"
357 "internal error: code overflow\0"
358 "unrecognized character after (?<\0"
359 /* 25 */
360 "lookbehind assertion is not fixed length\0"
361 "malformed number or name after (?(\0"
362 "conditional group contains more than two branches\0"
363 "assertion expected after (?(\0"
364 "(?R or (?[+-]digits must be followed by )\0"
365 /* 30 */
366 "unknown POSIX class name\0"
367 "POSIX collating elements are not supported\0"
368 "this version of PCRE is not compiled with PCRE_UTF8 support\0"
369 "spare error\0" /** DEAD **/
370 "character value in \\x{...} sequence is too large\0"
371 /* 35 */
372 "invalid condition (?(0)\0"
373 "\\C not allowed in lookbehind assertion\0"
374 "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
375 "number after (?C is > 255\0"
376 "closing ) for (?C expected\0"
377 /* 40 */
378 "recursive call could loop indefinitely\0"
379 "unrecognized character after (?P\0"
380 "syntax error in subpattern name (missing terminator)\0"
381 "two named subpatterns have the same name\0"
382 "invalid UTF-8 string\0"
383 /* 45 */
384 "support for \\P, \\p, and \\X has not been compiled\0"
385 "malformed \\P or \\p sequence\0"
386 "unknown property name after \\P or \\p\0"
387 "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
388 "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
389 /* 50 */
390 "repeated subpattern is too long\0" /** DEAD **/
391 "octal value is greater than \\377 (not in UTF-8 mode)\0"
392 "internal error: overran compiling workspace\0"
393 "internal error: previously-checked referenced subpattern not found\0"
394 "DEFINE group contains more than one branch\0"
395 /* 55 */
396 "repeating a DEFINE group is not allowed\0" /** DEAD **/
397 "inconsistent NEWLINE options\0"
398 "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
399 "a numbered reference must not be zero\0"
400 "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
401 /* 60 */
402 "(*VERB) not recognized\0"
403 "number is too big\0"
404 "subpattern name expected\0"
405 "digit expected after (?+\0"
406 "] is an invalid data character in JavaScript compatibility mode\0"
407 /* 65 */
408 "different names for subpatterns of the same number are not allowed\0"
409 "(*MARK) must have an argument\0"
410 "this version of PCRE is not compiled with PCRE_UCP support\0"
411 "\\c must be followed by an ASCII character\0"
412 "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
413 /* 70 */
414 "internal error: unknown opcode in find_fixedlength()\0"
415 "\\N is not supported in a class\0"
416 "too many forward references\0"
417 ;
418
419 /* Table to identify digits and hex digits. This is used when compiling
420 patterns. Note that the tables in chartables are dependent on the locale, and
421 may mark arbitrary characters as digits - but the PCRE compiling code expects
422 to handle only 0-9, a-z, and A-Z as digits when compiling. That is why we have
423 a private table here. It costs 256 bytes, but it is a lot faster than doing
424 character value tests (at least in some simple cases I timed), and in some
425 applications one wants PCRE to compile efficiently as well as match
426 efficiently.
427
428 For convenience, we use the same bit definitions as in chartables:
429
430 0x04 decimal digit
431 0x08 hexadecimal digit
432
433 Then we can use ctype_digit and ctype_xdigit in the code. */
434
435 #ifndef EBCDIC
436
437 /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
438 UTF-8 mode. */
439
440 static const unsigned char digitab[] =
441 {
442 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 */
443 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
444 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 */
445 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
446 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - ' */
447 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ( - / */
448 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 */
449 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00, /* 8 - ? */
450 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* @ - G */
451 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H - O */
452 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* P - W */
453 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* X - _ */
454 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* ` - g */
455 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h - o */
456 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p - w */
457 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x -127 */
458 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 128-135 */
459 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 136-143 */
460 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144-151 */
461 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 152-159 */
462 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160-167 */
463 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 168-175 */
464 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 176-183 */
465 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
466 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 192-199 */
467 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 200-207 */
468 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 208-215 */
469 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 216-223 */
470 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 224-231 */
471 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 232-239 */
472 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
473 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
474
475 #else
476
477 /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
478
479 static const unsigned char digitab[] =
480 {
481 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 0 */
482 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
483 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 10 */
484 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
485 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 32- 39 20 */
486 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
487 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 30 */
488 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
489 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 40 */
490 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 72- | */
491 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 50 */
492 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 88- 95 */
493 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 60 */
494 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ? */
495 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
496 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
497 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* 128- g 80 */
498 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
499 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144- p 90 */
500 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
501 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160- x A0 */
502 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
503 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 B0 */
504 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
505 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* { - G C0 */
506 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
507 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* } - P D0 */
508 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
509 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* \ - X E0 */
510 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
511 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 F0 */
512 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
513
514 static const unsigned char ebcdic_chartab[] = { /* chartable partial dup */
515 0x80,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 0- 7 */
516 0x00,0x00,0x00,0x00,0x01,0x01,0x00,0x00, /* 8- 15 */
517 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 16- 23 */
518 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
519 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 32- 39 */
520 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
521 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 */
522 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
523 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 */
524 0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /* 72- | */
525 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 */
526 0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /* 88- 95 */
527 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 */
528 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ? */
529 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
530 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
531 0x00,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* 128- g */
532 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
533 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* 144- p */
534 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
535 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* 160- x */
536 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
537 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 */
538 0x00,0x00,0x80,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
539 0x80,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* { - G */
540 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
541 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* } - P */
542 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
543 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* \ - X */
544 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
545 0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c, /* 0 - 7 */
546 0x1c,0x1c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
547 #endif
548
549
550 /* Definition to allow mutual recursion */
551
552 static BOOL
553 compile_regex(int, uschar **, const uschar **, int *, BOOL, BOOL, int, int,
554 int *, int *, branch_chain *, compile_data *, int *);
555
556
557
558 /*************************************************
559 * Find an error text *
560 *************************************************/
561
562 /* The error texts are now all in one long string, to save on relocations. As
563 some of the text is of unknown length, we can't use a table of offsets.
564 Instead, just count through the strings. This is not a performance issue
565 because it happens only when there has been a compilation error.
566
567 Argument: the error number
568 Returns: pointer to the error string
569 */
570
571 static const char *
572 find_error_text(int n)
573 {
574 const char *s = error_texts;
575 for (; n > 0; n--)
576 {
577 while (*s++ != 0) {};
578 if (*s == 0) return "Error text not found (please report)";
579 }
580 return s;
581 }
582
583
584 /*************************************************
585 * Check for counted repeat *
586 *************************************************/
587
588 /* This function is called when a '{' is encountered in a place where it might
589 start a quantifier. It looks ahead to see if it really is a quantifier or not.
590 It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
591 where the ddds are digits.
592
593 Arguments:
594 p pointer to the first char after '{'
595
596 Returns: TRUE or FALSE
597 */
598
599 static BOOL
600 is_counted_repeat(const uschar *p)
601 {
602 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
603 while ((digitab[*p] & ctype_digit) != 0) p++;
604 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
605
606 if (*p++ != CHAR_COMMA) return FALSE;
607 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
608
609 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
610 while ((digitab[*p] & ctype_digit) != 0) p++;
611
612 return (*p == CHAR_RIGHT_CURLY_BRACKET);
613 }
614
615
616
617 /*************************************************
618 * Handle escapes *
619 *************************************************/
620
621 /* This function is called when a \ has been encountered. It either returns a
622 positive value for a simple escape such as \n, or a negative value which
623 encodes one of the more complicated things such as \d. A backreference to group
624 n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
625 UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
626 ptr is pointing at the \. On exit, it is on the final character of the escape
627 sequence.
628
629 Arguments:
630 ptrptr points to the pattern position pointer
631 errorcodeptr points to the errorcode variable
632 bracount number of previous extracting brackets
633 options the options bits
634 isclass TRUE if inside a character class
635
636 Returns: zero or positive => a data character
637 negative => a special escape sequence
638 on error, errorcodeptr is set
639 */
640
641 static int
642 check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,
643 int options, BOOL isclass)
644 {
645 BOOL utf8 = (options & PCRE_UTF8) != 0;
646 const uschar *ptr = *ptrptr + 1;
647 int c, i;
648
649 GETCHARINCTEST(c, ptr); /* Get character value, increment pointer */
650 ptr--; /* Set pointer back to the last byte */
651
652 /* If backslash is at the end of the pattern, it's an error. */
653
654 if (c == 0) *errorcodeptr = ERR1;
655
656 /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
657 in a table. A non-zero result is something that can be returned immediately.
658 Otherwise further processing may be required. */
659
660 #ifndef EBCDIC /* ASCII/UTF-8 coding */
661 else if (c < CHAR_0 || c > CHAR_z) {} /* Not alphanumeric */
662 else if ((i = escapes[c - CHAR_0]) != 0) c = i;
663
664 #else /* EBCDIC coding */
665 else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {} /* Not alphanumeric */
666 else if ((i = escapes[c - 0x48]) != 0) c = i;
667 #endif
668
669 /* Escapes that need further processing, or are illegal. */
670
671 else
672 {
673 const uschar *oldptr;
674 BOOL braced, negated;
675
676 switch (c)
677 {
678 /* A number of Perl escapes are not handled by PCRE. We give an explicit
679 error. */
680
681 case CHAR_l:
682 case CHAR_L:
683 *errorcodeptr = ERR37;
684 break;
685
686 case CHAR_u:
687 if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
688 {
689 /* In JavaScript, \u must be followed by four hexadecimal numbers.
690 Otherwise it is a lowercase u letter. */
691 if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0
692 && (digitab[ptr[3]] & ctype_xdigit) != 0 && (digitab[ptr[4]] & ctype_xdigit) != 0)
693 {
694 c = 0;
695 for (i = 0; i < 4; ++i)
696 {
697 register int cc = *(++ptr);
698 #ifndef EBCDIC /* ASCII/UTF-8 coding */
699 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
700 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
701 #else /* EBCDIC coding */
702 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
703 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
704 #endif
705 }
706 }
707 }
708 else
709 *errorcodeptr = ERR37;
710 break;
711
712 case CHAR_U:
713 /* In JavaScript, \U is an uppercase U letter. */
714 if ((options & PCRE_JAVASCRIPT_COMPAT) == 0) *errorcodeptr = ERR37;
715 break;
716
717 /* In a character class, \g is just a literal "g". Outside a character
718 class, \g must be followed by one of a number of specific things:
719
720 (1) A number, either plain or braced. If positive, it is an absolute
721 backreference. If negative, it is a relative backreference. This is a Perl
722 5.10 feature.
723
724 (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
725 is part of Perl's movement towards a unified syntax for back references. As
726 this is synonymous with \k{name}, we fudge it up by pretending it really
727 was \k.
728
729 (3) For Oniguruma compatibility we also support \g followed by a name or a
730 number either in angle brackets or in single quotes. However, these are
731 (possibly recursive) subroutine calls, _not_ backreferences. Just return
732 the -ESC_g code (cf \k). */
733
734 case CHAR_g:
735 if (isclass) break;
736 if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
737 {
738 c = -ESC_g;
739 break;
740 }
741
742 /* Handle the Perl-compatible cases */
743
744 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
745 {
746 const uschar *p;
747 for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
748 if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
749 if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
750 {
751 c = -ESC_k;
752 break;
753 }
754 braced = TRUE;
755 ptr++;
756 }
757 else braced = FALSE;
758
759 if (ptr[1] == CHAR_MINUS)
760 {
761 negated = TRUE;
762 ptr++;
763 }
764 else negated = FALSE;
765
766 c = 0;
767 while ((digitab[ptr[1]] & ctype_digit) != 0)
768 c = c * 10 + *(++ptr) - CHAR_0;
769
770 if (c < 0) /* Integer overflow */
771 {
772 *errorcodeptr = ERR61;
773 break;
774 }
775
776 if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
777 {
778 *errorcodeptr = ERR57;
779 break;
780 }
781
782 if (c == 0)
783 {
784 *errorcodeptr = ERR58;
785 break;
786 }
787
788 if (negated)
789 {
790 if (c > bracount)
791 {
792 *errorcodeptr = ERR15;
793 break;
794 }
795 c = bracount - (c - 1);
796 }
797
798 c = -(ESC_REF + c);
799 break;
800
801 /* The handling of escape sequences consisting of a string of digits
802 starting with one that is not zero is not straightforward. By experiment,
803 the way Perl works seems to be as follows:
804
805 Outside a character class, the digits are read as a decimal number. If the
806 number is less than 10, or if there are that many previous extracting
807 left brackets, then it is a back reference. Otherwise, up to three octal
808 digits are read to form an escaped byte. Thus \123 is likely to be octal
809 123 (cf \0123, which is octal 012 followed by the literal 3). If the octal
810 value is greater than 377, the least significant 8 bits are taken. Inside a
811 character class, \ followed by a digit is always an octal number. */
812
813 case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
814 case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
815
816 if (!isclass)
817 {
818 oldptr = ptr;
819 c -= CHAR_0;
820 while ((digitab[ptr[1]] & ctype_digit) != 0)
821 c = c * 10 + *(++ptr) - CHAR_0;
822 if (c < 0) /* Integer overflow */
823 {
824 *errorcodeptr = ERR61;
825 break;
826 }
827 if (c < 10 || c <= bracount)
828 {
829 c = -(ESC_REF + c);
830 break;
831 }
832 ptr = oldptr; /* Put the pointer back and fall through */
833 }
834
835 /* Handle an octal number following \. If the first digit is 8 or 9, Perl
836 generates a binary zero byte and treats the digit as a following literal.
837 Thus we have to pull back the pointer by one. */
838
839 if ((c = *ptr) >= CHAR_8)
840 {
841 ptr--;
842 c = 0;
843 break;
844 }
845
846 /* \0 always starts an octal number, but we may drop through to here with a
847 larger first octal digit. The original code used just to take the least
848 significant 8 bits of octal numbers (I think this is what early Perls used
849 to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
850 than 3 octal digits. */
851
852 case CHAR_0:
853 c -= CHAR_0;
854 while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
855 c = c * 8 + *(++ptr) - CHAR_0;
856 if (!utf8 && c > 255) *errorcodeptr = ERR51;
857 break;
858
859 /* \x is complicated. \x{ddd} is a character number which can be greater
860 than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
861 treated as a data character. */
862
863 case CHAR_x:
864 if ((options & PCRE_JAVASCRIPT_COMPAT) != 0)
865 {
866 /* In JavaScript, \x must be followed by two hexadecimal numbers.
867 Otherwise it is a lowercase x letter. */
868 if ((digitab[ptr[1]] & ctype_xdigit) != 0 && (digitab[ptr[2]] & ctype_xdigit) != 0)
869 {
870 c = 0;
871 for (i = 0; i < 2; ++i)
872 {
873 register int cc = *(++ptr);
874 #ifndef EBCDIC /* ASCII/UTF-8 coding */
875 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
876 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
877 #else /* EBCDIC coding */
878 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
879 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
880 #endif
881 }
882 }
883 break;
884 }
885
886 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
887 {
888 const uschar *pt = ptr + 2;
889 int count = 0;
890
891 c = 0;
892 while ((digitab[*pt] & ctype_xdigit) != 0)
893 {
894 register int cc = *pt++;
895 if (c == 0 && cc == CHAR_0) continue; /* Leading zeroes */
896 count++;
897
898 #ifndef EBCDIC /* ASCII/UTF-8 coding */
899 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
900 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
901 #else /* EBCDIC coding */
902 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
903 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
904 #endif
905 }
906
907 if (*pt == CHAR_RIGHT_CURLY_BRACKET)
908 {
909 if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
910 ptr = pt;
911 break;
912 }
913
914 /* If the sequence of hex digits does not end with '}', then we don't
915 recognize this construct; fall through to the normal \x handling. */
916 }
917
918 /* Read just a single-byte hex-defined char */
919
920 c = 0;
921 while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
922 {
923 int cc; /* Some compilers don't like */
924 cc = *(++ptr); /* ++ in initializers */
925 #ifndef EBCDIC /* ASCII/UTF-8 coding */
926 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
927 c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
928 #else /* EBCDIC coding */
929 if (cc <= CHAR_z) cc += 64; /* Convert to upper case */
930 c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
931 #endif
932 }
933 break;
934
935 /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
936 An error is given if the byte following \c is not an ASCII character. This
937 coding is ASCII-specific, but then the whole concept of \cx is
938 ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
939
940 case CHAR_c:
941 c = *(++ptr);
942 if (c == 0)
943 {
944 *errorcodeptr = ERR2;
945 break;
946 }
947 #ifndef EBCDIC /* ASCII/UTF-8 coding */
948 if (c > 127) /* Excludes all non-ASCII in either mode */
949 {
950 *errorcodeptr = ERR68;
951 break;
952 }
953 if (c >= CHAR_a && c <= CHAR_z) c -= 32;
954 c ^= 0x40;
955 #else /* EBCDIC coding */
956 if (c >= CHAR_a && c <= CHAR_z) c += 64;
957 c ^= 0xC0;
958 #endif
959 break;
960
961 /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
962 other alphanumeric following \ is an error if PCRE_EXTRA was set;
963 otherwise, for Perl compatibility, it is a literal. This code looks a bit
964 odd, but there used to be some cases other than the default, and there may
965 be again in future, so I haven't "optimized" it. */
966
967 default:
968 if ((options & PCRE_EXTRA) != 0) switch(c)
969 {
970 default:
971 *errorcodeptr = ERR3;
972 break;
973 }
974 break;
975 }
976 }
977
978 /* Perl supports \N{name} for character names, as well as plain \N for "not
979 newline". PCRE does not support \N{name}. However, it does support
980 quantification such as \N{2,3}. */
981
982 if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
983 !is_counted_repeat(ptr+2))
984 *errorcodeptr = ERR37;
985
986 /* If PCRE_UCP is set, we change the values for \d etc. */
987
988 if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
989 c -= (ESC_DU - ESC_D);
990
991 /* Set the pointer to the final character before returning. */
992
993 *ptrptr = ptr;
994 return c;
995 }
996
997
998
999 #ifdef SUPPORT_UCP
1000 /*************************************************
1001 * Handle \P and \p *
1002 *************************************************/
1003
1004 /* This function is called after \P or \p has been encountered, provided that
1005 PCRE is compiled with support for Unicode properties. On entry, ptrptr is
1006 pointing at the P or p. On exit, it is pointing at the final character of the
1007 escape sequence.
1008
1009 Argument:
1010 ptrptr points to the pattern position pointer
1011 negptr points to a boolean that is set TRUE for negation else FALSE
1012 dptr points to an int that is set to the detailed property value
1013 errorcodeptr points to the error code variable
1014
1015 Returns: type value from ucp_type_table, or -1 for an invalid type
1016 */
1017
1018 static int
1019 get_ucp(const uschar **ptrptr, BOOL *negptr, int *dptr, int *errorcodeptr)
1020 {
1021 int c, i, bot, top;
1022 const uschar *ptr = *ptrptr;
1023 char name[32];
1024
1025 c = *(++ptr);
1026 if (c == 0) goto ERROR_RETURN;
1027
1028 *negptr = FALSE;
1029
1030 /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
1031 negation. */
1032
1033 if (c == CHAR_LEFT_CURLY_BRACKET)
1034 {
1035 if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1036 {
1037 *negptr = TRUE;
1038 ptr++;
1039 }
1040 for (i = 0; i < (int)sizeof(name) - 1; i++)
1041 {
1042 c = *(++ptr);
1043 if (c == 0) goto ERROR_RETURN;
1044 if (c == CHAR_RIGHT_CURLY_BRACKET) break;
1045 name[i] = c;
1046 }
1047 if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
1048 name[i] = 0;
1049 }
1050
1051 /* Otherwise there is just one following character */
1052
1053 else
1054 {
1055 name[0] = c;
1056 name[1] = 0;
1057 }
1058
1059 *ptrptr = ptr;
1060
1061 /* Search for a recognized property name using binary chop */
1062
1063 bot = 0;
1064 top = _pcre_utt_size;
1065
1066 while (bot < top)
1067 {
1068 i = (bot + top) >> 1;
1069 c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
1070 if (c == 0)
1071 {
1072 *dptr = _pcre_utt[i].value;
1073 return _pcre_utt[i].type;
1074 }
1075 if (c > 0) bot = i + 1; else top = i;
1076 }
1077
1078 *errorcodeptr = ERR47;
1079 *ptrptr = ptr;
1080 return -1;
1081
1082 ERROR_RETURN:
1083 *errorcodeptr = ERR46;
1084 *ptrptr = ptr;
1085 return -1;
1086 }
1087 #endif
1088
1089
1090
1091
1092 /*************************************************
1093 * Read repeat counts *
1094 *************************************************/
1095
1096 /* Read an item of the form {n,m} and return the values. This is called only
1097 after is_counted_repeat() has confirmed that a repeat-count quantifier exists,
1098 so the syntax is guaranteed to be correct, but we need to check the values.
1099
1100 Arguments:
1101 p pointer to first char after '{'
1102 minp pointer to int for min
1103 maxp pointer to int for max
1104 returned as -1 if no max
1105 errorcodeptr points to error code variable
1106
1107 Returns: pointer to '}' on success;
1108 current ptr on error, with errorcodeptr set non-zero
1109 */
1110
1111 static const uschar *
1112 read_repeat_counts(const uschar *p, int *minp, int *maxp, int *errorcodeptr)
1113 {
1114 int min = 0;
1115 int max = -1;
1116
1117 /* Read the minimum value and do a paranoid check: a negative value indicates
1118 an integer overflow. */
1119
1120 while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
1121 if (min < 0 || min > 65535)
1122 {
1123 *errorcodeptr = ERR5;
1124 return p;
1125 }
1126
1127 /* Read the maximum value if there is one, and again do a paranoid on its size.
1128 Also, max must not be less than min. */
1129
1130 if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
1131 {
1132 if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
1133 {
1134 max = 0;
1135 while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
1136 if (max < 0 || max > 65535)
1137 {
1138 *errorcodeptr = ERR5;
1139 return p;
1140 }
1141 if (max < min)
1142 {
1143 *errorcodeptr = ERR4;
1144 return p;
1145 }
1146 }
1147 }
1148
1149 /* Fill in the required variables, and pass back the pointer to the terminating
1150 '}'. */
1151
1152 *minp = min;
1153 *maxp = max;
1154 return p;
1155 }
1156
1157
1158
1159 /*************************************************
1160 * Subroutine for finding forward reference *
1161 *************************************************/
1162
1163 /* This recursive function is called only from find_parens() below. The
1164 top-level call starts at the beginning of the pattern. All other calls must
1165 start at a parenthesis. It scans along a pattern's text looking for capturing
1166 subpatterns, and counting them. If it finds a named pattern that matches the
1167 name it is given, it returns its number. Alternatively, if the name is NULL, it
1168 returns when it reaches a given numbered subpattern. Recursion is used to keep
1169 track of subpatterns that reset the capturing group numbers - the (?| feature.
1170
1171 This function was originally called only from the second pass, in which we know
1172 that if (?< or (?' or (?P< is encountered, the name will be correctly
1173 terminated because that is checked in the first pass. There is now one call to
1174 this function in the first pass, to check for a recursive back reference by
1175 name (so that we can make the whole group atomic). In this case, we need check
1176 only up to the current position in the pattern, and that is still OK because
1177 and previous occurrences will have been checked. To make this work, the test
1178 for "end of pattern" is a check against cd->end_pattern in the main loop,
1179 instead of looking for a binary zero. This means that the special first-pass
1180 call can adjust cd->end_pattern temporarily. (Checks for binary zero while
1181 processing items within the loop are OK, because afterwards the main loop will
1182 terminate.)
1183
1184 Arguments:
1185 ptrptr address of the current character pointer (updated)
1186 cd compile background data
1187 name name to seek, or NULL if seeking a numbered subpattern
1188 lorn name length, or subpattern number if name is NULL
1189 xmode TRUE if we are in /x mode
1190 utf8 TRUE if we are in UTF-8 mode
1191 count pointer to the current capturing subpattern number (updated)
1192
1193 Returns: the number of the named subpattern, or -1 if not found
1194 */
1195
1196 static int
1197 find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
1198 BOOL xmode, BOOL utf8, int *count)
1199 {
1200 uschar *ptr = *ptrptr;
1201 int start_count = *count;
1202 int hwm_count = start_count;
1203 BOOL dup_parens = FALSE;
1204
1205 /* If the first character is a parenthesis, check on the type of group we are
1206 dealing with. The very first call may not start with a parenthesis. */
1207
1208 if (ptr[0] == CHAR_LEFT_PARENTHESIS)
1209 {
1210 /* Handle specials such as (*SKIP) or (*UTF8) etc. */
1211
1212 if (ptr[1] == CHAR_ASTERISK) ptr += 2;
1213
1214 /* Handle a normal, unnamed capturing parenthesis. */
1215
1216 else if (ptr[1] != CHAR_QUESTION_MARK)
1217 {
1218 *count += 1;
1219 if (name == NULL && *count == lorn) return *count;
1220 ptr++;
1221 }
1222
1223 /* All cases now have (? at the start. Remember when we are in a group
1224 where the parenthesis numbers are duplicated. */
1225
1226 else if (ptr[2] == CHAR_VERTICAL_LINE)
1227 {
1228 ptr += 3;
1229 dup_parens = TRUE;
1230 }
1231
1232 /* Handle comments; all characters are allowed until a ket is reached. */
1233
1234 else if (ptr[2] == CHAR_NUMBER_SIGN)
1235 {
1236 for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
1237 goto FAIL_EXIT;
1238 }
1239
1240 /* Handle a condition. If it is an assertion, just carry on so that it
1241 is processed as normal. If not, skip to the closing parenthesis of the
1242 condition (there can't be any nested parens). */
1243
1244 else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
1245 {
1246 ptr += 2;
1247 if (ptr[1] != CHAR_QUESTION_MARK)
1248 {
1249 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
1250 if (*ptr != 0) ptr++;
1251 }
1252 }
1253
1254 /* Start with (? but not a condition. */
1255
1256 else
1257 {
1258 ptr += 2;
1259 if (*ptr == CHAR_P) ptr++; /* Allow optional P */
1260
1261 /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
1262
1263 if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
1264 ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
1265 {
1266 int term;
1267 const uschar *thisname;
1268 *count += 1;
1269 if (name == NULL && *count == lorn) return *count;
1270 term = *ptr++;
1271 if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
1272 thisname = ptr;
1273 while (*ptr != term) ptr++;
1274 if (name != NULL && lorn == ptr - thisname &&
1275 strncmp((const char *)name, (const char *)thisname, lorn) == 0)
1276 return *count;
1277 term++;
1278 }
1279 }
1280 }
1281
1282 /* Past any initial parenthesis handling, scan for parentheses or vertical
1283 bars. Stop if we get to cd->end_pattern. Note that this is important for the
1284 first-pass call when this value is temporarily adjusted to stop at the current
1285 position. So DO NOT change this to a test for binary zero. */
1286
1287 for (; ptr < cd->end_pattern; ptr++)
1288 {
1289 /* Skip over backslashed characters and also entire \Q...\E */
1290
1291 if (*ptr == CHAR_BACKSLASH)
1292 {
1293 if (*(++ptr) == 0) goto FAIL_EXIT;
1294 if (*ptr == CHAR_Q) for (;;)
1295 {
1296 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1297 if (*ptr == 0) goto FAIL_EXIT;
1298 if (*(++ptr) == CHAR_E) break;
1299 }
1300 continue;
1301 }
1302
1303 /* Skip over character classes; this logic must be similar to the way they
1304 are handled for real. If the first character is '^', skip it. Also, if the
1305 first few characters (either before or after ^) are \Q\E or \E we skip them
1306 too. This makes for compatibility with Perl. Note the use of STR macros to
1307 encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
1308
1309 if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
1310 {
1311 BOOL negate_class = FALSE;
1312 for (;;)
1313 {
1314 if (ptr[1] == CHAR_BACKSLASH)
1315 {
1316 if (ptr[2] == CHAR_E)
1317 ptr+= 2;
1318 else if (strncmp((const char *)ptr+2,
1319 STR_Q STR_BACKSLASH STR_E, 3) == 0)
1320 ptr += 4;
1321 else
1322 break;
1323 }
1324 else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1325 {
1326 negate_class = TRUE;
1327 ptr++;
1328 }
1329 else break;
1330 }
1331
1332 /* If the next character is ']', it is a data character that must be
1333 skipped, except in JavaScript compatibility mode. */
1334
1335 if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
1336 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
1337 ptr++;
1338
1339 while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
1340 {
1341 if (*ptr == 0) return -1;
1342 if (*ptr == CHAR_BACKSLASH)
1343 {
1344 if (*(++ptr) == 0) goto FAIL_EXIT;
1345 if (*ptr == CHAR_Q) for (;;)
1346 {
1347 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1348 if (*ptr == 0) goto FAIL_EXIT;
1349 if (*(++ptr) == CHAR_E) break;
1350 }
1351 continue;
1352 }
1353 }
1354 continue;
1355 }
1356
1357 /* Skip comments in /x mode */
1358
1359 if (xmode && *ptr == CHAR_NUMBER_SIGN)
1360 {
1361 ptr++;
1362 while (*ptr != 0)
1363 {
1364 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
1365 ptr++;
1366 #ifdef SUPPORT_UTF8
1367 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
1368 #endif
1369 }
1370 if (*ptr == 0) goto FAIL_EXIT;
1371 continue;
1372 }
1373
1374 /* Check for the special metacharacters */
1375
1376 if (*ptr == CHAR_LEFT_PARENTHESIS)
1377 {
1378 int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
1379 if (rc > 0) return rc;
1380 if (*ptr == 0) goto FAIL_EXIT;
1381 }
1382
1383 else if (*ptr == CHAR_RIGHT_PARENTHESIS)
1384 {
1385 if (dup_parens && *count < hwm_count) *count = hwm_count;
1386 goto FAIL_EXIT;
1387 }
1388
1389 else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
1390 {
1391 if (*count > hwm_count) hwm_count = *count;
1392 *count = start_count;
1393 }
1394 }
1395
1396 FAIL_EXIT:
1397 *ptrptr = ptr;
1398 return -1;
1399 }
1400
1401
1402
1403
1404 /*************************************************
1405 * Find forward referenced subpattern *
1406 *************************************************/
1407
1408 /* This function scans along a pattern's text looking for capturing
1409 subpatterns, and counting them. If it finds a named pattern that matches the
1410 name it is given, it returns its number. Alternatively, if the name is NULL, it
1411 returns when it reaches a given numbered subpattern. This is used for forward
1412 references to subpatterns. We used to be able to start this scan from the
1413 current compiling point, using the current count value from cd->bracount, and
1414 do it all in a single loop, but the addition of the possibility of duplicate
1415 subpattern numbers means that we have to scan from the very start, in order to
1416 take account of such duplicates, and to use a recursive function to keep track
1417 of the different types of group.
1418
1419 Arguments:
1420 cd compile background data
1421 name name to seek, or NULL if seeking a numbered subpattern
1422 lorn name length, or subpattern number if name is NULL
1423 xmode TRUE if we are in /x mode
1424 utf8 TRUE if we are in UTF-8 mode
1425
1426 Returns: the number of the found subpattern, or -1 if not found
1427 */
1428
1429 static int
1430 find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
1431 BOOL utf8)
1432 {
1433 uschar *ptr = (uschar *)cd->start_pattern;
1434 int count = 0;
1435 int rc;
1436
1437 /* If the pattern does not start with an opening parenthesis, the first call
1438 to find_parens_sub() will scan right to the end (if necessary). However, if it
1439 does start with a parenthesis, find_parens_sub() will return when it hits the
1440 matching closing parens. That is why we have to have a loop. */
1441
1442 for (;;)
1443 {
1444 rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
1445 if (rc > 0 || *ptr++ == 0) break;
1446 }
1447
1448 return rc;
1449 }
1450
1451
1452
1453
1454 /*************************************************
1455 * Find first significant op code *
1456 *************************************************/
1457
1458 /* This is called by several functions that scan a compiled expression looking
1459 for a fixed first character, or an anchoring op code etc. It skips over things
1460 that do not influence this. For some calls, it makes sense to skip negative
1461 forward and all backward assertions, and also the \b assertion; for others it
1462 does not.
1463
1464 Arguments:
1465 code pointer to the start of the group
1466 skipassert TRUE if certain assertions are to be skipped
1467
1468 Returns: pointer to the first significant opcode
1469 */
1470
1471 static const uschar*
1472 first_significant_code(const uschar *code, BOOL skipassert)
1473 {
1474 for (;;)
1475 {
1476 switch ((int)*code)
1477 {
1478 case OP_ASSERT_NOT:
1479 case OP_ASSERTBACK:
1480 case OP_ASSERTBACK_NOT:
1481 if (!skipassert) return code;
1482 do code += GET(code, 1); while (*code == OP_ALT);
1483 code += _pcre_OP_lengths[*code];
1484 break;
1485
1486 case OP_WORD_BOUNDARY:
1487 case OP_NOT_WORD_BOUNDARY:
1488 if (!skipassert) return code;
1489 /* Fall through */
1490
1491 case OP_CALLOUT:
1492 case OP_CREF:
1493 case OP_NCREF:
1494 case OP_RREF:
1495 case OP_NRREF:
1496 case OP_DEF:
1497 code += _pcre_OP_lengths[*code];
1498 break;
1499
1500 default:
1501 return code;
1502 }
1503 }
1504 /* Control never reaches here */
1505 }
1506
1507
1508
1509
1510 /*************************************************
1511 * Find the fixed length of a branch *
1512 *************************************************/
1513
1514 /* Scan a branch and compute the fixed length of subject that will match it,
1515 if the length is fixed. This is needed for dealing with backward assertions.
1516 In UTF8 mode, the result is in characters rather than bytes. The branch is
1517 temporarily terminated with OP_END when this function is called.
1518
1519 This function is called when a backward assertion is encountered, so that if it
1520 fails, the error message can point to the correct place in the pattern.
1521 However, we cannot do this when the assertion contains subroutine calls,
1522 because they can be forward references. We solve this by remembering this case
1523 and doing the check at the end; a flag specifies which mode we are running in.
1524
1525 Arguments:
1526 code points to the start of the pattern (the bracket)
1527 utf8 TRUE in UTF-8 mode
1528 atend TRUE if called when the pattern is complete
1529 cd the "compile data" structure
1530
1531 Returns: the fixed length,
1532 or -1 if there is no fixed length,
1533 or -2 if \C was encountered (in UTF-8 mode only)
1534 or -3 if an OP_RECURSE item was encountered and atend is FALSE
1535 or -4 if an unknown opcode was encountered (internal error)
1536 */
1537
1538 static int
1539 find_fixedlength(uschar *code, BOOL utf8, BOOL atend, compile_data *cd)
1540 {
1541 int length = -1;
1542
1543 register int branchlength = 0;
1544 register uschar *cc = code + 1 + LINK_SIZE;
1545
1546 /* Scan along the opcodes for this branch. If we get to the end of the
1547 branch, check the length against that of the other branches. */
1548
1549 for (;;)
1550 {
1551 int d;
1552 uschar *ce, *cs;
1553 register int op = *cc;
1554 switch (op)
1555 {
1556 /* We only need to continue for OP_CBRA (normal capturing bracket) and
1557 OP_BRA (normal non-capturing bracket) because the other variants of these
1558 opcodes are all concerned with unlimited repeated groups, which of course
1559 are not of fixed length. */
1560
1561 case OP_CBRA:
1562 case OP_BRA:
1563 case OP_ONCE:
1564 case OP_ONCE_NC:
1565 case OP_COND:
1566 d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), utf8, atend, cd);
1567 if (d < 0) return d;
1568 branchlength += d;
1569 do cc += GET(cc, 1); while (*cc == OP_ALT);
1570 cc += 1 + LINK_SIZE;
1571 break;
1572
1573 /* Reached end of a branch; if it's a ket it is the end of a nested call.
1574 If it's ALT it is an alternation in a nested call. An ACCEPT is effectively
1575 an ALT. If it is END it's the end of the outer call. All can be handled by
1576 the same code. Note that we must not include the OP_KETRxxx opcodes here,
1577 because they all imply an unlimited repeat. */
1578
1579 case OP_ALT:
1580 case OP_KET:
1581 case OP_END:
1582 case OP_ACCEPT:
1583 case OP_ASSERT_ACCEPT:
1584 if (length < 0) length = branchlength;
1585 else if (length != branchlength) return -1;
1586 if (*cc != OP_ALT) return length;
1587 cc += 1 + LINK_SIZE;
1588 branchlength = 0;
1589 break;
1590
1591 /* A true recursion implies not fixed length, but a subroutine call may
1592 be OK. If the subroutine is a forward reference, we can't deal with
1593 it until the end of the pattern, so return -3. */
1594
1595 case OP_RECURSE:
1596 if (!atend) return -3;
1597 cs = ce = (uschar *)cd->start_code + GET(cc, 1); /* Start subpattern */
1598 do ce += GET(ce, 1); while (*ce == OP_ALT); /* End subpattern */
1599 if (cc > cs && cc < ce) return -1; /* Recursion */
1600 d = find_fixedlength(cs + 2, utf8, atend, cd);
1601 if (d < 0) return d;
1602 branchlength += d;
1603 cc += 1 + LINK_SIZE;
1604 break;
1605
1606 /* Skip over assertive subpatterns */
1607
1608 case OP_ASSERT:
1609 case OP_ASSERT_NOT:
1610 case OP_ASSERTBACK:
1611 case OP_ASSERTBACK_NOT:
1612 do cc += GET(cc, 1); while (*cc == OP_ALT);
1613 /* Fall through */
1614
1615 /* Skip over things that don't match chars */
1616
1617 case OP_MARK:
1618 case OP_PRUNE_ARG:
1619 case OP_SKIP_ARG:
1620 case OP_THEN_ARG:
1621 cc += cc[1] + _pcre_OP_lengths[*cc];
1622 break;
1623
1624 case OP_CALLOUT:
1625 case OP_CIRC:
1626 case OP_CIRCM:
1627 case OP_CLOSE:
1628 case OP_COMMIT:
1629 case OP_CREF:
1630 case OP_DEF:
1631 case OP_DOLL:
1632 case OP_DOLLM:
1633 case OP_EOD:
1634 case OP_EODN:
1635 case OP_FAIL:
1636 case OP_NCREF:
1637 case OP_NRREF:
1638 case OP_NOT_WORD_BOUNDARY:
1639 case OP_PRUNE:
1640 case OP_REVERSE:
1641 case OP_RREF:
1642 case OP_SET_SOM:
1643 case OP_SKIP:
1644 case OP_SOD:
1645 case OP_SOM:
1646 case OP_THEN:
1647 case OP_WORD_BOUNDARY:
1648 cc += _pcre_OP_lengths[*cc];
1649 break;
1650
1651 /* Handle literal characters */
1652
1653 case OP_CHAR:
1654 case OP_CHARI:
1655 case OP_NOT:
1656 case OP_NOTI:
1657 branchlength++;
1658 cc += 2;
1659 #ifdef SUPPORT_UTF8
1660 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1661 #endif
1662 break;
1663
1664 /* Handle exact repetitions. The count is already in characters, but we
1665 need to skip over a multibyte character in UTF8 mode. */
1666
1667 case OP_EXACT:
1668 case OP_EXACTI:
1669 case OP_NOTEXACT:
1670 case OP_NOTEXACTI:
1671 branchlength += GET2(cc,1);
1672 cc += 4;
1673 #ifdef SUPPORT_UTF8
1674 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1675 #endif
1676 break;
1677
1678 case OP_TYPEEXACT:
1679 branchlength += GET2(cc,1);
1680 if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
1681 cc += 4;
1682 break;
1683
1684 /* Handle single-char matchers */
1685
1686 case OP_PROP:
1687 case OP_NOTPROP:
1688 cc += 2;
1689 /* Fall through */
1690
1691 case OP_HSPACE:
1692 case OP_VSPACE:
1693 case OP_NOT_HSPACE:
1694 case OP_NOT_VSPACE:
1695 case OP_NOT_DIGIT:
1696 case OP_DIGIT:
1697 case OP_NOT_WHITESPACE:
1698 case OP_WHITESPACE:
1699 case OP_NOT_WORDCHAR:
1700 case OP_WORDCHAR:
1701 case OP_ANY:
1702 case OP_ALLANY:
1703 branchlength++;
1704 cc++;
1705 break;
1706
1707 /* The single-byte matcher isn't allowed. This only happens in UTF-8 mode;
1708 otherwise \C is coded as OP_ALLANY. */
1709
1710 case OP_ANYBYTE:
1711 return -2;
1712
1713 /* Check a class for variable quantification */
1714
1715 #ifdef SUPPORT_UTF8
1716 case OP_XCLASS:
1717 cc += GET(cc, 1) - 33;
1718 /* Fall through */
1719 #endif
1720
1721 case OP_CLASS:
1722 case OP_NCLASS:
1723 cc += 33;
1724
1725 switch (*cc)
1726 {
1727 case OP_CRPLUS:
1728 case OP_CRMINPLUS:
1729 case OP_CRSTAR:
1730 case OP_CRMINSTAR:
1731 case OP_CRQUERY:
1732 case OP_CRMINQUERY:
1733 return -1;
1734
1735 case OP_CRRANGE:
1736 case OP_CRMINRANGE:
1737 if (GET2(cc,1) != GET2(cc,3)) return -1;
1738 branchlength += GET2(cc,1);
1739 cc += 5;
1740 break;
1741
1742 default:
1743 branchlength++;
1744 }
1745 break;
1746
1747 /* Anything else is variable length */
1748
1749 case OP_ANYNL:
1750 case OP_BRAMINZERO:
1751 case OP_BRAPOS:
1752 case OP_BRAPOSZERO:
1753 case OP_BRAZERO:
1754 case OP_CBRAPOS:
1755 case OP_EXTUNI:
1756 case OP_KETRMAX:
1757 case OP_KETRMIN:
1758 case OP_KETRPOS:
1759 case OP_MINPLUS:
1760 case OP_MINPLUSI:
1761 case OP_MINQUERY:
1762 case OP_MINQUERYI:
1763 case OP_MINSTAR:
1764 case OP_MINSTARI:
1765 case OP_MINUPTO:
1766 case OP_MINUPTOI:
1767 case OP_NOTMINPLUS:
1768 case OP_NOTMINPLUSI:
1769 case OP_NOTMINQUERY:
1770 case OP_NOTMINQUERYI:
1771 case OP_NOTMINSTAR:
1772 case OP_NOTMINSTARI:
1773 case OP_NOTMINUPTO:
1774 case OP_NOTMINUPTOI:
1775 case OP_NOTPLUS:
1776 case OP_NOTPLUSI:
1777 case OP_NOTPOSPLUS:
1778 case OP_NOTPOSPLUSI:
1779 case OP_NOTPOSQUERY:
1780 case OP_NOTPOSQUERYI:
1781 case OP_NOTPOSSTAR:
1782 case OP_NOTPOSSTARI:
1783 case OP_NOTPOSUPTO:
1784 case OP_NOTPOSUPTOI:
1785 case OP_NOTQUERY:
1786 case OP_NOTQUERYI:
1787 case OP_NOTSTAR:
1788 case OP_NOTSTARI:
1789 case OP_NOTUPTO:
1790 case OP_NOTUPTOI:
1791 case OP_PLUS:
1792 case OP_PLUSI:
1793 case OP_POSPLUS:
1794 case OP_POSPLUSI:
1795 case OP_POSQUERY:
1796 case OP_POSQUERYI:
1797 case OP_POSSTAR:
1798 case OP_POSSTARI:
1799 case OP_POSUPTO:
1800 case OP_POSUPTOI:
1801 case OP_QUERY:
1802 case OP_QUERYI:
1803 case OP_REF:
1804 case OP_REFI:
1805 case OP_SBRA:
1806 case OP_SBRAPOS:
1807 case OP_SCBRA:
1808 case OP_SCBRAPOS:
1809 case OP_SCOND:
1810 case OP_SKIPZERO:
1811 case OP_STAR:
1812 case OP_STARI:
1813 case OP_TYPEMINPLUS:
1814 case OP_TYPEMINQUERY:
1815 case OP_TYPEMINSTAR:
1816 case OP_TYPEMINUPTO:
1817 case OP_TYPEPLUS:
1818 case OP_TYPEPOSPLUS:
1819 case OP_TYPEPOSQUERY:
1820 case OP_TYPEPOSSTAR:
1821 case OP_TYPEPOSUPTO:
1822 case OP_TYPEQUERY:
1823 case OP_TYPESTAR:
1824 case OP_TYPEUPTO:
1825 case OP_UPTO:
1826 case OP_UPTOI:
1827 return -1;
1828
1829 /* Catch unrecognized opcodes so that when new ones are added they
1830 are not forgotten, as has happened in the past. */
1831
1832 default:
1833 return -4;
1834 }
1835 }
1836 /* Control never gets here */
1837 }
1838
1839
1840
1841
1842 /*************************************************
1843 * Scan compiled regex for specific bracket *
1844 *************************************************/
1845
1846 /* This little function scans through a compiled pattern until it finds a
1847 capturing bracket with the given number, or, if the number is negative, an
1848 instance of OP_REVERSE for a lookbehind. The function is global in the C sense
1849 so that it can be called from pcre_study() when finding the minimum matching
1850 length.
1851
1852 Arguments:
1853 code points to start of expression
1854 utf8 TRUE in UTF-8 mode
1855 number the required bracket number or negative to find a lookbehind
1856
1857 Returns: pointer to the opcode for the bracket, or NULL if not found
1858 */
1859
1860 const uschar *
1861 _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
1862 {
1863 for (;;)
1864 {
1865 register int c = *code;
1866
1867 if (c == OP_END) return NULL;
1868
1869 /* XCLASS is used for classes that cannot be represented just by a bit
1870 map. This includes negated single high-valued characters. The length in
1871 the table is zero; the actual length is stored in the compiled code. */
1872
1873 if (c == OP_XCLASS) code += GET(code, 1);
1874
1875 /* Handle recursion */
1876
1877 else if (c == OP_REVERSE)
1878 {
1879 if (number < 0) return (uschar *)code;
1880 code += _pcre_OP_lengths[c];
1881 }
1882
1883 /* Handle capturing bracket */
1884
1885 else if (c == OP_CBRA || c == OP_SCBRA ||
1886 c == OP_CBRAPOS || c == OP_SCBRAPOS)
1887 {
1888 int n = GET2(code, 1+LINK_SIZE);
1889 if (n == number) return (uschar *)code;
1890 code += _pcre_OP_lengths[c];
1891 }
1892
1893 /* Otherwise, we can get the item's length from the table, except that for
1894 repeated character types, we have to test for \p and \P, which have an extra
1895 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1896 must add in its length. */
1897
1898 else
1899 {
1900 switch(c)
1901 {
1902 case OP_TYPESTAR:
1903 case OP_TYPEMINSTAR:
1904 case OP_TYPEPLUS:
1905 case OP_TYPEMINPLUS:
1906 case OP_TYPEQUERY:
1907 case OP_TYPEMINQUERY:
1908 case OP_TYPEPOSSTAR:
1909 case OP_TYPEPOSPLUS:
1910 case OP_TYPEPOSQUERY:
1911 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1912 break;
1913
1914 case OP_TYPEUPTO:
1915 case OP_TYPEMINUPTO:
1916 case OP_TYPEEXACT:
1917 case OP_TYPEPOSUPTO:
1918 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1919 break;
1920
1921 case OP_MARK:
1922 case OP_PRUNE_ARG:
1923 case OP_SKIP_ARG:
1924 code += code[1];
1925 break;
1926
1927 case OP_THEN_ARG:
1928 code += code[1];
1929 break;
1930 }
1931
1932 /* Add in the fixed length from the table */
1933
1934 code += _pcre_OP_lengths[c];
1935
1936 /* In UTF-8 mode, opcodes that are followed by a character may be followed by
1937 a multi-byte character. The length in the table is a minimum, so we have to
1938 arrange to skip the extra bytes. */
1939
1940 #ifdef SUPPORT_UTF8
1941 if (utf8) switch(c)
1942 {
1943 case OP_CHAR:
1944 case OP_CHARI:
1945 case OP_EXACT:
1946 case OP_EXACTI:
1947 case OP_UPTO:
1948 case OP_UPTOI:
1949 case OP_MINUPTO:
1950 case OP_MINUPTOI:
1951 case OP_POSUPTO:
1952 case OP_POSUPTOI:
1953 case OP_STAR:
1954 case OP_STARI:
1955 case OP_MINSTAR:
1956 case OP_MINSTARI:
1957 case OP_POSSTAR:
1958 case OP_POSSTARI:
1959 case OP_PLUS:
1960 case OP_PLUSI:
1961 case OP_MINPLUS:
1962 case OP_MINPLUSI:
1963 case OP_POSPLUS:
1964 case OP_POSPLUSI:
1965 case OP_QUERY:
1966 case OP_QUERYI:
1967 case OP_MINQUERY:
1968 case OP_MINQUERYI:
1969 case OP_POSQUERY:
1970 case OP_POSQUERYI:
1971 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
1972 break;
1973 }
1974 #else
1975 (void)(utf8); /* Keep compiler happy by referencing function argument */
1976 #endif
1977 }
1978 }
1979 }
1980
1981
1982
1983 /*************************************************
1984 * Scan compiled regex for recursion reference *
1985 *************************************************/
1986
1987 /* This little function scans through a compiled pattern until it finds an
1988 instance of OP_RECURSE.
1989
1990 Arguments:
1991 code points to start of expression
1992 utf8 TRUE in UTF-8 mode
1993
1994 Returns: pointer to the opcode for OP_RECURSE, or NULL if not found
1995 */
1996
1997 static const uschar *
1998 find_recurse(const uschar *code, BOOL utf8)
1999 {
2000 for (;;)
2001 {
2002 register int c = *code;
2003 if (c == OP_END) return NULL;
2004 if (c == OP_RECURSE) return code;
2005
2006 /* XCLASS is used for classes that cannot be represented just by a bit
2007 map. This includes negated single high-valued characters. The length in
2008 the table is zero; the actual length is stored in the compiled code. */
2009
2010 if (c == OP_XCLASS) code += GET(code, 1);
2011
2012 /* Otherwise, we can get the item's length from the table, except that for
2013 repeated character types, we have to test for \p and \P, which have an extra
2014 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
2015 must add in its length. */
2016
2017 else
2018 {
2019 switch(c)
2020 {
2021 case OP_TYPESTAR:
2022 case OP_TYPEMINSTAR:
2023 case OP_TYPEPLUS:
2024 case OP_TYPEMINPLUS:
2025 case OP_TYPEQUERY:
2026 case OP_TYPEMINQUERY:
2027 case OP_TYPEPOSSTAR:
2028 case OP_TYPEPOSPLUS:
2029 case OP_TYPEPOSQUERY:
2030 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2031 break;
2032
2033 case OP_TYPEPOSUPTO:
2034 case OP_TYPEUPTO:
2035 case OP_TYPEMINUPTO:
2036 case OP_TYPEEXACT:
2037 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2038 break;
2039
2040 case OP_MARK:
2041 case OP_PRUNE_ARG:
2042 case OP_SKIP_ARG:
2043 code += code[1];
2044 break;
2045
2046 case OP_THEN_ARG:
2047 code += code[1];
2048 break;
2049 }
2050
2051 /* Add in the fixed length from the table */
2052
2053 code += _pcre_OP_lengths[c];
2054
2055 /* In UTF-8 mode, opcodes that are followed by a character may be followed
2056 by a multi-byte character. The length in the table is a minimum, so we have
2057 to arrange to skip the extra bytes. */
2058
2059 #ifdef SUPPORT_UTF8
2060 if (utf8) switch(c)
2061 {
2062 case OP_CHAR:
2063 case OP_CHARI:
2064 case OP_EXACT:
2065 case OP_EXACTI:
2066 case OP_UPTO:
2067 case OP_UPTOI:
2068 case OP_MINUPTO:
2069 case OP_MINUPTOI:
2070 case OP_POSUPTO:
2071 case OP_POSUPTOI:
2072 case OP_STAR:
2073 case OP_STARI:
2074 case OP_MINSTAR:
2075 case OP_MINSTARI:
2076 case OP_POSSTAR:
2077 case OP_POSSTARI:
2078 case OP_PLUS:
2079 case OP_PLUSI:
2080 case OP_MINPLUS:
2081 case OP_MINPLUSI:
2082 case OP_POSPLUS:
2083 case OP_POSPLUSI:
2084 case OP_QUERY:
2085 case OP_QUERYI:
2086 case OP_MINQUERY:
2087 case OP_MINQUERYI:
2088 case OP_POSQUERY:
2089 case OP_POSQUERYI:
2090 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
2091 break;
2092 }
2093 #else
2094 (void)(utf8); /* Keep compiler happy by referencing function argument */
2095 #endif
2096 }
2097 }
2098 }
2099
2100
2101
2102 /*************************************************
2103 * Scan compiled branch for non-emptiness *
2104 *************************************************/
2105
2106 /* This function scans through a branch of a compiled pattern to see whether it
2107 can match the empty string or not. It is called from could_be_empty()
2108 below and from compile_branch() when checking for an unlimited repeat of a
2109 group that can match nothing. Note that first_significant_code() skips over
2110 backward and negative forward assertions when its final argument is TRUE. If we
2111 hit an unclosed bracket, we return "empty" - this means we've struck an inner
2112 bracket whose current branch will already have been scanned.
2113
2114 Arguments:
2115 code points to start of search
2116 endcode points to where to stop
2117 utf8 TRUE if in UTF8 mode
2118 cd contains pointers to tables etc.
2119
2120 Returns: TRUE if what is matched could be empty
2121 */
2122
2123 static BOOL
2124 could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
2125 compile_data *cd)
2126 {
2127 register int c;
2128 for (code = first_significant_code(code + _pcre_OP_lengths[*code], TRUE);
2129 code < endcode;
2130 code = first_significant_code(code + _pcre_OP_lengths[c], TRUE))
2131 {
2132 const uschar *ccode;
2133
2134 c = *code;
2135
2136 /* Skip over forward assertions; the other assertions are skipped by
2137 first_significant_code() with a TRUE final argument. */
2138
2139 if (c == OP_ASSERT)
2140 {
2141 do code += GET(code, 1); while (*code == OP_ALT);
2142 c = *code;
2143 continue;
2144 }
2145
2146 /* For a recursion/subroutine call, if its end has been reached, which
2147 implies a backward reference subroutine call, we can scan it. If it's a
2148 forward reference subroutine call, we can't. To detect forward reference
2149 we have to scan up the list that is kept in the workspace. This function is
2150 called only when doing the real compile, not during the pre-compile that
2151 measures the size of the compiled pattern. */
2152
2153 if (c == OP_RECURSE)
2154 {
2155 const uschar *scode;
2156 BOOL empty_branch;
2157
2158 /* Test for forward reference */
2159
2160 for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
2161 if (GET(scode, 0) == code + 1 - cd->start_code) return TRUE;
2162
2163 /* Not a forward reference, test for completed backward reference */
2164
2165 empty_branch = FALSE;
2166 scode = cd->start_code + GET(code, 1);
2167 if (GET(scode, 1) == 0) return TRUE; /* Unclosed */
2168
2169 /* Completed backwards reference */
2170
2171 do
2172 {
2173 if (could_be_empty_branch(scode, endcode, utf8, cd))
2174 {
2175 empty_branch = TRUE;
2176 break;
2177 }
2178 scode += GET(scode, 1);
2179 }
2180 while (*scode == OP_ALT);
2181
2182 if (!empty_branch) return FALSE; /* All branches are non-empty */
2183 continue;
2184 }
2185
2186 /* Groups with zero repeats can of course be empty; skip them. */
2187
2188 if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
2189 c == OP_BRAPOSZERO)
2190 {
2191 code += _pcre_OP_lengths[c];
2192 do code += GET(code, 1); while (*code == OP_ALT);
2193 c = *code;
2194 continue;
2195 }
2196
2197 /* A nested group that is already marked as "could be empty" can just be
2198 skipped. */
2199
2200 if (c == OP_SBRA || c == OP_SBRAPOS ||
2201 c == OP_SCBRA || c == OP_SCBRAPOS)
2202 {
2203 do code += GET(code, 1); while (*code == OP_ALT);
2204 c = *code;
2205 continue;
2206 }
2207
2208 /* For other groups, scan the branches. */
2209
2210 if (c == OP_BRA || c == OP_BRAPOS ||
2211 c == OP_CBRA || c == OP_CBRAPOS ||
2212 c == OP_ONCE || c == OP_ONCE_NC ||
2213 c == OP_COND)
2214 {
2215 BOOL empty_branch;
2216 if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
2217
2218 /* If a conditional group has only one branch, there is a second, implied,
2219 empty branch, so just skip over the conditional, because it could be empty.
2220 Otherwise, scan the individual branches of the group. */
2221
2222 if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
2223 code += GET(code, 1);
2224 else
2225 {
2226 empty_branch = FALSE;
2227 do
2228 {
2229 if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
2230 empty_branch = TRUE;
2231 code += GET(code, 1);
2232 }
2233 while (*code == OP_ALT);
2234 if (!empty_branch) return FALSE; /* All branches are non-empty */
2235 }
2236
2237 c = *code;
2238 continue;
2239 }
2240
2241 /* Handle the other opcodes */
2242
2243 switch (c)
2244 {
2245 /* Check for quantifiers after a class. XCLASS is used for classes that
2246 cannot be represented just by a bit map. This includes negated single
2247 high-valued characters. The length in _pcre_OP_lengths[] is zero; the
2248 actual length is stored in the compiled code, so we must update "code"
2249 here. */
2250
2251 #ifdef SUPPORT_UTF8
2252 case OP_XCLASS:
2253 ccode = code += GET(code, 1);
2254 goto CHECK_CLASS_REPEAT;
2255 #endif
2256
2257 case OP_CLASS:
2258 case OP_NCLASS:
2259 ccode = code + 33;
2260
2261 #ifdef SUPPORT_UTF8
2262 CHECK_CLASS_REPEAT:
2263 #endif
2264
2265 switch (*ccode)
2266 {
2267 case OP_CRSTAR: /* These could be empty; continue */
2268 case OP_CRMINSTAR:
2269 case OP_CRQUERY:
2270 case OP_CRMINQUERY:
2271 break;
2272
2273 default: /* Non-repeat => class must match */
2274 case OP_CRPLUS: /* These repeats aren't empty */
2275 case OP_CRMINPLUS:
2276 return FALSE;
2277
2278 case OP_CRRANGE:
2279 case OP_CRMINRANGE:
2280 if (GET2(ccode, 1) > 0) return FALSE; /* Minimum > 0 */
2281 break;
2282 }
2283 break;
2284
2285 /* Opcodes that must match a character */
2286
2287 case OP_PROP:
2288 case OP_NOTPROP:
2289 case OP_EXTUNI:
2290 case OP_NOT_DIGIT:
2291 case OP_DIGIT:
2292 case OP_NOT_WHITESPACE:
2293 case OP_WHITESPACE:
2294 case OP_NOT_WORDCHAR:
2295 case OP_WORDCHAR:
2296 case OP_ANY:
2297 case OP_ALLANY:
2298 case OP_ANYBYTE:
2299 case OP_CHAR:
2300 case OP_CHARI:
2301 case OP_NOT:
2302 case OP_NOTI:
2303 case OP_PLUS:
2304 case OP_MINPLUS:
2305 case OP_POSPLUS:
2306 case OP_EXACT:
2307 case OP_NOTPLUS:
2308 case OP_NOTMINPLUS:
2309 case OP_NOTPOSPLUS:
2310 case OP_NOTEXACT:
2311 case OP_TYPEPLUS:
2312 case OP_TYPEMINPLUS:
2313 case OP_TYPEPOSPLUS:
2314 case OP_TYPEEXACT:
2315 return FALSE;
2316
2317 /* These are going to continue, as they may be empty, but we have to
2318 fudge the length for the \p and \P cases. */
2319
2320 case OP_TYPESTAR:
2321 case OP_TYPEMINSTAR:
2322 case OP_TYPEPOSSTAR:
2323 case OP_TYPEQUERY:
2324 case OP_TYPEMINQUERY:
2325 case OP_TYPEPOSQUERY:
2326 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2327 break;
2328
2329 /* Same for these */
2330
2331 case OP_TYPEUPTO:
2332 case OP_TYPEMINUPTO:
2333 case OP_TYPEPOSUPTO:
2334 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2335 break;
2336
2337 /* End of branch */
2338
2339 case OP_KET:
2340 case OP_KETRMAX:
2341 case OP_KETRMIN:
2342 case OP_KETRPOS:
2343 case OP_ALT:
2344 return TRUE;
2345
2346 /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
2347 MINUPTO, and POSUPTO may be followed by a multibyte character */
2348
2349 #ifdef SUPPORT_UTF8
2350 case OP_STAR:
2351 case OP_STARI:
2352 case OP_MINSTAR:
2353 case OP_MINSTARI:
2354 case OP_POSSTAR:
2355 case OP_POSSTARI:
2356 case OP_QUERY:
2357 case OP_QUERYI:
2358 case OP_MINQUERY:
2359 case OP_MINQUERYI:
2360 case OP_POSQUERY:
2361 case OP_POSQUERYI:
2362 if (utf8 && code[1] >= 0xc0) code += _pcre_utf8_table4[code[1] & 0x3f];
2363 break;
2364
2365 case OP_UPTO:
2366 case OP_UPTOI:
2367 case OP_MINUPTO:
2368 case OP_MINUPTOI:
2369 case OP_POSUPTO:
2370 case OP_POSUPTOI:
2371 if (utf8 && code[3] >= 0xc0) code += _pcre_utf8_table4[code[3] & 0x3f];
2372 break;
2373 #endif
2374
2375 /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
2376 string. */
2377
2378 case OP_MARK:
2379 case OP_PRUNE_ARG:
2380 case OP_SKIP_ARG:
2381 code += code[1];
2382 break;
2383
2384 case OP_THEN_ARG:
2385 code += code[1];
2386 break;
2387
2388 /* None of the remaining opcodes are required to match a character. */
2389
2390 default:
2391 break;
2392 }
2393 }
2394
2395 return TRUE;
2396 }
2397
2398
2399
2400 /*************************************************
2401 * Scan compiled regex for non-emptiness *
2402 *************************************************/
2403
2404 /* This function is called to check for left recursive calls. We want to check
2405 the current branch of the current pattern to see if it could match the empty
2406 string. If it could, we must look outwards for branches at other levels,
2407 stopping when we pass beyond the bracket which is the subject of the recursion.
2408 This function is called only during the real compile, not during the
2409 pre-compile.
2410
2411 Arguments:
2412 code points to start of the recursion
2413 endcode points to where to stop (current RECURSE item)
2414 bcptr points to the chain of current (unclosed) branch starts
2415 utf8 TRUE if in UTF-8 mode
2416 cd pointers to tables etc
2417
2418 Returns: TRUE if what is matched could be empty
2419 */
2420
2421 static BOOL
2422 could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,
2423 BOOL utf8, compile_data *cd)
2424 {
2425 while (bcptr != NULL && bcptr->current_branch >= code)
2426 {
2427 if (!could_be_empty_branch(bcptr->current_branch, endcode, utf8, cd))
2428 return FALSE;
2429 bcptr = bcptr->outer;
2430 }
2431 return TRUE;
2432 }
2433
2434
2435
2436 /*************************************************
2437 * Check for POSIX class syntax *
2438 *************************************************/
2439
2440 /* This function is called when the sequence "[:" or "[." or "[=" is
2441 encountered in a character class. It checks whether this is followed by a
2442 sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
2443 reach an unescaped ']' without the special preceding character, return FALSE.
2444
2445 Originally, this function only recognized a sequence of letters between the
2446 terminators, but it seems that Perl recognizes any sequence of characters,
2447 though of course unknown POSIX names are subsequently rejected. Perl gives an
2448 "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
2449 didn't consider this to be a POSIX class. Likewise for [:1234:].
2450
2451 The problem in trying to be exactly like Perl is in the handling of escapes. We
2452 have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
2453 class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
2454 below handles the special case of \], but does not try to do any other escape
2455 processing. This makes it different from Perl for cases such as [:l\ower:]
2456 where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
2457 "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
2458 I think.
2459
2460 A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
2461 It seems that the appearance of a nested POSIX class supersedes an apparent
2462 external class. For example, [:a[:digit:]b:] matches "a", "b", ":", or
2463 a digit.
2464
2465 In Perl, unescaped square brackets may also appear as part of class names. For
2466 example, [:a[:abc]b:] gives unknown POSIX class "[:abc]b:]". However, for
2467 [:a[:abc]b][b:] it gives unknown POSIX class "[:abc]b][b:]", which does not
2468 seem right at all. PCRE does not allow closing square brackets in POSIX class
2469 names.
2470
2471 Arguments:
2472 ptr pointer to the initial [
2473 endptr where to return the end pointer
2474
2475 Returns: TRUE or FALSE
2476 */
2477
2478 static BOOL
2479 check_posix_syntax(const uschar *ptr, const uschar **endptr)
2480 {
2481 int terminator; /* Don't combine these lines; the Solaris cc */
2482 terminator = *(++ptr); /* compiler warns about "non-constant" initializer. */
2483 for (++ptr; *ptr != 0; ptr++)
2484 {
2485 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2486 ptr++;
2487 else if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
2488 else
2489 {
2490 if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2491 {
2492 *endptr = ptr;
2493 return TRUE;
2494 }
2495 if (*ptr == CHAR_LEFT_SQUARE_BRACKET &&
2496 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
2497 ptr[1] == CHAR_EQUALS_SIGN) &&
2498 check_posix_syntax(ptr, endptr))
2499 return FALSE;
2500 }
2501 }
2502 return FALSE;
2503 }
2504
2505
2506
2507
2508 /*************************************************
2509 * Check POSIX class name *
2510 *************************************************/
2511
2512 /* This function is called to check the name given in a POSIX-style class entry
2513 such as [:alnum:].
2514
2515 Arguments:
2516 ptr points to the first letter
2517 len the length of the name
2518
2519 Returns: a value representing the name, or -1 if unknown
2520 */
2521
2522 static int
2523 check_posix_name(const uschar *ptr, int len)
2524 {
2525 const char *pn = posix_names;
2526 register int yield = 0;
2527 while (posix_name_lengths[yield] != 0)
2528 {
2529 if (len == posix_name_lengths[yield] &&
2530 strncmp((const char *)ptr, pn, len) == 0) return yield;
2531 pn += posix_name_lengths[yield] + 1;
2532 yield++;
2533 }
2534 return -1;
2535 }
2536
2537
2538 /*************************************************
2539 * Adjust OP_RECURSE items in repeated group *
2540 *************************************************/
2541
2542 /* OP_RECURSE items contain an offset from the start of the regex to the group
2543 that is referenced. This means that groups can be replicated for fixed
2544 repetition simply by copying (because the recursion is allowed to refer to
2545 earlier groups that are outside the current group). However, when a group is
2546 optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
2547 inserted before it, after it has been compiled. This means that any OP_RECURSE
2548 items within it that refer to the group itself or any contained groups have to
2549 have their offsets adjusted. That one of the jobs of this function. Before it
2550 is called, the partially compiled regex must be temporarily terminated with
2551 OP_END.
2552
2553 This function has been extended with the possibility of forward references for
2554 recursions and subroutine calls. It must also check the list of such references
2555 for the group we are dealing with. If it finds that one of the recursions in
2556 the current group is on this list, it adjusts the offset in the list, not the
2557 value in the reference (which is a group number).
2558
2559 Arguments:
2560 group points to the start of the group
2561 adjust the amount by which the group is to be moved
2562 utf8 TRUE in UTF-8 mode
2563 cd contains pointers to tables etc.
2564 save_hwm the hwm forward reference pointer at the start of the group
2565
2566 Returns: nothing
2567 */
2568
2569 static void
2570 adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd,
2571 uschar *save_hwm)
2572 {
2573 uschar *ptr = group;
2574
2575 while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
2576 {
2577 int offset;
2578 uschar *hc;
2579
2580 /* See if this recursion is on the forward reference list. If so, adjust the
2581 reference. */
2582
2583 for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
2584 {
2585 offset = GET(hc, 0);
2586 if (cd->start_code + offset == ptr + 1)
2587 {
2588 PUT(hc, 0, offset + adjust);
2589 break;
2590 }
2591 }
2592
2593 /* Otherwise, adjust the recursion offset if it's after the start of this
2594 group. */
2595
2596 if (hc >= cd->hwm)
2597 {
2598 offset = GET(ptr, 1);
2599 if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
2600 }
2601
2602 ptr += 1 + LINK_SIZE;
2603 }
2604 }
2605
2606
2607
2608 /*************************************************
2609 * Insert an automatic callout point *
2610 *************************************************/
2611
2612 /* This function is called when the PCRE_AUTO_CALLOUT option is set, to insert
2613 callout points before each pattern item.
2614
2615 Arguments:
2616 code current code pointer
2617 ptr current pattern pointer
2618 cd pointers to tables etc
2619
2620 Returns: new code pointer
2621 */
2622
2623 static uschar *
2624 auto_callout(uschar *code, const uschar *ptr, compile_data *cd)
2625 {
2626 *code++ = OP_CALLOUT;
2627 *code++ = 255;
2628 PUT(code, 0, (int)(ptr - cd->start_pattern)); /* Pattern offset */
2629 PUT(code, LINK_SIZE, 0); /* Default length */
2630 return code + 2*LINK_SIZE;
2631 }
2632
2633
2634
2635 /*************************************************
2636 * Complete a callout item *
2637 *************************************************/
2638
2639 /* A callout item contains the length of the next item in the pattern, which
2640 we can't fill in till after we have reached the relevant point. This is used
2641 for both automatic and manual callouts.
2642
2643 Arguments:
2644 previous_callout points to previous callout item
2645 ptr current pattern pointer
2646 cd pointers to tables etc
2647
2648 Returns: nothing
2649 */
2650
2651 static void
2652 complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)
2653 {
2654 int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
2655 PUT(previous_callout, 2 + LINK_SIZE, length);
2656 }
2657
2658
2659
2660 #ifdef SUPPORT_UCP
2661 /*************************************************
2662 * Get othercase range *
2663 *************************************************/
2664
2665 /* This function is passed the start and end of a class range, in UTF-8 mode
2666 with UCP support. It searches up the characters, looking for internal ranges of
2667 characters in the "other" case. Each call returns the next one, updating the
2668 start address.
2669
2670 Arguments:
2671 cptr points to starting character value; updated
2672 d end value
2673 ocptr where to put start of othercase range
2674 odptr where to put end of othercase range
2675
2676 Yield: TRUE when range returned; FALSE when no more
2677 */
2678
2679 static BOOL
2680 get_othercase_range(unsigned int *cptr, unsigned int d, unsigned int *ocptr,
2681 unsigned int *odptr)
2682 {
2683 unsigned int c, othercase, next;
2684
2685 for (c = *cptr; c <= d; c++)
2686 { if ((othercase = UCD_OTHERCASE(c)) != c) break; }
2687
2688 if (c > d) return FALSE;
2689
2690 *ocptr = othercase;
2691 next = othercase + 1;
2692
2693 for (++c; c <= d; c++)
2694 {
2695 if (UCD_OTHERCASE(c) != next) break;
2696 next++;
2697 }
2698
2699 *odptr = next - 1;
2700 *cptr = c;
2701
2702 return TRUE;
2703 }
2704
2705
2706
2707 /*************************************************
2708 * Check a character and a property *
2709 *************************************************/
2710
2711 /* This function is called by check_auto_possessive() when a property item
2712 is adjacent to a fixed character.
2713
2714 Arguments:
2715 c the character
2716 ptype the property type
2717 pdata the data for the type
2718 negated TRUE if it's a negated property (\P or \p{^)
2719
2720 Returns: TRUE if auto-possessifying is OK
2721 */
2722
2723 static BOOL
2724 check_char_prop(int c, int ptype, int pdata, BOOL negated)
2725 {
2726 const ucd_record *prop = GET_UCD(c);
2727 switch(ptype)
2728 {
2729 case PT_LAMP:
2730 return (prop->chartype == ucp_Lu ||
2731 prop->chartype == ucp_Ll ||
2732 prop->chartype == ucp_Lt) == negated;
2733
2734 case PT_GC:
2735 return (pdata == _pcre_ucp_gentype[prop->chartype]) == negated;
2736
2737 case PT_PC:
2738 return (pdata == prop->chartype) == negated;
2739
2740 case PT_SC:
2741 return (pdata == prop->script) == negated;
2742
2743 /* These are specials */
2744
2745 case PT_ALNUM:
2746 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2747 _pcre_ucp_gentype[prop->chartype] == ucp_N) == negated;
2748
2749 case PT_SPACE: /* Perl space */
2750 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2751 c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
2752 == negated;
2753
2754 case PT_PXSPACE: /* POSIX space */
2755 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2756 c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
2757 c == CHAR_FF || c == CHAR_CR)
2758 == negated;
2759
2760 case PT_WORD:
2761 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2762 _pcre_ucp_gentype[prop->chartype] == ucp_N ||
2763 c == CHAR_UNDERSCORE) == negated;
2764 }
2765 return FALSE;
2766 }
2767 #endif /* SUPPORT_UCP */
2768
2769
2770
2771 /*************************************************
2772 * Check if auto-possessifying is possible *
2773 *************************************************/
2774
2775 /* This function is called for unlimited repeats of certain items, to see
2776 whether the next thing could possibly match the repeated item. If not, it makes
2777 sense to automatically possessify the repeated item.
2778
2779 Arguments:
2780 previous pointer to the repeated opcode
2781 utf8 TRUE in UTF-8 mode
2782 ptr next character in pattern
2783 options options bits
2784 cd contains pointers to tables etc.
2785
2786 Returns: TRUE if possessifying is wanted
2787 */
2788
2789 static BOOL
2790 check_auto_possessive(const uschar *previous, BOOL utf8, const uschar *ptr,
2791 int options, compile_data *cd)
2792 {
2793 int c, next;
2794 int op_code = *previous++;
2795
2796 /* Skip whitespace and comments in extended mode */
2797
2798 if ((options & PCRE_EXTENDED) != 0)
2799 {
2800 for (;;)
2801 {
2802 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2803 if (*ptr == CHAR_NUMBER_SIGN)
2804 {
2805 ptr++;
2806 while (*ptr != 0)
2807 {
2808 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2809 ptr++;
2810 #ifdef SUPPORT_UTF8
2811 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2812 #endif
2813 }
2814 }
2815 else break;
2816 }
2817 }
2818
2819 /* If the next item is one that we can handle, get its value. A non-negative
2820 value is a character, a negative value is an escape value. */
2821
2822 if (*ptr == CHAR_BACKSLASH)
2823 {
2824 int temperrorcode = 0;
2825 next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
2826 if (temperrorcode != 0) return FALSE;
2827 ptr++; /* Point after the escape sequence */
2828 }
2829
2830 else if ((cd->ctypes[*ptr] & ctype_meta) == 0)
2831 {
2832 #ifdef SUPPORT_UTF8
2833 if (utf8) { GETCHARINC(next, ptr); } else
2834 #endif
2835 next = *ptr++;
2836 }
2837
2838 else return FALSE;
2839
2840 /* Skip whitespace and comments in extended mode */
2841
2842 if ((options & PCRE_EXTENDED) != 0)
2843 {
2844 for (;;)
2845 {
2846 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2847 if (*ptr == CHAR_NUMBER_SIGN)
2848 {
2849 ptr++;
2850 while (*ptr != 0)
2851 {
2852 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2853 ptr++;
2854 #ifdef SUPPORT_UTF8
2855 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2856 #endif
2857 }
2858 }
2859 else break;
2860 }
2861 }
2862
2863 /* If the next thing is itself optional, we have to give up. */
2864
2865 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2866 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2867 return FALSE;
2868
2869 /* Now compare the next item with the previous opcode. First, handle cases when
2870 the next item is a character. */
2871
2872 if (next >= 0) switch(op_code)
2873 {
2874 case OP_CHAR:
2875 #ifdef SUPPORT_UTF8
2876 GETCHARTEST(c, previous);
2877 #else
2878 c = *previous;
2879 #endif
2880 return c != next;
2881
2882 /* For CHARI (caseless character) we must check the other case. If we have
2883 Unicode property support, we can use it to test the other case of
2884 high-valued characters. */
2885
2886 case OP_CHARI:
2887 #ifdef SUPPORT_UTF8
2888 GETCHARTEST(c, previous);
2889 #else
2890 c = *previous;
2891 #endif
2892 if (c == next) return FALSE;
2893 #ifdef SUPPORT_UTF8
2894 if (utf8)
2895 {
2896 unsigned int othercase;
2897 if (next < 128) othercase = cd->fcc[next]; else
2898 #ifdef SUPPORT_UCP
2899 othercase = UCD_OTHERCASE((unsigned int)next);
2900 #else
2901 othercase = NOTACHAR;
2902 #endif
2903 return (unsigned int)c != othercase;
2904 }
2905 else
2906 #endif /* SUPPORT_UTF8 */
2907 return (c != cd->fcc[next]); /* Non-UTF-8 mode */
2908
2909 /* For OP_NOT and OP_NOTI, the data is always a single-byte character. These
2910 opcodes are not used for multi-byte characters, because they are coded using
2911 an XCLASS instead. */
2912
2913 case OP_NOT:
2914 return (c = *previous) == next;
2915
2916 case OP_NOTI:
2917 if ((c = *previous) == next) return TRUE;
2918 #ifdef SUPPORT_UTF8
2919 if (utf8)
2920 {
2921 unsigned int othercase;
2922 if (next < 128) othercase = cd->fcc[next]; else
2923 #ifdef SUPPORT_UCP
2924 othercase = UCD_OTHERCASE(next);
2925 #else
2926 othercase = NOTACHAR;
2927 #endif
2928 return (unsigned int)c == othercase;
2929 }
2930 else
2931 #endif /* SUPPORT_UTF8 */
2932 return (c == cd->fcc[next]); /* Non-UTF-8 mode */
2933
2934 /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
2935 When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
2936
2937 case OP_DIGIT:
2938 return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
2939
2940 case OP_NOT_DIGIT:
2941 return next <= 127 && (cd->ctypes[next] & ctype_digit) != 0;
2942
2943 case OP_WHITESPACE:
2944 return next > 127 || (cd->ctypes[next] & ctype_space) == 0;
2945
2946 case OP_NOT_WHITESPACE:
2947 return next <= 127 && (cd->ctypes[next] & ctype_space) != 0;
2948
2949 case OP_WORDCHAR:
2950 return next > 127 || (cd->ctypes[next] & ctype_word) == 0;
2951
2952 case OP_NOT_WORDCHAR:
2953 return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
2954
2955 case OP_HSPACE:
2956 case OP_NOT_HSPACE:
2957 switch(next)
2958 {
2959 case 0x09:
2960 case 0x20:
2961 case 0xa0:
2962 case 0x1680:
2963 case 0x180e:
2964 case 0x2000:
2965 case 0x2001:
2966 case 0x2002:
2967 case 0x2003:
2968 case 0x2004:
2969 case 0x2005:
2970 case 0x2006:
2971 case 0x2007:
2972 case 0x2008:
2973 case 0x2009:
2974 case 0x200A:
2975 case 0x202f:
2976 case 0x205f:
2977 case 0x3000:
2978 return op_code == OP_NOT_HSPACE;
2979 default:
2980 return op_code != OP_NOT_HSPACE;
2981 }
2982
2983 case OP_ANYNL:
2984 case OP_VSPACE:
2985 case OP_NOT_VSPACE:
2986 switch(next)
2987 {
2988 case 0x0a:
2989 case 0x0b:
2990 case 0x0c:
2991 case 0x0d:
2992 case 0x85:
2993 case 0x2028:
2994 case 0x2029:
2995 return op_code == OP_NOT_VSPACE;
2996 default:
2997 return op_code != OP_NOT_VSPACE;
2998 }
2999
3000 #ifdef SUPPORT_UCP
3001 case OP_PROP:
3002 return check_char_prop(next, previous[0], previous[1], FALSE);
3003
3004 case OP_NOTPROP:
3005 return check_char_prop(next, previous[0], previous[1], TRUE);
3006 #endif
3007
3008 default:
3009 return FALSE;
3010 }
3011
3012
3013 /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
3014 is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
3015 generated only when PCRE_UCP is *not* set, that is, when only ASCII
3016 characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
3017 replaced by OP_PROP codes when PCRE_UCP is set. */
3018
3019 switch(op_code)
3020 {
3021 case OP_CHAR:
3022 case OP_CHARI:
3023 #ifdef SUPPORT_UTF8
3024 GETCHARTEST(c, previous);
3025 #else
3026 c = *previous;
3027 #endif
3028 switch(-next)
3029 {
3030 case ESC_d:
3031 return c > 127 || (cd->ctypes[c] & ctype_digit) == 0;
3032
3033 case ESC_D:
3034 return c <= 127 && (cd->ctypes[c] & ctype_digit) != 0;
3035
3036 case ESC_s:
3037 return c > 127 || (cd->ctypes[c] & ctype_space) == 0;
3038
3039 case ESC_S:
3040 return c <= 127 && (cd->ctypes[c] & ctype_space) != 0;
3041
3042 case ESC_w:
3043 return c > 127 || (cd->ctypes[c] & ctype_word) == 0;
3044
3045 case ESC_W:
3046 return c <= 127 && (cd->ctypes[c] & ctype_word) != 0;
3047
3048 case ESC_h:
3049 case ESC_H:
3050 switch(c)
3051 {
3052 case 0x09:
3053 case 0x20:
3054 case 0xa0:
3055 case 0x1680:
3056 case 0x180e:
3057 case 0x2000:
3058 case 0x2001:
3059 case 0x2002:
3060 case 0x2003:
3061 case 0x2004:
3062 case 0x2005:
3063 case 0x2006:
3064 case 0x2007:
3065 case 0x2008:
3066 case 0x2009:
3067 case 0x200A:
3068 case 0x202f:
3069 case 0x205f:
3070 case 0x3000:
3071 return -next != ESC_h;
3072 default:
3073 return -next == ESC_h;
3074 }
3075
3076 case ESC_v:
3077 case ESC_V:
3078 switch(c)
3079 {
3080 case 0x0a:
3081 case 0x0b:
3082 case 0x0c:
3083 case 0x0d:
3084 case 0x85:
3085 case 0x2028:
3086 case 0x2029:
3087 return -next != ESC_v;
3088 default:
3089 return -next == ESC_v;
3090 }
3091
3092 /* When PCRE_UCP is set, these values get generated for \d etc. Find
3093 their substitutions and process them. The result will always be either
3094 -ESC_p or -ESC_P. Then fall through to process those values. */
3095
3096 #ifdef SUPPORT_UCP
3097 case ESC_du:
3098 case ESC_DU:
3099 case ESC_wu:
3100 case ESC_WU:
3101 case ESC_su:
3102 case ESC_SU:
3103 {
3104 int temperrorcode = 0;
3105 ptr = substitutes[-next - ESC_DU];
3106 next = check_escape(&ptr, &temperrorcode, 0, options, FALSE);
3107 if (temperrorcode != 0) return FALSE;
3108 ptr++; /* For compatibility */
3109 }
3110 /* Fall through */
3111
3112 case ESC_p:
3113 case ESC_P:
3114 {
3115 int ptype, pdata, errorcodeptr;
3116 BOOL negated;
3117
3118 ptr--; /* Make ptr point at the p or P */
3119 ptype = get_ucp(&ptr, &negated, &pdata, &errorcodeptr);
3120 if (ptype < 0) return FALSE;
3121 ptr++; /* Point past the final curly ket */
3122
3123 /* If the property item is optional, we have to give up. (When generated
3124 from \d etc by PCRE_UCP, this test will have been applied much earlier,
3125 to the original \d etc. At this point, ptr will point to a zero byte. */
3126
3127 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
3128 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
3129 return FALSE;
3130
3131 /* Do the property check. */
3132
3133 return check_char_prop(c, ptype, pdata, (next == -ESC_P) != negated);
3134 }
3135 #endif
3136
3137 default:
3138 return FALSE;
3139 }
3140
3141 /* In principle, support for Unicode properties should be integrated here as
3142 well. It means re-organizing the above code so as to get hold of the property
3143 values before switching on the op-code. However, I wonder how many patterns
3144 combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
3145 these op-codes are never generated.) */
3146
3147 case OP_DIGIT:
3148 return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
3149 next == -ESC_h || next == -ESC_v || next == -ESC_R;
3150
3151 case OP_NOT_DIGIT:
3152 return next == -ESC_d;
3153
3154 case OP_WHITESPACE:
3155 return next == -ESC_S || next == -ESC_d || next == -ESC_w || next == -ESC_R;
3156
3157 case OP_NOT_WHITESPACE:
3158 return next == -ESC_s || next == -ESC_h || next == -ESC_v;
3159
3160 case OP_HSPACE:
3161 return next == -ESC_S || next == -ESC_H || next == -ESC_d ||
3162 next == -ESC_w || next == -ESC_v || next == -ESC_R;
3163
3164 case OP_NOT_HSPACE:
3165 return next == -ESC_h;
3166
3167 /* Can't have \S in here because VT matches \S (Perl anomaly) */
3168 case OP_ANYNL:
3169 case OP_VSPACE:
3170 return next == -ESC_V || next == -ESC_d || next == -ESC_w;
3171
3172 case OP_NOT_VSPACE:
3173 return next == -ESC_v || next == -ESC_R;
3174
3175 case OP_WORDCHAR:
3176 return next == -ESC_W || next == -ESC_s || next == -ESC_h ||
3177 next == -ESC_v || next == -ESC_R;
3178
3179 case OP_NOT_WORDCHAR:
3180 return next == -ESC_w || next == -ESC_d;
3181
3182 default:
3183 return FALSE;
3184 }
3185
3186 /* Control does not reach here */
3187 }
3188
3189
3190
3191 /*************************************************
3192 * Compile one branch *
3193 *************************************************/
3194
3195 /* Scan the pattern, compiling it into the a vector. If the options are
3196 changed during the branch, the pointer is used to change the external options
3197 bits. This function is used during the pre-compile phase when we are trying
3198 to find out the amount of memory needed, as well as during the real compile
3199 phase. The value of lengthptr distinguishes the two phases.
3200
3201 Arguments:
3202 optionsptr pointer to the option bits
3203 codeptr points to the pointer to the current code point
3204 ptrptr points to the current pattern pointer
3205 errorcodeptr points to error code variable
3206 firstbyteptr set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
3207 reqbyteptr set to the last literal character required, else < 0
3208 bcptr points to current branch chain
3209 cond_depth conditional nesting depth
3210 cd contains pointers to tables etc.
3211 lengthptr NULL during the real compile phase
3212 points to length accumulator during pre-compile phase
3213
3214 Returns: TRUE on success
3215 FALSE, with *errorcodeptr set non-zero on error
3216 */
3217
3218 static BOOL
3219 compile_branch(int *optionsptr, uschar **codeptr, const uschar **ptrptr,
3220 int *errorcodeptr, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
3221 int cond_depth, compile_data *cd, int *lengthptr)
3222 {
3223 int repeat_type, op_type;
3224 int repeat_min = 0, repeat_max = 0; /* To please picky compilers */
3225 int bravalue = 0;
3226 int greedy_default, greedy_non_default;
3227 int firstbyte, reqbyte;
3228 int zeroreqbyte, zerofirstbyte;
3229 int req_caseopt, reqvary, tempreqvary;
3230 int options = *optionsptr; /* May change dynamically */
3231 int after_manual_callout = 0;
3232 int length_prevgroup = 0;
3233 register int c;
3234 register uschar *code = *codeptr;
3235 uschar *last_code = code;
3236 uschar *orig_code = code;
3237 uschar *tempcode;
3238 BOOL inescq = FALSE;
3239 BOOL groupsetfirstbyte = FALSE;
3240 const uschar *ptr = *ptrptr;
3241 const uschar *tempptr;
3242 const uschar *nestptr = NULL;
3243 uschar *previous = NULL;
3244 uschar *previous_callout = NULL;
3245 uschar *save_hwm = NULL;
3246 uschar classbits[32];
3247
3248 /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
3249 must not do this for other options (e.g. PCRE_EXTENDED) because they may change
3250 dynamically as we process the pattern. */
3251
3252 #ifdef SUPPORT_UTF8
3253 BOOL class_utf8;
3254 BOOL utf8 = (options & PCRE_UTF8) != 0;
3255 uschar *class_utf8data;
3256 uschar *class_utf8data_base;
3257 uschar utf8_char[6];
3258 #else
3259 BOOL utf8 = FALSE;
3260 #endif
3261
3262 #ifdef PCRE_DEBUG
3263 if (lengthptr != NULL) DPRINTF((">> start branch\n"));
3264 #endif
3265
3266 /* Set up the default and non-default settings for greediness */
3267
3268 greedy_default = ((options & PCRE_UNGREEDY) != 0);
3269 greedy_non_default = greedy_default ^ 1;
3270
3271 /* Initialize no first byte, no required byte. REQ_UNSET means "no char
3272 matching encountered yet". It gets changed to REQ_NONE if we hit something that
3273 matches a non-fixed char first char; reqbyte just remains unset if we never
3274 find one.
3275
3276 When we hit a repeat whose minimum is zero, we may have to adjust these values
3277 to take the zero repeat into account. This is implemented by setting them to
3278 zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
3279 item types that can be repeated set these backoff variables appropriately. */
3280
3281 firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
3282
3283 /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
3284 according to the current setting of the caseless flag. REQ_CASELESS is a bit
3285 value > 255. It is added into the firstbyte or reqbyte variables to record the
3286 case status of the value. This is used only for ASCII characters. */
3287
3288 req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
3289
3290 /* Switch on next character until the end of the branch */
3291
3292 for (;; ptr++)
3293 {
3294 BOOL negate_class;
3295 BOOL should_flip_negation;
3296 BOOL possessive_quantifier;
3297 BOOL is_quantifier;
3298 BOOL is_recurse;
3299 BOOL reset_bracount;
3300 int class_charcount;
3301 int class_lastchar;
3302 int newoptions;
3303 int recno;
3304 int refsign;
3305 int skipbytes;
3306 int subreqbyte;
3307 int subfirstbyte;
3308 int terminator;
3309 int mclength;
3310 int tempbracount;
3311 uschar mcbuffer[8];
3312
3313 /* Get next byte in the pattern */
3314
3315 c = *ptr;
3316
3317 /* If we are at the end of a nested substitution, revert to the outer level
3318 string. Nesting only happens one level deep. */
3319
3320 if (c == 0 && nestptr != NULL)
3321 {
3322 ptr = nestptr;
3323 nestptr = NULL;
3324 c = *ptr;
3325 }
3326
3327 /* If we are in the pre-compile phase, accumulate the length used for the
3328 previous cycle of this loop. */
3329
3330 if (lengthptr != NULL)
3331 {
3332 #ifdef PCRE_DEBUG
3333 if (code > cd->hwm) cd->hwm = code; /* High water info */
3334 #endif
3335 if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
3336 {
3337 *errorcodeptr = ERR52;
3338 goto FAILED;
3339 }
3340
3341 /* There is at least one situation where code goes backwards: this is the
3342 case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
3343 the class is simply eliminated. However, it is created first, so we have to
3344 allow memory for it. Therefore, don't ever reduce the length at this point.
3345 */
3346
3347 if (code < last_code) code = last_code;
3348
3349 /* Paranoid check for integer overflow */
3350
3351 if (OFLOW_MAX - *lengthptr < code - last_code)
3352 {
3353 *errorcodeptr = ERR20;
3354 goto FAILED;
3355 }
3356
3357 *lengthptr += (int)(code - last_code);
3358 DPRINTF(("length=%d added %d c=%c\n", *lengthptr, (int)(code - last_code),
3359 c));
3360
3361 /* If "previous" is set and it is not at the start of the work space, move
3362 it back to there, in order to avoid filling up the work space. Otherwise,
3363 if "previous" is NULL, reset the current code pointer to the start. */
3364
3365 if (previous != NULL)
3366 {
3367 if (previous > orig_code)
3368 {
3369 memmove(orig_code, previous, code - previous);
3370 code -= previous - orig_code;
3371 previous = orig_code;
3372 }
3373 }
3374 else code = orig_code;
3375
3376 /* Remember where this code item starts so we can pick up the length
3377 next time round. */
3378
3379 last_code = code;
3380 }
3381
3382 /* In the real compile phase, just check the workspace used by the forward
3383 reference list. */
3384
3385 else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
3386 {
3387 *errorcodeptr = ERR52;
3388 goto FAILED;
3389 }
3390
3391 /* If in \Q...\E, check for the end; if not, we have a literal */
3392
3393 if (inescq && c != 0)
3394 {
3395 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3396 {
3397 inescq = FALSE;
3398 ptr++;
3399 continue;
3400 }
3401 else
3402 {
3403 if (previous_callout != NULL)
3404 {
3405 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3406 complete_callout(previous_callout, ptr, cd);
3407 previous_callout = NULL;
3408 }
3409 if ((options & PCRE_AUTO_CALLOUT) != 0)
3410 {
3411 previous_callout = code;
3412 code = auto_callout(code, ptr, cd);
3413 }
3414 goto NORMAL_CHAR;
3415 }
3416 }
3417
3418 /* Fill in length of a previous callout, except when the next thing is
3419 a quantifier. */
3420
3421 is_quantifier =
3422 c == CHAR_ASTERISK || c == CHAR_PLUS || c == CHAR_QUESTION_MARK ||
3423 (c == CHAR_LEFT_CURLY_BRACKET && is_counted_repeat(ptr+1));
3424
3425 if (!is_quantifier && previous_callout != NULL &&
3426 after_manual_callout-- <= 0)
3427 {
3428 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3429 complete_callout(previous_callout, ptr, cd);
3430 previous_callout = NULL;
3431 }
3432
3433 /* In extended mode, skip white space and comments. */
3434
3435 if ((options & PCRE_EXTENDED) != 0)
3436 {
3437 if ((cd->ctypes[c] & ctype_space) != 0) continue;
3438 if (c == CHAR_NUMBER_SIGN)
3439 {
3440 ptr++;
3441 while (*ptr != 0)
3442 {
3443 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
3444 ptr++;
3445 #ifdef SUPPORT_UTF8
3446 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
3447 #endif
3448 }
3449 if (*ptr != 0) continue;
3450
3451 /* Else fall through to handle end of string */
3452 c = 0;
3453 }
3454 }
3455
3456 /* No auto callout for quantifiers. */
3457
3458 if ((options & PCRE_AUTO_CALLOUT) != 0 && !is_quantifier)
3459 {
3460 previous_callout = code;
3461 code = auto_callout(code, ptr, cd);
3462 }
3463
3464 switch(c)
3465 {
3466 /* ===================================================================*/
3467 case 0: /* The branch terminates at string end */
3468 case CHAR_VERTICAL_LINE: /* or | or ) */
3469 case CHAR_RIGHT_PARENTHESIS:
3470 *firstbyteptr = firstbyte;
3471 *reqbyteptr = reqbyte;
3472 *codeptr = code;
3473 *ptrptr = ptr;
3474 if (lengthptr != NULL)
3475 {
3476 if (OFLOW_MAX - *lengthptr < code - last_code)
3477 {
3478 *errorcodeptr = ERR20;
3479 goto FAILED;
3480 }
3481 *lengthptr += (int)(code - last_code); /* To include callout length */
3482 DPRINTF((">> end branch\n"));
3483 }
3484 return TRUE;
3485
3486
3487 /* ===================================================================*/
3488 /* Handle single-character metacharacters. In multiline mode, ^ disables
3489 the setting of any following char as a first character. */
3490
3491 case CHAR_CIRCUMFLEX_ACCENT:
3492 previous = NULL;
3493 if ((options & PCRE_MULTILINE) != 0)
3494 {
3495 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3496 *code++ = OP_CIRCM;
3497 }
3498 else *code++ = OP_CIRC;
3499 break;
3500
3501 case CHAR_DOLLAR_SIGN:
3502 previous = NULL;
3503 *code++ = ((options & PCRE_MULTILINE) != 0)? OP_DOLLM : OP_DOLL;
3504 break;
3505
3506 /* There can never be a first char if '.' is first, whatever happens about
3507 repeats. The value of reqbyte doesn't change either. */
3508
3509 case CHAR_DOT:
3510 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3511 zerofirstbyte = firstbyte;
3512 zeroreqbyte = reqbyte;
3513 previous = code;
3514 *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
3515 break;
3516
3517
3518 /* ===================================================================*/
3519 /* Character classes. If the included characters are all < 256, we build a
3520 32-byte bitmap of the permitted characters, except in the special case
3521 where there is only one such character. For negated classes, we build the
3522 map as usual, then invert it at the end. However, we use a different opcode
3523 so that data characters > 255 can be handled correctly.
3524
3525 If the class contains characters outside the 0-255 range, a different
3526 opcode is compiled. It may optionally have a bit map for characters < 256,
3527 but those above are are explicitly listed afterwards. A flag byte tells
3528 whether the bitmap is present, and whether this is a negated class or not.
3529
3530 In JavaScript compatibility mode, an isolated ']' causes an error. In
3531 default (Perl) mode, it is treated as a data character. */
3532
3533 case CHAR_RIGHT_SQUARE_BRACKET:
3534 if ((cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3535 {
3536 *errorcodeptr = ERR64;
3537 goto FAILED;
3538 }
3539 goto NORMAL_CHAR;
3540
3541 case CHAR_LEFT_SQUARE_BRACKET:
3542 previous = code;
3543
3544 /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
3545 they are encountered at the top level, so we'll do that too. */
3546
3547 if ((ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3548 ptr[1] == CHAR_EQUALS_SIGN) &&
3549 check_posix_syntax(ptr, &tempptr))
3550 {
3551 *errorcodeptr = (ptr[1] == CHAR_COLON)? ERR13 : ERR31;
3552 goto FAILED;
3553 }
3554
3555 /* If the first character is '^', set the negation flag and skip it. Also,
3556 if the first few characters (either before or after ^) are \Q\E or \E we
3557 skip them too. This makes for compatibility with Perl. */
3558
3559 negate_class = FALSE;
3560 for (;;)
3561 {
3562 c = *(++ptr);
3563 if (c == CHAR_BACKSLASH)
3564 {
3565 if (ptr[1] == CHAR_E)
3566 ptr++;
3567 else if (strncmp((const char *)ptr+1,
3568 STR_Q STR_BACKSLASH STR_E, 3) == 0)
3569 ptr += 3;
3570 else
3571 break;
3572 }
3573 else if (!negate_class && c == CHAR_CIRCUMFLEX_ACCENT)
3574 negate_class = TRUE;
3575 else break;
3576 }
3577
3578 /* Empty classes are allowed in JavaScript compatibility mode. Otherwise,
3579 an initial ']' is taken as a data character -- the code below handles
3580 that. In JS mode, [] must always fail, so generate OP_FAIL, whereas
3581 [^] must match any character, so generate OP_ALLANY. */
3582
3583 if (c == CHAR_RIGHT_SQUARE_BRACKET &&
3584 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3585 {
3586 *code++ = negate_class? OP_ALLANY : OP_FAIL;
3587 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3588 zerofirstbyte = firstbyte;
3589 break;
3590 }
3591
3592 /* If a class contains a negative special such as \S, we need to flip the
3593 negation flag at the end, so that support for characters > 255 works
3594 correctly (they are all included in the class). */
3595
3596 should_flip_negation = FALSE;
3597
3598 /* Keep a count of chars with values < 256 so that we can optimize the case
3599 of just a single character (as long as it's < 256). However, For higher
3600 valued UTF-8 characters, we don't yet do any optimization. */
3601
3602 class_charcount = 0;
3603 class_lastchar = -1;
3604
3605 /* Initialize the 32-char bit map to all zeros. We build the map in a
3606 temporary bit of memory, in case the class contains only 1 character (less
3607 than 256), because in that case the compiled code doesn't use the bit map.
3608 */
3609
3610 memset(classbits, 0, 32 * sizeof(uschar));
3611
3612 #ifdef SUPPORT_UTF8
3613 class_utf8 = FALSE; /* No chars >= 256 */
3614 class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
3615 class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
3616 #endif
3617
3618 /* Process characters until ] is reached. By writing this as a "do" it
3619 means that an initial ] is taken as a data character. At the start of the
3620 loop, c contains the first byte of the character. */
3621
3622 if (c != 0) do
3623 {
3624 const uschar *oldptr;
3625
3626 #ifdef SUPPORT_UTF8
3627 if (utf8 && c > 127)
3628 { /* Braces are required because the */
3629 GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
3630 }
3631
3632 /* In the pre-compile phase, accumulate the length of any UTF-8 extra
3633 data and reset the pointer. This is so that very large classes that
3634 contain a zillion UTF-8 characters no longer overwrite the work space
3635 (which is on the stack). */
3636
3637 if (lengthptr != NULL)
3638 {
3639 *lengthptr += class_utf8data - class_utf8data_base;
3640 class_utf8data = class_utf8data_base;
3641 }
3642
3643 #endif
3644
3645 /* Inside \Q...\E everything is literal except \E */
3646
3647 if (inescq)
3648 {
3649 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E) /* If we are at \E */
3650 {
3651 inescq = FALSE; /* Reset literal state */
3652 ptr++; /* Skip the 'E' */
3653 continue; /* Carry on with next */
3654 }
3655 goto CHECK_RANGE; /* Could be range if \E follows */
3656 }
3657
3658 /* Handle POSIX class names. Perl allows a negation extension of the
3659 form [:^name:]. A square bracket that doesn't match the syntax is
3660 treated as a literal. We also recognize the POSIX constructions
3661 [.ch.] and [=ch=] ("collating elements") and fault them, as Perl
3662 5.6 and 5.8 do. */
3663
3664 if (c == CHAR_LEFT_SQUARE_BRACKET &&
3665 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3666 ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &tempptr))
3667 {
3668 BOOL local_negate = FALSE;
3669 int posix_class, taboffset, tabopt;
3670 register const uschar *cbits = cd->cbits;
3671 uschar pbits[32];
3672
3673 if (ptr[1] != CHAR_COLON)
3674 {
3675 *errorcodeptr = ERR31;
3676 goto FAILED;
3677 }
3678
3679 ptr += 2;
3680 if (*ptr == CHAR_CIRCUMFLEX_ACCENT)
3681 {
3682 local_negate = TRUE;
3683 should_flip_negation = TRUE; /* Note negative special */
3684 ptr++;
3685 }
3686
3687 posix_class = check_posix_name(ptr, (int)(tempptr - ptr));
3688 if (posix_class < 0)
3689 {
3690 *errorcodeptr = ERR30;
3691 goto FAILED;
3692 }
3693
3694 /* If matching is caseless, upper and lower are converted to
3695 alpha. This relies on the fact that the class table starts with
3696 alpha, lower, upper as the first 3 entries. */
3697
3698 if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)
3699 posix_class = 0;
3700
3701 /* When PCRE_UCP is set, some of the POSIX classes are converted to
3702 different escape sequences that use Unicode properties. */
3703
3704 #ifdef SUPPORT_UCP
3705 if ((options & PCRE_UCP) != 0)
3706 {
3707 int pc = posix_class + ((local_negate)? POSIX_SUBSIZE/2 : 0);
3708 if (posix_substitutes[pc] != NULL)
3709 {
3710 nestptr = tempptr + 1;
3711 ptr = posix_substitutes[pc] - 1;
3712 continue;
3713 }
3714 }
3715 #endif
3716 /* In the non-UCP case, we build the bit map for the POSIX class in a
3717 chunk of local store because we may be adding and subtracting from it,
3718 and we don't want to subtract bits that may be in the main map already.
3719 At the end we or the result into the bit map that is being built. */
3720
3721 posix_class *= 3;
3722
3723 /* Copy in the first table (always present) */
3724
3725 memcpy(pbits, cbits + posix_class_maps[posix_class],
3726 32 * sizeof(uschar));
3727
3728 /* If there is a second table, add or remove it as required. */
3729
3730 taboffset = posix_class_maps[posix_class + 1];
3731 tabopt = posix_class_maps[posix_class + 2];
3732
3733 if (taboffset >= 0)
3734 {
3735 if (tabopt >= 0)
3736 for (c = 0; c < 32; c++) pbits[c] |= cbits[c + taboffset];
3737 else
3738 for (c = 0; c < 32; c++) pbits[c] &= ~cbits[c + taboffset];
3739 }
3740
3741 /* Not see if we need to remove any special characters. An option
3742 value of 1 removes vertical space and 2 removes underscore. */
3743
3744 if (tabopt < 0) tabopt = -tabopt;
3745 if (tabopt == 1) pbits[1] &= ~0x3c;
3746 else if (tabopt == 2) pbits[11] &= 0x7f;
3747
3748 /* Add the POSIX table or its complement into the main table that is
3749 being built and we are done. */
3750
3751 if (local_negate)
3752 for (c = 0; c < 32; c++) classbits[c] |= ~pbits[c];
3753 else
3754 for (c = 0; c < 32; c++) classbits[c] |= pbits[c];
3755
3756 ptr = tempptr + 1;
3757 class_charcount = 10; /* Set > 1; assumes more than 1 per class */
3758 continue; /* End of POSIX syntax handling */
3759 }
3760
3761 /* Backslash may introduce a single character, or it may introduce one
3762 of the specials, which just set a flag. The sequence \b is a special
3763 case. Inside a class (and only there) it is treated as backspace. We
3764 assume that other escapes have more than one character in them, so set
3765 class_charcount bigger than one. Unrecognized escapes fall through and
3766 are either treated as literal characters (by default), or are faulted if
3767 PCRE_EXTRA is set. */
3768
3769 if (c == CHAR_BACKSLASH)
3770 {
3771 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
3772 if (*errorcodeptr != 0) goto FAILED;
3773
3774 if (-c == ESC_b) c = CHAR_BS; /* \b is backspace in a class */
3775 else if (-c == ESC_N) /* \N is not supported in a class */
3776 {
3777 *errorcodeptr = ERR71;
3778 goto FAILED;
3779 }
3780 else if (-c == ESC_Q) /* Handle start of quoted string */
3781 {
3782 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
3783 {
3784 ptr += 2; /* avoid empty string */
3785 }
3786 else inescq = TRUE;
3787 continue;
3788 }
3789 else if (-c == ESC_E) continue; /* Ignore orphan \E */
3790
3791 if (c < 0)
3792 {
3793 register const uschar *cbits = cd->cbits;
3794 class_charcount += 2; /* Greater than 1 is what matters */
3795
3796 switch (-c)
3797 {
3798 #ifdef SUPPORT_UCP
3799 case ESC_du: /* These are the values given for \d etc */
3800 case ESC_DU: /* when PCRE_UCP is set. We replace the */
3801 case ESC_wu: /* escape sequence with an appropriate \p */
3802 case ESC_WU: /* or \P to test Unicode properties instead */
3803 case ESC_su: /* of the default ASCII testing. */
3804 case ESC_SU:
3805 nestptr = ptr;
3806 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
3807 class_charcount -= 2; /* Undo! */
3808 continue;
3809 #endif
3810 case ESC_d:
3811 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
3812 continue;
3813
3814 case ESC_D:
3815 should_flip_negation = TRUE;
3816 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];
3817 continue;
3818
3819 case ESC_w:
3820 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_word];
3821 continue;
3822
3823 case ESC_W:
3824 should_flip_negation = TRUE;
3825 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];
3826 continue;
3827
3828 /* Perl 5.004 onwards omits VT from \s, but we must preserve it
3829 if it was previously set by something earlier in the character
3830 class. */
3831
3832 case ESC_s:
3833 classbits[0] |= cbits[cbit_space];
3834 classbits[1] |= cbits[cbit_space+1] & ~0x08;
3835 for (c = 2; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
3836 continue;
3837
3838 case ESC_S:
3839 should_flip_negation = TRUE;
3840 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];
3841 classbits[1] |= 0x08; /* Perl 5.004 onwards omits VT from \s */
3842 continue;
3843
3844 case ESC_h:
3845 SETBIT(classbits, 0x09); /* VT */
3846 SETBIT(classbits, 0x20); /* SPACE */
3847 SETBIT(classbits, 0xa0); /* NSBP */
3848 #ifdef SUPPORT_UTF8
3849 if (utf8)
3850 {
3851 class_utf8 = TRUE;
3852 *class_utf8data++ = XCL_SINGLE;
3853 class_utf8data += _pcre_ord2utf8(0x1680, class_utf8data);
3854 *class_utf8data++ = XCL_SINGLE;
3855 class_utf8data += _pcre_ord2utf8(0x180e, class_utf8data);
3856 *class_utf8data++ = XCL_RANGE;
3857 class_utf8data += _pcre_ord2utf8(0x2000, class_utf8data);
3858 class_utf8data += _pcre_ord2utf8(0x200A, class_utf8data);
3859 *class_utf8data++ = XCL_SINGLE;
3860 class_utf8data += _pcre_ord2utf8(0x202f, class_utf8data);
3861 *class_utf8data++ = XCL_SINGLE;
3862 class_utf8data += _pcre_ord2utf8(0x205f, class_utf8data);
3863 *class_utf8data++ = XCL_SINGLE;
3864 class_utf8data += _pcre_ord2utf8(0x3000, class_utf8data);
3865 }
3866 #endif
3867 continue;
3868
3869 case ESC_H:
3870 for (c = 0; c < 32; c++)
3871 {
3872 int x = 0xff;
3873 switch (c)
3874 {
3875 case 0x09/8: x ^= 1 << (0x09%8); break;
3876 case 0x20/8: x ^= 1 << (0x20%8); break;
3877 case 0xa0/8: x ^= 1 << (0xa0%8); break;
3878 default: break;
3879 }
3880 classbits[c] |= x;
3881 }
3882
3883 #ifdef SUPPORT_UTF8
3884 if (utf8)
3885 {
3886 class_utf8 = TRUE;
3887 *class_utf8data++ = XCL_RANGE;
3888 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3889 class_utf8data += _pcre_ord2utf8(0x167f, class_utf8data);
3890 *class_utf8data++ = XCL_RANGE;
3891 class_utf8data += _pcre_ord2utf8(0x1681, class_utf8data);
3892 class_utf8data += _pcre_ord2utf8(0x180d, class_utf8data);
3893 *class_utf8data++ = XCL_RANGE;
3894 class_utf8data += _pcre_ord2utf8(0x180f, class_utf8data);
3895 class_utf8data += _pcre_ord2utf8(0x1fff, class_utf8data);
3896 *class_utf8data++ = XCL_RANGE;
3897 class_utf8data += _pcre_ord2utf8(0x200B, class_utf8data);
3898 class_utf8data += _pcre_ord2utf8(0x202e, class_utf8data);
3899 *class_utf8data++ = XCL_RANGE;
3900 class_utf8data += _pcre_ord2utf8(0x2030, class_utf8data);
3901 class_utf8data += _pcre_ord2utf8(0x205e, class_utf8data);
3902 *class_utf8data++ = XCL_RANGE;
3903 class_utf8data += _pcre_ord2utf8(0x2060, class_utf8data);
3904 class_utf8data += _pcre_ord2utf8(0x2fff, class_utf8data);
3905 *class_utf8data++ = XCL_RANGE;
3906 class_utf8data += _pcre_ord2utf8(0x3001, class_utf8data);
3907 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3908 }
3909 #endif
3910 continue;
3911
3912 case ESC_v:
3913 SETBIT(classbits, 0x0a); /* LF */
3914 SETBIT(classbits, 0x0b); /* VT */
3915 SETBIT(classbits, 0x0c); /* FF */
3916 SETBIT(classbits, 0x0d); /* CR */
3917 SETBIT(classbits, 0x85); /* NEL */
3918 #ifdef SUPPORT_UTF8
3919 if (utf8)
3920 {
3921 class_utf8 = TRUE;
3922 *class_utf8data++ = XCL_RANGE;
3923 class_utf8data += _pcre_ord2utf8(0x2028, class_utf8data);
3924 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3925 }
3926 #endif
3927 continue;
3928
3929 case ESC_V:
3930 for (c = 0; c < 32; c++)
3931 {
3932 int x = 0xff;
3933 switch (c)
3934 {
3935 case 0x0a/8: x ^= 1 << (0x0a%8);
3936 x ^= 1 << (0x0b%8);
3937 x ^= 1 << (0x0c%8);
3938 x ^= 1 << (0x0d%8);
3939 break;
3940 case 0x85/8: x ^= 1 << (0x85%8); break;
3941 default: break;
3942 }
3943 classbits[c] |= x;
3944 }
3945
3946 #ifdef SUPPORT_UTF8
3947 if (utf8)
3948 {
3949 class_utf8 = TRUE;
3950 *class_utf8data++ = XCL_RANGE;
3951 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3952 class_utf8data += _pcre_ord2utf8(0x2027, class_utf8data);
3953 *class_utf8data++ = XCL_RANGE;
3954 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3955 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3956 }
3957 #endif
3958 continue;
3959
3960 #ifdef SUPPORT_UCP
3961 case ESC_p:
3962 case ESC_P:
3963 {
3964 BOOL negated;
3965 int pdata;
3966 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
3967 if (ptype < 0) goto FAILED;
3968 class_utf8 = TRUE;
3969 *class_utf8data++ = ((-c == ESC_p) != negated)?
3970 XCL_PROP : XCL_NOTPROP;
3971 *class_utf8data++ = ptype;
3972 *class_utf8data++ = pdata;
3973 class_charcount -= 2; /* Not a < 256 character */
3974 continue;
3975 }
3976 #endif
3977 /* Unrecognized escapes are faulted if PCRE is running in its
3978 strict mode. By default, for compatibility with Perl, they are
3979 treated as literals. */
3980
3981 default:
3982 if ((options & PCRE_EXTRA) != 0)
3983 {
3984 *errorcodeptr = ERR7;
3985 goto FAILED;
3986 }
3987 class_charcount -= 2; /* Undo the default count from above */
3988 c = *ptr; /* Get the final character and fall through */
3989 break;
3990 }
3991 }
3992
3993 /* Fall through if we have a single character (c >= 0). This may be
3994 greater than 256 in UTF-8 mode. */
3995
3996 } /* End of backslash handling */
3997
3998 /* A single character may be followed by '-' to form a range. However,
3999 Perl does not permit ']' to be the end of the range. A '-' character
4000 at the end is treated as a literal. Perl ignores orphaned \E sequences
4001 entirely. The code for handling \Q and \E is messy. */
4002
4003 CHECK_RANGE:
4004 while (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
4005 {
4006 inescq = FALSE;
4007 ptr += 2;
4008 }
4009
4010 oldptr = ptr;
4011
4012 /* Remember \r or \n */
4013
4014 if (c == CHAR_CR || c == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
4015
4016 /* Check for range */
4017
4018 if (!inescq && ptr[1] == CHAR_MINUS)
4019 {
4020 int d;
4021 ptr += 2;
4022 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E) ptr += 2;
4023
4024 /* If we hit \Q (not followed by \E) at this point, go into escaped
4025 mode. */
4026
4027 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
4028 {
4029 ptr += 2;
4030 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E)
4031 { ptr += 2; continue; }
4032 inescq = TRUE;
4033 break;
4034 }
4035
4036 if (*ptr == 0 || (!inescq && *ptr == CHAR_RIGHT_SQUARE_BRACKET))
4037 {
4038 ptr = oldptr;
4039 goto LONE_SINGLE_CHARACTER;
4040 }
4041
4042 #ifdef SUPPORT_UTF8
4043 if (utf8)
4044 { /* Braces are required because the */
4045 GETCHARLEN(d, ptr, ptr); /* macro generates multiple statements */
4046 }
4047 else
4048 #endif
4049 d = *ptr; /* Not UTF-8 mode */
4050
4051 /* The second part of a range can be a single-character escape, but
4052 not any of the other escapes. Perl 5.6 treats a hyphen as a literal
4053 in such circumstances. */
4054
4055 if (!inescq && d == CHAR_BACKSLASH)
4056 {
4057 d = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
4058 if (*errorcodeptr != 0) goto FAILED;
4059
4060 /* \b is backspace; any other special means the '-' was literal */
4061
4062 if (d < 0)
4063 {
4064 if (d == -ESC_b) d = CHAR_BS; else
4065 {
4066 ptr = oldptr;
4067 goto LONE_SINGLE_CHARACTER; /* A few lines below */
4068 }
4069 }
4070 }
4071
4072 /* Check that the two values are in the correct order. Optimize
4073 one-character ranges */
4074
4075 if (d < c)
4076 {
4077 *errorcodeptr = ERR8;
4078 goto FAILED;
4079 }
4080
4081 if (d == c) goto LONE_SINGLE_CHARACTER; /* A few lines below */
4082
4083 /* Remember \r or \n */
4084
4085 if (d == CHAR_CR || d == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
4086
4087 /* In UTF-8 mode, if the upper limit is > 255, or > 127 for caseless
4088 matching, we have to use an XCLASS with extra data items. Caseless
4089 matching for characters > 127 is available only if UCP support is
4090 available. */
4091
4092 #ifdef SUPPORT_UTF8
4093 if (utf8 && (d > 255 || ((options & PCRE_CASELESS) != 0 && d > 127)))
4094 {
4095 class_utf8 = TRUE;
4096
4097 /* With UCP support, we can find the other case equivalents of
4098 the relevant characters. There may be several ranges. Optimize how
4099 they fit with the basic range. */
4100
4101 #ifdef SUPPORT_UCP
4102 if ((options & PCRE_CASELESS) != 0)
4103 {
4104 unsigned int occ, ocd;
4105 unsigned int cc = c;
4106 unsigned int origd = d;
4107 while (get_othercase_range(&cc, origd, &occ, &ocd))
4108 {
4109 if (occ >= (unsigned int)c &&
4110 ocd <= (unsigned int)d)
4111 continue; /* Skip embedded ranges */
4112
4113 if (occ < (unsigned int)c &&
4114 ocd >= (unsigned int)c - 1) /* Extend the basic range */
4115 { /* if there is overlap, */
4116 c = occ; /* noting that if occ < c */
4117 continue; /* we can't have ocd > d */
4118 } /* because a subrange is */
4119 if (ocd > (unsigned int)d &&
4120 occ <= (unsigned int)d + 1) /* always shorter than */
4121 { /* the basic range. */
4122 d = ocd;
4123 continue;
4124 }
4125
4126 if (occ == ocd)
4127 {
4128 *class_utf8data++ = XCL_SINGLE;
4129 }
4130 else
4131 {
4132 *class_utf8data++ = XCL_RANGE;
4133 class_utf8data += _pcre_ord2utf8(occ, class_utf8data);
4134 }
4135 class_utf8data += _pcre_ord2utf8(ocd, class_utf8data);
4136 }
4137 }
4138 #endif /* SUPPORT_UCP */
4139
4140 /* Now record the original range, possibly modified for UCP caseless
4141 overlapping ranges. */
4142
4143 *class_utf8data++ = XCL_RANGE;
4144 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
4145 class_utf8data += _pcre_ord2utf8(d, class_utf8data);
4146
4147 /* With UCP support, we are done. Without UCP support, there is no
4148 caseless matching for UTF-8 characters > 127; we can use the bit map
4149 for the smaller ones. */
4150
4151 #ifdef SUPPORT_UCP
4152 continue; /* With next character in the class */
4153 #else
4154 if ((options & PCRE_CASELESS) == 0 || c > 127) continue;
4155
4156 /* Adjust upper limit and fall through to set up the map */
4157
4158 d = 127;
4159
4160 #endif /* SUPPORT_UCP */
4161 }
4162 #endif /* SUPPORT_UTF8 */
4163
4164 /* We use the bit map for all cases when not in UTF-8 mode; else
4165 ranges that lie entirely within 0-127 when there is UCP support; else
4166 for partial ranges without UCP support. */
4167
4168 class_charcount += d - c + 1;
4169 class_lastchar = d;
4170
4171 /* We can save a bit of time by skipping this in the pre-compile. */
4172
4173 if (lengthptr == NULL) for (; c <= d; c++)
4174 {
4175 classbits[c/8] |= (1 << (c&7));
4176 if ((options & PCRE_CASELESS) != 0)
4177 {
4178 int uc = cd->fcc[c]; /* flip case */
4179 classbits[uc/8] |= (1 << (uc&7));
4180 }
4181 }
4182
4183 continue; /* Go get the next char in the class */
4184 }
4185
4186 /* Handle a lone single character - we can get here for a normal
4187 non-escape char, or after \ that introduces a single character or for an
4188 apparent range that isn't. */
4189
4190 LONE_SINGLE_CHARACTER:
4191
4192 /* Handle a character that cannot go in the bit map */
4193
4194 #ifdef SUPPORT_UTF8
4195 if (utf8 && (c > 255 || ((options & PCRE_CASELESS) != 0 && c > 127)))
4196 {
4197 class_utf8 = TRUE;
4198 *class_utf8data++ = XCL_SINGLE;
4199 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
4200
4201 #ifdef SUPPORT_UCP
4202 if ((options & PCRE_CASELESS) != 0)
4203 {
4204 unsigned int othercase;
4205 if ((othercase = UCD_OTHERCASE(c)) != c)
4206 {
4207 *class_utf8data++ = XCL_SINGLE;
4208 class_utf8data += _pcre_ord2utf8(othercase, class_utf8data);
4209 }
4210 }
4211 #endif /* SUPPORT_UCP */
4212
4213 }
4214 else
4215 #endif /* SUPPORT_UTF8 */
4216
4217 /* Handle a single-byte character */
4218 {
4219 classbits[c/8] |= (1 << (c&7));
4220 if ((options & PCRE_CASELESS) != 0)
4221 {
4222 c = cd->fcc[c]; /* flip case */
4223 classbits[c/8] |= (1 << (c&7));
4224 }
4225 class_charcount++;
4226 class_lastchar = c;
4227 }
4228 }
4229
4230 /* Loop until ']' reached. This "while" is the end of the "do" far above.
4231 If we are at the end of an internal nested string, revert to the outer
4232 string. */
4233
4234 while (((c = *(++ptr)) != 0 ||
4235 (nestptr != NULL &&
4236 (ptr = nestptr, nestptr = NULL, c = *(++ptr)) != 0)) &&
4237 (c != CHAR_RIGHT_SQUARE_BRACKET || inescq));
4238
4239 /* Check for missing terminating ']' */
4240
4241 if (c == 0)
4242 {
4243 *errorcodeptr = ERR6;
4244 goto FAILED;
4245 }
4246
4247 /* If class_charcount is 1, we saw precisely one character whose value is
4248 less than 256. As long as there were no characters >= 128 and there was no
4249 use of \p or \P, in other words, no use of any XCLASS features, we can
4250 optimize.
4251
4252 In UTF-8 mode, we can optimize the negative case only if there were no
4253 characters >= 128 because OP_NOT and the related opcodes like OP_NOTSTAR
4254 operate on single-bytes characters only. This is an historical hangover.
4255 Maybe one day we can tidy these opcodes to handle multi-byte characters.
4256
4257 The optimization throws away the bit map. We turn the item into a
4258 1-character OP_CHAR[I] if it's positive, or OP_NOT[I] if it's negative.
4259 Note that OP_NOT[I] does not support multibyte characters. In the positive
4260 case, it can cause firstbyte to be set. Otherwise, there can be no first
4261 char if this item is first, whatever repeat count may follow. In the case
4262 of reqbyte, save the previous value for reinstating. */
4263
4264 #ifdef SUPPORT_UTF8
4265 if (class_charcount == 1 && !class_utf8 &&
4266 (!utf8 || !negate_class || class_lastchar < 128))
4267 #else
4268 if (class_charcount == 1)
4269 #endif
4270 {
4271 zeroreqbyte = reqbyte;
4272
4273 /* The OP_NOT[I] opcodes work on one-byte characters only. */
4274
4275 if (negate_class)
4276 {
4277 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4278 zerofirstbyte = firstbyte;
4279 *code++ = ((options & PCRE_CASELESS) != 0)? OP_NOTI: OP_NOT;
4280 *code++ = class_lastchar;
4281 break;
4282 }
4283
4284 /* For a single, positive character, get the value into mcbuffer, and
4285 then we can handle this with the normal one-character code. */
4286
4287 #ifdef SUPPORT_UTF8
4288 if (utf8 && class_lastchar > 127)
4289 mclength = _pcre_ord2utf8(class_lastchar, mcbuffer);
4290 else
4291 #endif
4292 {
4293 mcbuffer[0] = class_lastchar;
4294 mclength = 1;
4295 }
4296 goto ONE_CHAR;
4297 } /* End of 1-char optimization */
4298
4299 /* The general case - not the one-char optimization. If this is the first
4300 thing in the branch, there can be no first char setting, whatever the
4301 repeat count. Any reqbyte setting must remain unchanged after any kind of
4302 repeat. */
4303
4304 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4305 zerofirstbyte = firstbyte;
4306 zeroreqbyte = reqbyte;
4307
4308 /* If there are characters with values > 255, we have to compile an
4309 extended class, with its own opcode, unless there was a negated special
4310 such as \S in the class, and PCRE_UCP is not set, because in that case all
4311 characters > 255 are in the class, so any that were explicitly given as
4312 well can be ignored. If (when there are explicit characters > 255 that must
4313 be listed) there are no characters < 256, we can omit the bitmap in the
4314 actual compiled code. */
4315
4316 #ifdef SUPPORT_UTF8
4317 if (class_utf8 && (!should_flip_negation || (options & PCRE_UCP) != 0))
4318 {
4319 *class_utf8data++ = XCL_END; /* Marks the end of extra data */
4320 *code++ = OP_XCLASS;
4321 code += LINK_SIZE;
4322 *code = negate_class? XCL_NOT : 0;
4323
4324 /* If the map is required, move up the extra data to make room for it;
4325 otherwise just move the code pointer to the end of the extra data. */
4326
4327 if (class_charcount > 0)
4328 {
4329 *code++ |= XCL_MAP;
4330 memmove(code + 32, code, class_utf8data - code);
4331 memcpy(code, classbits, 32);
4332 code = class_utf8data + 32;
4333 }
4334 else code = class_utf8data;
4335
4336 /* Now fill in the complete length of the item */
4337
4338 PUT(previous, 1, code - previous);
4339 break; /* End of class handling */
4340 }
4341 #endif
4342
4343 /* If there are no characters > 255, or they are all to be included or
4344 excluded, set the opcode to OP_CLASS or OP_NCLASS, depending on whether the
4345 whole class was negated and whether there were negative specials such as \S
4346 (non-UCP) in the class. Then copy the 32-byte map into the code vector,
4347 negating it if necessary. */
4348
4349 *code++ = (negate_class == should_flip_negation) ? OP_CLASS : OP_NCLASS;
4350 if (negate_class)
4351 {
4352 if (lengthptr == NULL) /* Save time in the pre-compile phase */
4353 for (c = 0; c < 32; c++) code[c] = ~classbits[c];
4354 }
4355 else
4356 {
4357 memcpy(code, classbits, 32);
4358 }
4359 code += 32;
4360 break;
4361
4362
4363 /* ===================================================================*/
4364 /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
4365 has been tested above. */
4366
4367 case CHAR_LEFT_CURLY_BRACKET:
4368 if (!is_quantifier) goto NORMAL_CHAR;
4369 ptr = read_repeat_counts(ptr+1, &repeat_min, &repeat_max, errorcodeptr);
4370 if (*errorcodeptr != 0) goto FAILED;
4371 goto REPEAT;
4372
4373 case CHAR_ASTERISK:
4374 repeat_min = 0;
4375 repeat_max = -1;
4376 goto REPEAT;
4377
4378 case CHAR_PLUS:
4379 repeat_min = 1;
4380 repeat_max = -1;
4381 goto REPEAT;
4382
4383 case CHAR_QUESTION_MARK:
4384 repeat_min = 0;
4385 repeat_max = 1;
4386
4387 REPEAT:
4388 if (previous == NULL)
4389 {
4390 *errorcodeptr = ERR9;
4391 goto FAILED;
4392 }
4393
4394 if (repeat_min == 0)
4395 {
4396 firstbyte = zerofirstbyte; /* Adjust for zero repeat */
4397 reqbyte = zeroreqbyte; /* Ditto */
4398 }
4399
4400 /* Remember whether this is a variable length repeat */
4401
4402 reqvary = (repeat_min == repeat_max)? 0 : REQ_VARY;
4403
4404 op_type = 0; /* Default single-char op codes */
4405 possessive_quantifier = FALSE; /* Default not possessive quantifier */
4406
4407 /* Save start of previous item, in case we have to move it up in order to
4408 insert something before it. */
4409
4410 tempcode = previous;
4411
4412 /* If the next character is '+', we have a possessive quantifier. This
4413 implies greediness, whatever the setting of the PCRE_UNGREEDY option.
4414 If the next character is '?' this is a minimizing repeat, by default,
4415 but if PCRE_UNGREEDY is set, it works the other way round. We change the
4416 repeat type to the non-default. */
4417
4418 if (ptr[1] == CHAR_PLUS)
4419 {
4420 repeat_type = 0; /* Force greedy */
4421 possessive_quantifier = TRUE;
4422 ptr++;
4423 }
4424 else if (ptr[1] == CHAR_QUESTION_MARK)
4425 {
4426 repeat_type = greedy_non_default;
4427 ptr++;
4428 }
4429 else repeat_type = greedy_default;
4430
4431 /* If previous was a recursion call, wrap it in atomic brackets so that
4432 previous becomes the atomic group. All recursions were so wrapped in the
4433 past, but it no longer happens for non-repeated recursions. In fact, the
4434 repeated ones could be re-implemented independently so as not to need this,
4435 but for the moment we rely on the code for repeating groups. */
4436
4437 if (*previous == OP_RECURSE)
4438 {
4439 memmove(previous + 1 + LINK_SIZE, previous, 1 + LINK_SIZE);
4440 *previous = OP_ONCE;
4441 PUT(previous, 1, 2 + 2*LINK_SIZE);
4442 previous[2 + 2*LINK_SIZE] = OP_KET;
4443 PUT(previous, 3 + 2*LINK_SIZE, 2 + 2*LINK_SIZE);
4444 code += 2 + 2 * LINK_SIZE;
4445 length_prevgroup = 3 + 3*LINK_SIZE;
4446
4447 /* When actually compiling, we need to check whether this was a forward
4448 reference, and if so, adjust the offset. */
4449
4450 if (lengthptr == NULL && cd->hwm >= cd->start_workspace + LINK_SIZE)
4451 {
4452 int offset = GET(cd->hwm, -LINK_SIZE);
4453 if (offset == previous + 1 - cd->start_code)
4454 PUT(cd->hwm, -LINK_SIZE, offset + 1 + LINK_SIZE);
4455 }
4456 }
4457
4458 /* Now handle repetition for the different types of item. */
4459
4460 /* If previous was a character match, abolish the item and generate a
4461 repeat item instead. If a char item has a minumum of more than one, ensure
4462 that it is set in reqbyte - it might not be if a sequence such as x{3} is
4463 the first thing in a branch because the x will have gone into firstbyte
4464 instead. */
4465
4466 if (*previous == OP_CHAR || *previous == OP_CHARI)
4467 {
4468 op_type = (*previous == OP_CHAR)? 0 : OP_STARI - OP_STAR;
4469
4470 /* Deal with UTF-8 characters that take up more than one byte. It's
4471 easier to write this out separately than try to macrify it. Use c to
4472 hold the length of the character in bytes, plus 0x80 to flag that it's a
4473 length rather than a small character. */
4474
4475 #ifdef SUPPORT_UTF8
4476 if (utf8 && (code[-1] & 0x80) != 0)
4477 {
4478 uschar *lastchar = code - 1;
4479 while((*lastchar & 0xc0) == 0x80) lastchar--;
4480 c = code - lastchar; /* Length of UTF-8 character */
4481 memcpy(utf8_char, lastchar, c); /* Save the char */
4482 c |= 0x80; /* Flag c as a length */
4483 }
4484 else
4485 #endif
4486
4487 /* Handle the case of a single byte - either with no UTF8 support, or
4488 with UTF-8 disabled, or for a UTF-8 character < 128. */
4489
4490 {
4491 c = code[-1];
4492 if (repeat_min > 1) reqbyte = c | req_caseopt | cd->req_varyopt;
4493 }
4494
4495 /* If the repetition is unlimited, it pays to see if the next thing on
4496 the line is something that cannot possibly match this character. If so,
4497 automatically possessifying this item gains some performance in the case
4498 where the match fails. */
4499
4500 if (!possessive_quantifier &&
4501 repeat_max < 0 &&
4502 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4503 {
4504 repeat_type = 0; /* Force greedy */
4505 possessive_quantifier = TRUE;
4506 }
4507
4508 goto OUTPUT_SINGLE_REPEAT; /* Code shared with single character types */
4509 }
4510
4511 /* If previous was a single negated character ([^a] or similar), we use
4512 one of the special opcodes, replacing it. The code is shared with single-
4513 character repeats by setting opt_type to add a suitable offset into
4514 repeat_type. We can also test for auto-possessification. OP_NOT and OP_NOTI
4515 are currently used only for single-byte chars. */
4516
4517 else if (*previous == OP_NOT || *previous == OP_NOTI)
4518 {
4519 op_type = ((*previous == OP_NOT)? OP_NOTSTAR : OP_NOTSTARI) - OP_STAR;
4520 c = previous[1];
4521 if (!possessive_quantifier &&
4522 repeat_max < 0 &&
4523 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4524 {
4525 repeat_type = 0; /* Force greedy */
4526 possessive_quantifier = TRUE;
4527 }
4528 goto OUTPUT_SINGLE_REPEAT;
4529 }
4530
4531 /* If previous was a character type match (\d or similar), abolish it and
4532 create a suitable repeat item. The code is shared with single-character
4533 repeats by setting op_type to add a suitable offset into repeat_type. Note
4534 the the Unicode property types will be present only when SUPPORT_UCP is
4535 defined, but we don't wrap the little bits of code here because it just
4536 makes it horribly messy. */
4537
4538 else if (*previous < OP_EODN)
4539 {
4540 uschar *oldcode;
4541 int prop_type, prop_value;
4542 op_type = OP_TYPESTAR - OP_STAR; /* Use type opcodes */
4543 c = *previous;
4544
4545 if (!possessive_quantifier &&
4546 repeat_max < 0 &&
4547 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4548 {
4549 repeat_type = 0; /* Force greedy */
4550 possessive_quantifier = TRUE;
4551 }
4552
4553 OUTPUT_SINGLE_REPEAT:
4554 if (*previous == OP_PROP || *previous == OP_NOTPROP)
4555 {
4556 prop_type = previous[1];
4557 prop_value = previous[2];
4558 }
4559 else prop_type = prop_value = -1;
4560
4561 oldcode = code;
4562 code = previous; /* Usually overwrite previous item */
4563
4564 /* If the maximum is zero then the minimum must also be zero; Perl allows
4565 this case, so we do too - by simply omitting the item altogether. */
4566
4567 if (repeat_max == 0) goto END_REPEAT;
4568
4569 /*--------------------------------------------------------------------*/
4570 /* This code is obsolete from release 8.00; the restriction was finally
4571 removed: */
4572
4573 /* All real repeats make it impossible to handle partial matching (maybe
4574 one day we will be able to remove this restriction). */
4575
4576 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4577 /*--------------------------------------------------------------------*/
4578
4579 /* Combine the op_type with the repeat_type */
4580
4581 repeat_type += op_type;
4582
4583 /* A minimum of zero is handled either as the special case * or ?, or as
4584 an UPTO, with the maximum given. */
4585
4586 if (repeat_min == 0)
4587 {
4588 if (repeat_max == -1) *code++ = OP_STAR + repeat_type;
4589 else if (repeat_max == 1) *code++ = OP_QUERY + repeat_type;
4590 else
4591 {
4592 *code++ = OP_UPTO + repeat_type;
4593 PUT2INC(code, 0, repeat_max);
4594 }
4595 }
4596
4597 /* A repeat minimum of 1 is optimized into some special cases. If the
4598 maximum is unlimited, we use OP_PLUS. Otherwise, the original item is
4599 left in place and, if the maximum is greater than 1, we use OP_UPTO with
4600 one less than the maximum. */
4601
4602 else if (repeat_min == 1)
4603 {
4604 if (repeat_max == -1)
4605 *code++ = OP_PLUS + repeat_type;
4606 else
4607 {
4608 code = oldcode; /* leave previous item in place */
4609 if (repeat_max == 1) goto END_REPEAT;
4610 *code++ = OP_UPTO + repeat_type;
4611 PUT2INC(code, 0, repeat_max - 1);
4612 }
4613 }
4614
4615 /* The case {n,n} is just an EXACT, while the general case {n,m} is
4616 handled as an EXACT followed by an UPTO. */
4617
4618 else
4619 {
4620 *code++ = OP_EXACT + op_type; /* NB EXACT doesn't have repeat_type */
4621 PUT2INC(code, 0, repeat_min);
4622
4623 /* If the maximum is unlimited, insert an OP_STAR. Before doing so,
4624 we have to insert the character for the previous code. For a repeated
4625 Unicode property match, there are two extra bytes that define the
4626 required property. In UTF-8 mode, long characters have their length in
4627 c, with the 0x80 bit as a flag. */
4628
4629 if (repeat_max < 0)
4630 {
4631 #ifdef SUPPORT_UTF8
4632 if (utf8 && c >= 128)
4633 {
4634 memcpy(code, utf8_char, c & 7);
4635 code += c & 7;
4636 }
4637 else
4638 #endif
4639 {
4640 *code++ = c;
4641 if (prop_type >= 0)
4642 {
4643 *code++ = prop_type;
4644 *code++ = prop_value;
4645 }
4646 }
4647 *code++ = OP_STAR + repeat_type;
4648 }
4649
4650 /* Else insert an UPTO if the max is greater than the min, again
4651 preceded by the character, for the previously inserted code. If the
4652 UPTO is just for 1 instance, we can use QUERY instead. */
4653
4654 else if (repeat_max != repeat_min)
4655 {
4656 #ifdef SUPPORT_UTF8
4657 if (utf8 && c >= 128)
4658 {
4659 memcpy(code, utf8_char, c & 7);
4660 code += c & 7;
4661 }
4662 else
4663 #endif
4664 *code++ = c;
4665 if (prop_type >= 0)
4666 {
4667 *code++ = prop_type;
4668 *code++ = prop_value;
4669 }
4670 repeat_max -= repeat_min;
4671
4672 if (repeat_max == 1)
4673 {
4674 *code++ = OP_QUERY + repeat_type;
4675 }
4676 else
4677 {
4678 *code++ = OP_UPTO + repeat_type;
4679 PUT2INC(code, 0, repeat_max);
4680 }
4681 }
4682 }
4683
4684 /* The character or character type itself comes last in all cases. */
4685
4686 #ifdef SUPPORT_UTF8
4687 if (utf8 && c >= 128)
4688 {
4689 memcpy(code, utf8_char, c & 7);
4690 code += c & 7;
4691 }
4692 else
4693 #endif
4694 *code++ = c;
4695
4696 /* For a repeated Unicode property match, there are two extra bytes that
4697 define the required property. */
4698
4699 #ifdef SUPPORT_UCP
4700 if (prop_type >= 0)
4701 {
4702 *code++ = prop_type;
4703 *code++ = prop_value;
4704 }
4705 #endif
4706 }
4707
4708 /* If previous was a character class or a back reference, we put the repeat
4709 stuff after it, but just skip the item if the repeat was {0,0}. */
4710
4711 else if (*previous == OP_CLASS ||
4712 *previous == OP_NCLASS ||
4713 #ifdef SUPPORT_UTF8
4714 *previous == OP_XCLASS ||
4715 #endif
4716 *previous == OP_REF ||
4717 *previous == OP_REFI)
4718 {
4719 if (repeat_max == 0)
4720 {
4721 code = previous;
4722 goto END_REPEAT;
4723 }
4724
4725 /*--------------------------------------------------------------------*/
4726 /* This code is obsolete from release 8.00; the restriction was finally
4727 removed: */
4728
4729 /* All real repeats make it impossible to handle partial matching (maybe
4730 one day we will be able to remove this restriction). */
4731
4732 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4733 /*--------------------------------------------------------------------*/
4734
4735 if (repeat_min == 0 && repeat_max == -1)
4736 *code++ = OP_CRSTAR + repeat_type;
4737 else if (repeat_min == 1 && repeat_max == -1)
4738 *code++ = OP_CRPLUS + repeat_type;
4739 else if (repeat_min == 0 && repeat_max == 1)
4740 *code++ = OP_CRQUERY + repeat_type;
4741 else
4742 {
4743 *code++ = OP_CRRANGE + repeat_type;
4744 PUT2INC(code, 0, repeat_min);
4745 if (repeat_max == -1) repeat_max = 0; /* 2-byte encoding for max */
4746 PUT2INC(code, 0, repeat_max);
4747 }
4748 }
4749
4750 /* If previous was a bracket group, we may have to replicate it in certain
4751 cases. Note that at this point we can encounter only the "basic" bracket
4752 opcodes such as BRA and CBRA, as this is the place where they get converted
4753 into the more special varieties such as BRAPOS and SBRA. A test for >=
4754 OP_ASSERT and <= OP_COND includes ASSERT, ASSERT_NOT, ASSERTBACK,
4755 ASSERTBACK_NOT, ONCE, BRA, CBRA, and COND. Originally, PCRE did not allow
4756 repetition of assertions, but now it does, for Perl compatibility. */
4757
4758 else if (*previous >= OP_ASSERT && *previous <= OP_COND)
4759 {
4760 register int i;
4761 int len = (int)(code - previous);
4762 uschar *bralink = NULL;
4763 uschar *brazeroptr = NULL;
4764
4765 /* Repeating a DEFINE group is pointless, but Perl allows the syntax, so
4766 we just ignore the repeat. */
4767
4768 if (*previous == OP_COND && previous[LINK_SIZE+1] == OP_DEF)
4769 goto END_REPEAT;
4770
4771 /* There is no sense in actually repeating assertions. The only potential
4772 use of repetition is in cases when the assertion is optional. Therefore,
4773 if the minimum is greater than zero, just ignore the repeat. If the
4774 maximum is not not zero or one, set it to 1. */
4775
4776 if (*previous < OP_ONCE) /* Assertion */
4777 {
4778 if (repeat_min > 0) goto END_REPEAT;
4779 if (repeat_max < 0 || repeat_max > 1) repeat_max = 1;
4780 }
4781
4782 /* The case of a zero minimum is special because of the need to stick
4783 OP_BRAZERO in front of it, and because the group appears once in the
4784 data, whereas in other cases it appears the minimum number of times. For
4785 this reason, it is simplest to treat this case separately, as otherwise
4786 the code gets far too messy. There are several special subcases when the
4787 minimum is zero. */
4788
4789 if (repeat_min == 0)
4790 {
4791 /* If the maximum is also zero, we used to just omit the group from the
4792 output altogether, like this:
4793
4794 ** if (repeat_max == 0)
4795 ** {
4796 ** code = previous;
4797 ** goto END_REPEAT;
4798 ** }
4799
4800 However, that fails when a group or a subgroup within it is referenced
4801 as a subroutine from elsewhere in the pattern, so now we stick in
4802 OP_SKIPZERO in front of it so that it is skipped on execution. As we
4803 don't have a list of which groups are referenced, we cannot do this
4804 selectively.
4805
4806 If the maximum is 1 or unlimited, we just have to stick in the BRAZERO
4807 and do no more at this point. However, we do need to adjust any
4808 OP_RECURSE calls inside the group that refer to the group itself or any
4809 internal or forward referenced group, because the offset is from the
4810 start of the whole regex. Temporarily terminate the pattern while doing
4811 this. */
4812
4813 if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
4814 {
4815 *code = OP_END;
4816 adjust_recurse(previous, 1, utf8, cd, save_hwm);
4817 memmove(previous+1, previous, len);
4818 code++;
4819 if (repeat_max == 0)
4820 {
4821 *previous++ = OP_SKIPZERO;
4822 goto END_REPEAT;
4823 }
4824 brazeroptr = previous; /* Save for possessive optimizing */
4825 *previous++ = OP_BRAZERO + repeat_type;
4826 }
4827
4828 /* If the maximum is greater than 1 and limited, we have to replicate
4829 in a nested fashion, sticking OP_BRAZERO before each set of brackets.
4830 The first one has to be handled carefully because it's the original
4831 copy, which has to be moved up. The remainder can be handled by code
4832 that is common with the non-zero minimum case below. We have to
4833 adjust the value or repeat_max, since one less copy is required. Once
4834 again, we may have to adjust any OP_RECURSE calls inside the group. */
4835
4836 else
4837 {
4838 int offset;
4839 *code = OP_END;
4840 adjust_recurse(previous, 2 + LINK_SIZE, utf8, cd, save_hwm);
4841 memmove(previous + 2 + LINK_SIZE, previous, len);
4842 code += 2 + LINK_SIZE;
4843 *previous++ = OP_BRAZERO + repeat_type;
4844 *previous++ = OP_BRA;
4845
4846 /* We chain together the bracket offset fields that have to be
4847 filled in later when the ends of the brackets are reached. */
4848
4849 offset = (bralink == NULL)? 0 : (int)(previous - bralink);
4850 bralink = previous;
4851 PUTINC(previous, 0, offset);
4852 }
4853
4854 repeat_max--;
4855 }
4856
4857 /* If the minimum is greater than zero, replicate the group as many
4858 times as necessary, and adjust the maximum to the number of subsequent
4859 copies that we need. If we set a first char from the group, and didn't
4860 set a required char, copy the latter from the former. If there are any
4861 forward reference subroutine calls in the group, there will be entries on
4862 the workspace list; replicate these with an appropriate increment. */
4863
4864 else
4865 {
4866 if (repeat_min > 1)
4867 {
4868 /* In the pre-compile phase, we don't actually do the replication. We
4869 just adjust the length as if we had. Do some paranoid checks for
4870 potential integer overflow. The INT64_OR_DOUBLE type is a 64-bit
4871 integer type when available, otherwise double. */
4872
4873 if (lengthptr != NULL)
4874 {
4875 int delta = (repeat_min - 1)*length_prevgroup;
4876 if ((INT64_OR_DOUBLE)(repeat_min - 1)*
4877 (INT64_OR_DOUBLE)length_prevgroup >
4878 (INT64_OR_DOUBLE)INT_MAX ||
4879 OFLOW_MAX - *lengthptr < delta)
4880 {
4881 *errorcodeptr = ERR20;
4882 goto FAILED;
4883 }
4884 *lengthptr += delta;
4885 }
4886
4887 /* This is compiling for real */
4888
4889 else
4890 {
4891 if (groupsetfirstbyte && reqbyte < 0) reqbyte = firstbyte;
4892 for (i = 1; i < repeat_min; i++)
4893 {
4894 uschar *hc;
4895 uschar *this_hwm = cd->hwm;
4896 memcpy(code, previous, len);
4897 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4898 {
4899 if (cd->hwm >= cd->start_workspace + WORK_SIZE_CHECK)
4900 {
4901 *errorcodeptr = ERR72;
4902 goto FAILED;
4903 }
4904 PUT(cd->hwm, 0, GET(hc, 0) + len);
4905 cd->hwm += LINK_SIZE;
4906 }
4907 save_hwm = this_hwm;
4908 code += len;
4909 }
4910 }
4911 }
4912
4913 if (repeat_max > 0) repeat_max -= repeat_min;
4914 }
4915
4916 /* This code is common to both the zero and non-zero minimum cases. If
4917 the maximum is limited, it replicates the group in a nested fashion,
4918 remembering the bracket starts on a stack. In the case of a zero minimum,
4919 the first one was set up above. In all cases the repeat_max now specifies
4920 the number of additional copies needed. Again, we must remember to
4921 replicate entries on the forward reference list. */
4922
4923 if (repeat_max >= 0)
4924 {
4925 /* In the pre-compile phase, we don't actually do the replication. We
4926 just adjust the length as if we had. For each repetition we must add 1
4927 to the length for BRAZERO and for all but the last repetition we must
4928 add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
4929 paranoid checks to avoid integer overflow. The INT64_OR_DOUBLE type is
4930 a 64-bit integer type when available, otherwise double. */
4931
4932 if (lengthptr != NULL && repeat_max > 0)
4933 {
4934 int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
4935 2 - 2*LINK_SIZE; /* Last one doesn't nest */
4936 if ((INT64_OR_DOUBLE)repeat_max *
4937 (INT64_OR_DOUBLE)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
4938 > (INT64_OR_DOUBLE)INT_MAX ||
4939 OFLOW_MAX - *lengthptr < delta)
4940 {
4941 *errorcodeptr = ERR20;
4942 goto FAILED;
4943 }
4944 *lengthptr += delta;
4945 }
4946
4947 /* This is compiling for real */
4948
4949 else for (i = repeat_max - 1; i >= 0; i--)
4950 {
4951 uschar *hc;
4952 uschar *this_hwm = cd->hwm;
4953
4954 *code++ = OP_BRAZERO + repeat_type;
4955
4956 /* All but the final copy start a new nesting, maintaining the
4957 chain of brackets outstanding. */
4958
4959 if (i != 0)
4960 {
4961 int offset;
4962 *code++ = OP_BRA;
4963 offset = (bralink == NULL)? 0 : (int)(code - bralink);
4964 bralink = code;
4965 PUTINC(code, 0, offset);
4966 }
4967
4968 memcpy(code, previous, len);
4969 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4970 {
4971 if (cd->hwm >= cd->start_workspace + WORK_SIZE_CHECK)
4972 {
4973 *errorcodeptr = ERR72;
4974 goto FAILED;
4975 }
4976 PUT(cd->hwm, 0, GET(hc, 0) + len + ((i != 0)? 2+LINK_SIZE : 1));
4977 cd->hwm += LINK_SIZE;
4978 }
4979 save_hwm = this_hwm;
4980 code += len;
4981 }
4982
4983 /* Now chain through the pending brackets, and fill in their length
4984 fields (which are holding the chain links pro tem). */
4985
4986 while (bralink != NULL)
4987 {
4988 int oldlinkoffset;
4989 int offset = (int)(code - bralink + 1);
4990 uschar *bra = code - offset;
4991 oldlinkoffset = GET(bra, 1);
4992 bralink = (oldlinkoffset == 0)? NULL : bralink - oldlinkoffset;
4993 *code++ = OP_KET;
4994 PUTINC(code, 0, offset);
4995 PUT(bra, 1, offset);
4996 }
4997 }
4998
4999 /* If the maximum is unlimited, set a repeater in the final copy. For
5000 ONCE brackets, that's all we need to do. However, possessively repeated
5001 ONCE brackets can be converted into non-capturing brackets, as the
5002 behaviour of (?:xx)++ is the same as (?>xx)++ and this saves having to
5003 deal with possessive ONCEs specially.
5004
5005 Otherwise, when we are doing the actual compile phase, check to see
5006 whether this group is one that could match an empty string. If so,
5007 convert the initial operator to the S form (e.g. OP_BRA -> OP_SBRA) so
5008 that runtime checking can be done. [This check is also applied to ONCE
5009 groups at runtime, but in a different way.]
5010
5011 Then, if the quantifier was possessive and the bracket is not a
5012 conditional, we convert the BRA code to the POS form, and the KET code to
5013 KETRPOS. (It turns out to be convenient at runtime to detect this kind of
5014 subpattern at both the start and at the end.) The use of special opcodes
5015 makes it possible to reduce greatly the stack usage in pcre_exec(). If
5016 the group is preceded by OP_BRAZERO, convert this to OP_BRAPOSZERO.
5017
5018 Then, if the minimum number of matches is 1 or 0, cancel the possessive
5019 flag so that the default action below, of wrapping everything inside
5020 atomic brackets, does not happen. When the minimum is greater than 1,
5021 there will be earlier copies of the group, and so we still have to wrap
5022 the whole thing. */
5023
5024 else
5025 {
5026 uschar *ketcode = code - 1 - LINK_SIZE;
5027 uschar *bracode = ketcode - GET(ketcode, 1);
5028
5029 /* Convert possessive ONCE brackets to non-capturing */
5030
5031 if ((*bracode == OP_ONCE || *bracode == OP_ONCE_NC) &&
5032 possessive_quantifier) *bracode = OP_BRA;
5033
5034 /* For non-possessive ONCE brackets, all we need to do is to
5035 set the KET. */
5036
5037 if (*bracode == OP_ONCE || *bracode == OP_ONCE_NC)
5038 *ketcode = OP_KETRMAX + repeat_type;
5039
5040 /* Handle non-ONCE brackets and possessive ONCEs (which have been
5041 converted to non-capturing above). */
5042
5043 else
5044 {
5045 /* In the compile phase, check for empty string matching. */
5046
5047 if (lengthptr == NULL)
5048 {
5049 uschar *scode = bracode;
5050 do
5051 {
5052 if (could_be_empty_branch(scode, ketcode, utf8, cd))
5053 {
5054 *bracode += OP_SBRA - OP_BRA;
5055 break;
5056 }
5057 scode += GET(scode, 1);
5058 }
5059 while (*scode == OP_ALT);
5060 }
5061
5062 /* Handle possessive quantifiers. */
5063
5064 if (possessive_quantifier)
5065 {
5066 /* For COND brackets, we wrap the whole thing in a possessively
5067 repeated non-capturing bracket, because we have not invented POS
5068 versions of the COND opcodes. Because we are moving code along, we
5069 must ensure that any pending recursive references are updated. */
5070
5071 if (*bracode == OP_COND || *bracode == OP_SCOND)
5072 {
5073 int nlen = (int)(code - bracode);
5074 *code = OP_END;
5075 adjust_recurse(bracode, 1 + LINK_SIZE, utf8, cd, save_hwm);
5076 memmove(bracode + 1+LINK_SIZE, bracode, nlen);
5077 code += 1 + LINK_SIZE;
5078 nlen += 1 + LINK_SIZE;
5079 *bracode = OP_BRAPOS;
5080 *code++ = OP_KETRPOS;
5081 PUTINC(code, 0, nlen);
5082 PUT(bracode, 1, nlen);
5083 }
5084
5085 /* For non-COND brackets, we modify the BRA code and use KETRPOS. */
5086
5087 else
5088 {
5089 *bracode += 1; /* Switch to xxxPOS opcodes */
5090 *ketcode = OP_KETRPOS;
5091 }
5092
5093 /* If the minimum is zero, mark it as possessive, then unset the
5094 possessive flag when the minimum is 0 or 1. */
5095
5096 if (brazeroptr != NULL) *brazeroptr = OP_BRAPOSZERO;
5097 if (repeat_min < 2) possessive_quantifier = FALSE;
5098 }
5099
5100 /* Non-possessive quantifier */
5101
5102 else *ketcode = OP_KETRMAX + repeat_type;
5103 }
5104 }
5105 }
5106
5107 /* If previous is OP_FAIL, it was generated by an empty class [] in
5108 JavaScript mode. The other ways in which OP_FAIL can be generated, that is
5109 by (*FAIL) or (?!) set previous to NULL, which gives a "nothing to repeat"
5110 error above. We can just ignore the repeat in JS case. */
5111
5112 else if (*previous == OP_FAIL) goto END_REPEAT;
5113
5114 /* Else there's some kind of shambles */
5115
5116 else
5117 {
5118 *errorcodeptr = ERR11;
5119 goto FAILED;
5120 }
5121
5122 /* If the character following a repeat is '+', or if certain optimization
5123 tests above succeeded, possessive_quantifier is TRUE. For some opcodes,
5124 there are special alternative opcodes for this case. For anything else, we
5125 wrap the entire repeated item inside OP_ONCE brackets. Logically, the '+'
5126 notation is just syntactic sugar, taken from Sun's Java package, but the
5127 special opcodes can optimize it.
5128
5129 Some (but not all) possessively repeated subpatterns have already been
5130 completely handled in the code just above. For them, possessive_quantifier
5131 is always FALSE at this stage.
5132
5133 Note that the repeated item starts at tempcode, not at previous, which
5134 might be the first part of a string whose (former) last char we repeated.
5135
5136 Possessifying an 'exact' quantifier has no effect, so we can ignore it. But
5137 an 'upto' may follow. We skip over an 'exact' item, and then test the
5138 length of what remains before proceeding. */
5139
5140 if (possessive_quantifier)
5141 {
5142 int len;
5143
5144 if (*tempcode == OP_TYPEEXACT)
5145 tempcode += _pcre_OP_lengths[*tempcode] +
5146 ((tempcode[3] == OP_PROP || tempcode[3] == OP_NOTPROP)? 2 : 0);
5147
5148 else if (*tempcode == OP_EXACT || *tempcode == OP_NOTEXACT)
5149 {
5150 tempcode += _pcre_OP_lengths[*tempcode];
5151 #ifdef SUPPORT_UTF8
5152 if (utf8 && tempcode[-1] >= 0xc0)
5153 tempcode += _pcre_utf8_table4[tempcode[-1] & 0x3f];
5154 #endif
5155 }
5156
5157 len = (int)(code - tempcode);
5158 if (len > 0) switch (*tempcode)
5159 {
5160 case OP_STAR: *tempcode = OP_POSSTAR; break;
5161 case OP_PLUS: *tempcode = OP_POSPLUS; break;
5162 case OP_QUERY: *tempcode = OP_POSQUERY; break;
5163 case OP_UPTO: *tempcode = OP_POSUPTO; break;
5164
5165 case OP_STARI: *tempcode = OP_POSSTARI; break;
5166 case OP_PLUSI: *tempcode = OP_POSPLUSI; break;
5167 case OP_QUERYI: *tempcode = OP_POSQUERYI; break;
5168 case OP_UPTOI: *tempcode = OP_POSUPTOI; break;
5169
5170 case OP_NOTSTAR: *tempcode = OP_NOTPOSSTAR; break;
5171 case OP_NOTPLUS: *tempcode = OP_NOTPOSPLUS; break;
5172 case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
5173 case OP_NOTUPTO: *tempcode = OP_NOTPOSUPTO; break;
5174
5175 case OP_NOTSTARI: *tempcode = OP_NOTPOSSTARI; break;
5176 case OP_NOTPLUSI: *tempcode = OP_NOTPOSPLUSI; break;
5177 case OP_NOTQUERYI: *tempcode = OP_NOTPOSQUERYI; break;
5178 case OP_NOTUPTOI: *tempcode = OP_NOTPOSUPTOI; break;
5179
5180 case OP_TYPESTAR: *tempcode = OP_TYPEPOSSTAR; break;
5181 case OP_TYPEPLUS: *tempcode = OP_TYPEPOSPLUS; break;
5182 case OP_TYPEQUERY: *tempcode = OP_TYPEPOSQUERY; break;
5183 case OP_TYPEUPTO: *tempcode = OP_TYPEPOSUPTO; break;
5184
5185 /* Because we are moving code along, we must ensure that any
5186 pending recursive references are updated. */
5187
5188 default:
5189 *code = OP_END;
5190 adjust_recurse(tempcode, 1 + LINK_SIZE, utf8, cd, save_hwm);
5191 memmove(tempcode + 1+LINK_SIZE, tempcode, len);
5192 code += 1 + LINK_SIZE;
5193 len += 1 + LINK_SIZE;
5194 tempcode[0] = OP_ONCE;
5195 *code++ = OP_KET;
5196 PUTINC(code, 0, len);
5197 PUT(tempcode, 1, len);
5198 break;
5199 }
5200 }
5201
5202 /* In all case we no longer have a previous item. We also set the
5203 "follows varying string" flag for subsequently encountered reqbytes if
5204 it isn't already set and we have just passed a varying length item. */
5205
5206 END_REPEAT:
5207 previous = NULL;
5208 cd->req_varyopt |= reqvary;
5209 break;
5210
5211
5212 /* ===================================================================*/
5213 /* Start of nested parenthesized sub-expression, or comment or lookahead or
5214 lookbehind or option setting or condition or all the other extended
5215 parenthesis forms. */
5216
5217 case CHAR_LEFT_PARENTHESIS:
5218 newoptions = options;
5219 skipbytes = 0;
5220 bravalue = OP_CBRA;
5221 save_hwm = cd->hwm;
5222 reset_bracount = FALSE;
5223
5224 /* First deal with various "verbs" that can be introduced by '*'. */
5225
5226 if (*(++ptr) == CHAR_ASTERISK &&
5227 ((cd->ctypes[ptr[1]] & ctype_letter) != 0 || ptr[1] == ':'))
5228 {
5229 int i, namelen;
5230 int arglen = 0;
5231 const char *vn = verbnames;
5232 const uschar *name = ptr + 1;
5233 const uschar *arg = NULL;
5234 previous = NULL;
5235 while ((cd->ctypes[*++ptr] & ctype_letter) != 0) {};
5236 namelen = (int)(ptr - name);
5237
5238 /* It appears that Perl allows any characters whatsoever, other than
5239 a closing parenthesis, to appear in arguments, so we no longer insist on
5240 letters, digits, and underscores. */
5241
5242 if (*ptr == CHAR_COLON)
5243 {
5244 arg = ++ptr;
5245 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5246 arglen = (int)(ptr - arg);
5247 }
5248
5249 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5250 {
5251 *errorcodeptr = ERR60;
5252 goto FAILED;
5253 }
5254
5255 /* Scan the table of verb names */
5256
5257 for (i = 0; i < verbcount; i++)
5258 {
5259 if (namelen == verbs[i].len &&
5260 strncmp((char *)name, vn, namelen) == 0)
5261 {
5262 /* Check for open captures before ACCEPT and convert it to
5263 ASSERT_ACCEPT if in an assertion. */
5264
5265 if (verbs[i].op == OP_ACCEPT)
5266 {
5267 open_capitem *oc;
5268 if (arglen != 0)
5269 {
5270 *errorcodeptr = ERR59;
5271 goto FAILED;
5272 }
5273 cd->had_accept = TRUE;
5274 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
5275 {
5276 *code++ = OP_CLOSE;
5277 PUT2INC(code, 0, oc->number);
5278 }
5279 *code++ = (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
5280
5281 /* Do not set firstbyte after *ACCEPT */
5282 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
5283 }
5284
5285 /* Handle other cases with/without an argument */
5286
5287 else if (arglen == 0)
5288 {
5289 if (verbs[i].op < 0) /* Argument is mandatory */
5290 {
5291 *errorcodeptr = ERR66;
5292 goto FAILED;
5293 }
5294 *code = verbs[i].op;
5295 if (*code++ == OP_THEN) cd->external_flags |= PCRE_HASTHEN;
5296 }
5297
5298 else
5299 {
5300 if (verbs[i].op_arg < 0) /* Argument is forbidden */
5301 {
5302 *errorcodeptr = ERR59;
5303 goto FAILED;
5304 }
5305 *code = verbs[i].op_arg;
5306 if (*code++ == OP_THEN_ARG) cd->external_flags |= PCRE_HASTHEN;
5307 *code++ = arglen;
5308 memcpy(code, arg, arglen);
5309 code += arglen;
5310 *code++ = 0;
5311 }
5312
5313 break; /* Found verb, exit loop */
5314 }
5315
5316 vn += verbs[i].len + 1;
5317 }
5318
5319 if (i < verbcount) continue; /* Successfully handled a verb */
5320 *errorcodeptr = ERR60; /* Verb not recognized */
5321 goto FAILED;
5322 }
5323
5324 /* Deal with the extended parentheses; all are introduced by '?', and the
5325 appearance of any of them means that this is not a capturing group. */
5326
5327 else if (*ptr == CHAR_QUESTION_MARK)
5328 {
5329 int i, set, unset, namelen;
5330 int *optset;
5331 const uschar *name;
5332 uschar *slot;
5333
5334 switch (*(++ptr))
5335 {
5336 case CHAR_NUMBER_SIGN: /* Comment; skip to ket */
5337 ptr++;
5338 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5339 if (*ptr == 0)
5340 {
5341 *errorcodeptr = ERR18;
5342 goto FAILED;
5343 }
5344 continue;
5345
5346
5347 /* ------------------------------------------------------------ */
5348 case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
5349 reset_bracount = TRUE;
5350 /* Fall through */
5351
5352 /* ------------------------------------------------------------ */
5353 case CHAR_COLON: /* Non-capturing bracket */
5354 bravalue = OP_BRA;
5355 ptr++;
5356 break;
5357
5358
5359 /* ------------------------------------------------------------ */
5360 case CHAR_LEFT_PARENTHESIS:
5361 bravalue = OP_COND; /* Conditional group */
5362
5363 /* A condition can be an assertion, a number (referring to a numbered
5364 group), a name (referring to a named group), or 'R', referring to
5365 recursion. R<digits> and R&name are also permitted for recursion tests.
5366
5367 There are several syntaxes for testing a named group: (?(name)) is used
5368 by Python; Perl 5.10 onwards uses (?(<name>) or (?('name')).
5369
5370 There are two unfortunate ambiguities, caused by history. (a) 'R' can
5371 be the recursive thing or the name 'R' (and similarly for 'R' followed
5372 by digits), and (b) a number could be a name that consists of digits.
5373 In both cases, we look for a name first; if not found, we try the other
5374 cases. */
5375
5376 /* For conditions that are assertions, check the syntax, and then exit
5377 the switch. This will take control down to where bracketed groups,
5378 including assertions, are processed. */
5379
5380 if (ptr[1] == CHAR_QUESTION_MARK && (ptr[2] == CHAR_EQUALS_SIGN ||
5381 ptr[2] == CHAR_EXCLAMATION_MARK || ptr[2] == CHAR_LESS_THAN_SIGN))
5382 break;
5383
5384 /* Most other conditions use OP_CREF (a couple change to OP_RREF
5385 below), and all need to skip 3 bytes at the start of the group. */
5386
5387 code[1+LINK_SIZE] = OP_CREF;
5388 skipbytes = 3;
5389 refsign = -1;
5390
5391 /* Check for a test for recursion in a named group. */
5392
5393 if (ptr[1] == CHAR_R && ptr[2] == CHAR_AMPERSAND)
5394 {
5395 terminator = -1;
5396 ptr += 2;
5397 code[1+LINK_SIZE] = OP_RREF; /* Change the type of test */
5398 }
5399
5400 /* Check for a test for a named group's having been set, using the Perl
5401 syntax (?(<name>) or (?('name') */
5402
5403 else if (ptr[1] == CHAR_LESS_THAN_SIGN)
5404 {
5405 terminator = CHAR_GREATER_THAN_SIGN;
5406 ptr++;
5407 }
5408 else if (ptr[1] == CHAR_APOSTROPHE)
5409 {
5410 terminator = CHAR_APOSTROPHE;
5411 ptr++;
5412 }
5413 else
5414 {
5415 terminator = 0;
5416 if (ptr[1] == CHAR_MINUS || ptr[1] == CHAR_PLUS) refsign = *(++ptr);
5417 }
5418
5419 /* We now expect to read a name; any thing else is an error */
5420
5421 if ((cd->ctypes[ptr[1]] & ctype_word) == 0)
5422 {
5423 ptr += 1; /* To get the right offset */
5424 *errorcodeptr = ERR28;
5425 goto FAILED;
5426 }
5427
5428 /* Read the name, but also get it as a number if it's all digits */
5429
5430 recno = 0;
5431 name = ++ptr;
5432 while ((cd->ctypes[*ptr] & ctype_word) != 0)
5433 {
5434 if (recno >= 0)
5435 recno = ((digitab[*ptr] & ctype_digit) != 0)?
5436 recno * 10 + *ptr - CHAR_0 : -1;
5437 ptr++;
5438 }
5439 namelen = (int)(ptr - name);
5440
5441 if ((terminator > 0 && *ptr++ != terminator) ||
5442 *ptr++ != CHAR_RIGHT_PARENTHESIS)
5443 {
5444 ptr--; /* Error offset */
5445 *errorcodeptr = ERR26;
5446 goto FAILED;
5447 }
5448
5449 /* Do no further checking in the pre-compile phase. */
5450
5451 if (lengthptr != NULL) break;
5452
5453 /* In the real compile we do the work of looking for the actual
5454 reference. If the string started with "+" or "-" we require the rest to
5455 be digits, in which case recno will be set. */
5456
5457 if (refsign > 0)
5458 {
5459 if (recno <= 0)
5460 {
5461 *errorcodeptr = ERR58;
5462 goto FAILED;
5463 }
5464 recno = (refsign == CHAR_MINUS)?
5465 cd->bracount - recno + 1 : recno +cd->bracount;
5466 if (recno <= 0 || recno > cd->final_bracount)
5467 {
5468 *errorcodeptr = ERR15;
5469 goto FAILED;
5470 }
5471 PUT2(code, 2+LINK_SIZE, recno);
5472 break;
5473 }
5474
5475 /* Otherwise (did not start with "+" or "-"), start by looking for the
5476 name. If we find a name, add one to the opcode to change OP_CREF or
5477 OP_RREF into OP_NCREF or OP_NRREF. These behave exactly the same,
5478 except they record that the reference was originally to a name. The
5479 information is used to check duplicate names. */
5480
5481 slot = cd->name_table;
5482 for (i = 0; i < cd->names_found; i++)
5483 {
5484 if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
5485 slot += cd->name_entry_size;
5486 }
5487
5488 /* Found a previous named subpattern */
5489
5490 if (i < cd->names_found)
5491 {
5492 recno = GET2(slot, 0);
5493 PUT2(code, 2+LINK_SIZE, recno);
5494 code[1+LINK_SIZE]++;
5495 }
5496
5497 /* Search the pattern for a forward reference */
5498
5499 else if ((i = find_parens(cd, name, namelen,
5500 (options & PCRE_EXTENDED) != 0, utf8)) > 0)
5501 {
5502 PUT2(code, 2+LINK_SIZE, i);
5503 code[1+LINK_SIZE]++;
5504 }
5505
5506 /* If terminator == 0 it means that the name followed directly after
5507 the opening parenthesis [e.g. (?(abc)...] and in this case there are
5508 some further alternatives to try. For the cases where terminator != 0
5509 [things like (?(<name>... or (?('name')... or (?(R&name)... ] we have
5510 now checked all the possibilities, so give an error. */
5511
5512 else if (terminator != 0)
5513 {
5514 *errorcodeptr = ERR15;
5515 goto FAILED;
5516 }
5517
5518 /* Check for (?(R) for recursion. Allow digits after R to specify a
5519 specific group number. */
5520
5521 else if (*name == CHAR_R)
5522 {
5523 recno = 0;
5524 for (i = 1; i < namelen; i++)
5525 {
5526 if ((digitab[name[i]] & ctype_digit) == 0)
5527 {
5528 *errorcodeptr = ERR15;
5529 goto FAILED;
5530 }
5531 recno = recno * 10 + name[i] - CHAR_0;
5532 }
5533 if (recno == 0) recno = RREF_ANY;
5534 code[1+LINK_SIZE] = OP_RREF; /* Change test type */
5535 PUT2(code, 2+LINK_SIZE, recno);
5536 }
5537
5538 /* Similarly, check for the (?(DEFINE) "condition", which is always
5539 false. */
5540
5541 else if (namelen == 6 && strncmp((char *)name, STRING_DEFINE, 6) == 0)
5542 {
5543 code[1+LINK_SIZE] = OP_DEF;
5544 skipbytes = 1;
5545 }
5546
5547 /* Check for the "name" actually being a subpattern number. We are
5548 in the second pass here, so final_bracount is set. */
5549
5550 else if (recno > 0 && recno <= cd->final_bracount)
5551 {
5552 PUT2(code, 2+LINK_SIZE, recno);
5553 }
5554
5555 /* Either an unidentified subpattern, or a reference to (?(0) */
5556
5557 else
5558 {
5559 *errorcodeptr = (recno == 0)? ERR35: ERR15;
5560 goto FAILED;
5561 }
5562 break;
5563
5564
5565 /* ------------------------------------------------------------ */
5566 case CHAR_EQUALS_SIGN: /* Positive lookahead */
5567 bravalue = OP_ASSERT;
5568 cd->assert_depth += 1;
5569 ptr++;
5570 break;
5571
5572
5573 /* ------------------------------------------------------------ */
5574 case CHAR_EXCLAMATION_MARK: /* Negative lookahead */
5575 ptr++;
5576 if (*ptr == CHAR_RIGHT_PARENTHESIS) /* Optimize (?!) */
5577 {
5578 *code++ = OP_FAIL;
5579 previous = NULL;
5580 continue;
5581 }
5582 bravalue = OP_ASSERT_NOT;
5583 cd->assert_depth += 1;
5584 break;
5585
5586
5587 /* ------------------------------------------------------------ */
5588 case CHAR_LESS_THAN_SIGN: /* Lookbehind or named define */
5589 switch (ptr[1])
5590 {
5591 case CHAR_EQUALS_SIGN: /* Positive lookbehind */
5592 bravalue = OP_ASSERTBACK;
5593 cd->assert_depth += 1;
5594 ptr += 2;
5595 break;
5596
5597 case CHAR_EXCLAMATION_MARK: /* Negative lookbehind */
5598 bravalue = OP_ASSERTBACK_NOT;
5599 cd->assert_depth += 1;
5600 ptr += 2;
5601 break;
5602
5603 default: /* Could be name define, else bad */
5604 if ((cd->ctypes[ptr[1]] & ctype_word) != 0) goto DEFINE_NAME;
5605 ptr++; /* Correct offset for error */
5606 *errorcodeptr = ERR24;
5607 goto FAILED;
5608 }
5609 break;
5610
5611
5612 /* ------------------------------------------------------------ */
5613 case CHAR_GREATER_THAN_SIGN: /* One-time brackets */
5614 bravalue = OP_ONCE;
5615 ptr++;
5616 break;
5617
5618
5619 /* ------------------------------------------------------------ */
5620 case CHAR_C: /* Callout - may be followed by digits; */
5621 previous_callout = code; /* Save for later completion */
5622 after_manual_callout = 1; /* Skip one item before completing */
5623 *code++ = OP_CALLOUT;
5624 {
5625 int n = 0;
5626 while ((digitab[*(++ptr)] & ctype_digit) != 0)
5627 n = n * 10 + *ptr - CHAR_0;
5628 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5629 {
5630 *errorcodeptr = ERR39;
5631 goto FAILED;
5632 }
5633 if (n > 255)
5634 {
5635 *errorcodeptr = ERR38;
5636 goto FAILED;
5637 }
5638 *code++ = n;
5639 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
5640 PUT(code, LINK_SIZE, 0); /* Default length */
5641 code += 2 * LINK_SIZE;
5642 }
5643 previous = NULL;
5644 continue;
5645
5646
5647 /* ------------------------------------------------------------ */
5648 case CHAR_P: /* Python-style named subpattern handling */
5649 if (*(++ptr) == CHAR_EQUALS_SIGN ||
5650 *ptr == CHAR_GREATER_THAN_SIGN) /* Reference or recursion */
5651 {
5652 is_recurse = *ptr == CHAR_GREATER_THAN_SIGN;
5653 terminator = CHAR_RIGHT_PARENTHESIS;
5654 goto NAMED_REF_OR_RECURSE;
5655 }
5656 else if (*ptr != CHAR_LESS_THAN_SIGN) /* Test for Python-style defn */
5657 {
5658 *errorcodeptr = ERR41;
5659 goto FAILED;
5660 }
5661 /* Fall through to handle (?P< as (?< is handled */
5662
5663
5664 /* ------------------------------------------------------------ */
5665 DEFINE_NAME: /* Come here from (?< handling */
5666 case CHAR_APOSTROPHE:
5667 {
5668 terminator = (*ptr == CHAR_LESS_THAN_SIGN)?
5669 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
5670 name = ++ptr;
5671
5672 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5673 namelen = (int)(ptr - name);
5674
5675 /* In the pre-compile phase, just do a syntax check. */
5676
5677 if (lengthptr != NULL)
5678 {
5679 if (*ptr != terminator)
5680 {
5681 *errorcodeptr = ERR42;
5682 goto FAILED;
5683 }
5684 if (cd->names_found >= MAX_NAME_COUNT)
5685 {
5686 *errorcodeptr = ERR49;
5687 goto FAILED;
5688 }
5689 if (namelen + 3 > cd->name_entry_size)
5690 {
5691 cd->name_entry_size = namelen + 3;
5692 if (namelen > MAX_NAME_SIZE)
5693 {
5694 *errorcodeptr = ERR48;
5695 goto FAILED;
5696 }
5697 }
5698 }
5699
5700 /* In the real compile, create the entry in the table, maintaining
5701 alphabetical order. Duplicate names for different numbers are
5702 permitted only if PCRE_DUPNAMES is set. Duplicate names for the same
5703 number are always OK. (An existing number can be re-used if (?|
5704 appears in the pattern.) In either event, a duplicate name results in
5705 a duplicate entry in the table, even if the number is the same. This
5706 is because the number of names, and hence the table size, is computed
5707 in the pre-compile, and it affects various numbers and pointers which
5708 would all have to be modified, and the compiled code moved down, if
5709 duplicates with the same number were omitted from the table. This
5710 doesn't seem worth the hassle. However, *different* names for the
5711 same number are not permitted. */
5712
5713 else
5714 {
5715 BOOL dupname = FALSE;
5716 slot = cd->name_table;
5717
5718 for (i = 0; i < cd->names_found; i++)
5719 {
5720 int crc = memcmp(name, slot+2, namelen);
5721 if (crc == 0)
5722 {
5723 if (slot[2+namelen] == 0)
5724 {
5725 if (GET2(slot, 0) != cd->bracount + 1 &&
5726 (options & PCRE_DUPNAMES) == 0)
5727 {
5728 *errorcodeptr = ERR43;
5729 goto FAILED;
5730 }
5731 else dupname = TRUE;
5732 }
5733 else crc = -1; /* Current name is a substring */
5734 }
5735
5736 /* Make space in the table and break the loop for an earlier
5737 name. For a duplicate or later name, carry on. We do this for
5738 duplicates so that in the simple case (when ?(| is not used) they
5739 are in order of their numbers. */
5740
5741 if (crc < 0)
5742 {
5743 memmove(slot + cd->name_entry_size, slot,
5744 (cd->names_found - i) * cd->name_entry_size);
5745 break;
5746 }
5747
5748 /* Continue the loop for a later or duplicate name */
5749
5750 slot += cd->name_entry_size;
5751 }
5752
5753 /* For non-duplicate names, check for a duplicate number before
5754 adding the new name. */
5755
5756 if (!dupname)
5757 {
5758 uschar *cslot = cd->name_table;
5759 for (i = 0; i < cd->names_found; i++)
5760 {
5761 if (cslot != slot)
5762 {
5763 if (GET2(cslot, 0) == cd->bracount + 1)
5764 {
5765 *errorcodeptr = ERR65;
5766 goto FAILED;
5767 }
5768 }
5769 else i--;
5770 cslot += cd->name_entry_size;
5771 }
5772 }
5773
5774 PUT2(slot, 0, cd->bracount + 1);
5775 memcpy(slot + 2, name, namelen);
5776 slot[2+namelen] = 0;
5777 }
5778 }
5779
5780 /* In both pre-compile and compile, count the number of names we've
5781 encountered. */
5782
5783 cd->names_found++;
5784 ptr++; /* Move past > or ' */
5785 goto NUMBERED_GROUP;
5786
5787
5788 /* ------------------------------------------------------------ */
5789 case CHAR_AMPERSAND: /* Perl recursion/subroutine syntax */
5790 terminator = CHAR_RIGHT_PARENTHESIS;
5791 is_recurse = TRUE;
5792 /* Fall through */
5793
5794 /* We come here from the Python syntax above that handles both
5795 references (?P=name) and recursion (?P>name), as well as falling
5796 through from the Perl recursion syntax (?&name). We also come here from
5797 the Perl \k<name> or \k'name' back reference syntax and the \k{name}
5798 .NET syntax, and the Oniguruma \g<...> and \g'...' subroutine syntax. */
5799
5800 NAMED_REF_OR_RECURSE:
5801 name = ++ptr;
5802 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5803 namelen = (int)(ptr - name);
5804
5805 /* In the pre-compile phase, do a syntax check. We used to just set
5806 a dummy reference number, because it was not used in the first pass.
5807 However, with the change of recursive back references to be atomic,
5808 we have to look for the number so that this state can be identified, as
5809 otherwise the incorrect length is computed. If it's not a backwards
5810 reference, the dummy number will do. */
5811
5812 if (lengthptr != NULL)
5813 {
5814 const uschar *temp;
5815
5816 if (namelen == 0)
5817 {
5818 *errorcodeptr = ERR62;
5819 goto FAILED;
5820 }
5821 if (*ptr != terminator)
5822 {
5823 *errorcodeptr = ERR42;
5824 goto FAILED;
5825 }
5826 if (namelen > MAX_NAME_SIZE)
5827 {
5828 *errorcodeptr = ERR48;
5829 goto FAILED;
5830 }
5831
5832 /* The name table does not exist in the first pass, so we cannot
5833 do a simple search as in the code below. Instead, we have to scan the
5834 pattern to find the number. It is important that we scan it only as
5835 far as we have got because the syntax of named subpatterns has not
5836 been checked for the rest of the pattern, and find_parens() assumes
5837 correct syntax. In any case, it's a waste of resources to scan
5838 further. We stop the scan at the current point by temporarily
5839 adjusting the value of cd->endpattern. */
5840
5841 temp = cd->end_pattern;
5842 cd->end_pattern = ptr;
5843 recno = find_parens(cd, name, namelen,
5844 (options & PCRE_EXTENDED) != 0, utf8);
5845 cd->end_pattern = temp;
5846 if (recno < 0) recno = 0; /* Forward ref; set dummy number */
5847 }
5848
5849 /* In the real compile, seek the name in the table. We check the name
5850 first, and then check that we have reached the end of the name in the
5851 table. That way, if the name that is longer than any in the table,
5852 the comparison will fail without reading beyond the table entry. */
5853
5854 else
5855 {
5856 slot = cd->name_table;
5857 for (i = 0; i < cd->names_found; i++)
5858 {
5859 if (strncmp((char *)name, (char *)slot+2, namelen) == 0 &&
5860 slot[2+namelen] == 0)
5861 break;
5862 slot += cd->name_entry_size;
5863 }
5864
5865 if (i < cd->names_found) /* Back reference */
5866 {
5867 recno = GET2(slot, 0);
5868 }
5869 else if ((recno = /* Forward back reference */
5870 find_parens(cd, name, namelen,
5871 (options & PCRE_EXTENDED) != 0, utf8)) <= 0)
5872 {
5873 *errorcodeptr = ERR15;
5874 goto FAILED;
5875 }
5876 }
5877
5878 /* In both phases, we can now go to the code than handles numerical
5879 recursion or backreferences. */
5880
5881 if (is_recurse) goto HANDLE_RECURSION;
5882 else goto HANDLE_REFERENCE;
5883
5884
5885 /* ------------------------------------------------------------ */
5886 case CHAR_R: /* Recursion */
5887 ptr++; /* Same as (?0) */
5888 /* Fall through */
5889
5890
5891 /* ------------------------------------------------------------ */
5892 case CHAR_MINUS: case CHAR_PLUS: /* Recursion or subroutine */
5893 case CHAR_0: case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4:
5894 case CHAR_5: case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
5895 {
5896 const uschar *called;
5897 terminator = CHAR_RIGHT_PARENTHESIS;
5898
5899 /* Come here from the \g<...> and \g'...' code (Oniguruma
5900 compatibility). However, the syntax has been checked to ensure that
5901 the ... are a (signed) number, so that neither ERR63 nor ERR29 will
5902 be called on this path, nor with the jump to OTHER_CHAR_AFTER_QUERY
5903 ever be taken. */
5904
5905 HANDLE_NUMERICAL_RECURSION:
5906
5907 if ((refsign = *ptr) == CHAR_PLUS)
5908 {
5909 ptr++;
5910 if ((digitab[*ptr] & ctype_digit) == 0)
5911 {
5912 *errorcodeptr = ERR63;
5913 goto FAILED;
5914 }
5915 }
5916 else if (refsign == CHAR_MINUS)
5917 {
5918 if ((digitab[ptr[1]] & ctype_digit) == 0)
5919 goto OTHER_CHAR_AFTER_QUERY;
5920 ptr++;
5921 }
5922
5923 recno = 0;
5924 while((digitab[*ptr] & ctype_digit) != 0)
5925 recno = recno * 10 + *ptr++ - CHAR_0;
5926
5927 if (*ptr != terminator)
5928 {
5929 *errorcodeptr = ERR29;
5930 goto FAILED;
5931 }
5932
5933 if (refsign == CHAR_MINUS)
5934 {
5935 if (recno == 0)
5936 {
5937 *errorcodeptr = ERR58;
5938 goto FAILED;
5939 }
5940 recno = cd->bracount - recno + 1;
5941 if (recno <= 0)
5942 {
5943 *errorcodeptr = ERR15;
5944 goto FAILED;
5945 }
5946 }
5947 else if (refsign == CHAR_PLUS)
5948 {
5949 if (recno == 0)
5950 {
5951 *errorcodeptr = ERR58;
5952 goto FAILED;
5953 }
5954 recno += cd->bracount;
5955 }
5956
5957 /* Come here from code above that handles a named recursion */
5958
5959 HANDLE_RECURSION:
5960
5961 previous = code;
5962 called = cd->start_code;
5963
5964 /* When we are actually compiling, find the bracket that is being
5965 referenced. Temporarily end the regex in case it doesn't exist before
5966 this point. If we end up with a forward reference, first check that
5967 the bracket does occur later so we can give the error (and position)
5968 now. Then remember this forward reference in the workspace so it can
5969 be filled in at the end. */
5970
5971 if (lengthptr == NULL)
5972 {
5973 *code = OP_END;
5974 if (recno != 0)
5975 called = _pcre_find_bracket(cd->start_code, utf8, recno);
5976
5977 /* Forward reference */
5978
5979 if (called == NULL)
5980 {
5981 if (find_parens(cd, NULL, recno,
5982 (options & PCRE_EXTENDED) != 0, utf8) < 0)
5983 {
5984 *errorcodeptr = ERR15;
5985 goto FAILED;
5986 }
5987
5988 /* Fudge the value of "called" so that when it is inserted as an
5989 offset below, what it actually inserted is the reference number
5990 of the group. Then remember the forward reference. */
5991
5992 called = cd->start_code + recno;
5993 if (cd->hwm >= cd->start_workspace + WORK_SIZE_CHECK)
5994 {
5995 *errorcodeptr = ERR72;
5996 goto FAILED;
5997 }
5998 PUTINC(cd->hwm, 0, (int)(code + 1 - cd->start_code));
5999 }
6000
6001 /* If not a forward reference, and the subpattern is still open,
6002 this is a recursive call. We check to see if this is a left
6003 recursion that could loop for ever, and diagnose that case. We
6004 must not, however, do this check if we are in a conditional
6005 subpattern because the condition might be testing for recursion in
6006 a pattern such as /(?(R)a+|(?R)b)/, which is perfectly valid.
6007 Forever loops are also detected at runtime, so those that occur in
6008 conditional subpatterns will be picked up then. */
6009
6010 else if (GET(called, 1) == 0 && cond_depth <= 0 &&
6011 could_be_empty(called, code, bcptr, utf8, cd))
6012 {
6013 *errorcodeptr = ERR40;
6014 goto FAILED;
6015 }
6016 }
6017
6018 /* Insert the recursion/subroutine item. */
6019
6020 *code = OP_RECURSE;
6021 PUT(code, 1, (int)(called - cd->start_code));
6022 code += 1 + LINK_SIZE;
6023 }
6024
6025 /* Can't determine a first byte now */
6026
6027 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
6028 continue;
6029
6030
6031 /* ------------------------------------------------------------ */
6032 default: /* Other characters: check option setting */
6033 OTHER_CHAR_AFTER_QUERY:
6034 set = unset = 0;
6035 optset = &set;
6036
6037 while (*ptr != CHAR_RIGHT_PARENTHESIS && *ptr != CHAR_COLON)
6038 {
6039 switch (*ptr++)
6040 {
6041 case CHAR_MINUS: optset = &unset; break;
6042
6043 case CHAR_J: /* Record that it changed in the external options */
6044 *optset |= PCRE_DUPNAMES;
6045 cd->external_flags |= PCRE_JCHANGED;
6046 break;
6047
6048 case CHAR_i: *optset |= PCRE_CASELESS; break;
6049 case CHAR_m: *optset |= PCRE_MULTILINE; break;
6050 case CHAR_s: *optset |= PCRE_DOTALL; break;
6051 case CHAR_x: *optset |= PCRE_EXTENDED; break;
6052 case CHAR_U: *optset |= PCRE_UNGREEDY; break;
6053 case CHAR_X: *optset |= PCRE_EXTRA; break;
6054
6055 default: *errorcodeptr = ERR12;
6056 ptr--; /* Correct the offset */
6057 goto FAILED;
6058 }
6059 }
6060
6061 /* Set up the changed option bits, but don't change anything yet. */
6062
6063 newoptions = (options | set) & (~unset);
6064
6065 /* If the options ended with ')' this is not the start of a nested
6066 group with option changes, so the options change at this level. If this
6067 item is right at the start of the pattern, the options can be
6068 abstracted and made external in the pre-compile phase, and ignored in
6069 the compile phase. This can be helpful when matching -- for instance in
6070 caseless checking of required bytes.
6071
6072 If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are
6073 definitely *not* at the start of the pattern because something has been
6074 compiled. In the pre-compile phase, however, the code pointer can have
6075 that value after the start, because it gets reset as code is discarded
6076 during the pre-compile. However, this can happen only at top level - if
6077 we are within parentheses, the starting BRA will still be present. At
6078 any parenthesis level, the length value can be used to test if anything
6079 has been compiled at that level. Thus, a test for both these conditions
6080 is necessary to ensure we correctly detect the start of the pattern in
6081 both phases.
6082
6083 If we are not at the pattern start, reset the greedy defaults and the
6084 case value for firstbyte and reqbyte. */
6085
6086 if (*ptr == CHAR_RIGHT_PARENTHESIS)
6087 {
6088 if (code == cd->start_code + 1 + LINK_SIZE &&
6089 (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
6090 {
6091 cd->external_options = newoptions;
6092 }
6093 else
6094 {
6095 greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
6096 greedy_non_default = greedy_default ^ 1;
6097 req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
6098 }
6099
6100 /* Change options at this level, and pass them back for use
6101 in subsequent branches. */
6102
6103 *optionsptr = options = newoptions;
6104 previous = NULL; /* This item can't be repeated */
6105 continue; /* It is complete */
6106 }
6107
6108 /* If the options ended with ':' we are heading into a nested group
6109 with possible change of options. Such groups are non-capturing and are
6110 not assertions of any kind. All we need to do is skip over the ':';
6111 the newoptions value is handled below. */
6112
6113 bravalue = OP_BRA;
6114 ptr++;
6115 } /* End of switch for character following (? */
6116 } /* End of (? handling */
6117
6118 /* Opening parenthesis not followed by '*' or '?'. If PCRE_NO_AUTO_CAPTURE
6119 is set, all unadorned brackets become non-capturing and behave like (?:...)
6120 brackets. */
6121
6122 else if ((options & PCRE_NO_AUTO_CAPTURE) != 0)
6123 {
6124 bravalue = OP_BRA;
6125 }
6126
6127 /* Else we have a capturing group. */
6128
6129 else
6130 {
6131 NUMBERED_GROUP:
6132 cd->bracount += 1;
6133 PUT2(code, 1+LINK_SIZE, cd->bracount);
6134 skipbytes = 2;
6135 }
6136
6137 /* Process nested bracketed regex. Assertions used not to be repeatable,
6138 but this was changed for Perl compatibility, so all kinds can now be
6139 repeated. We copy code into a non-register variable (tempcode) in order to
6140 be able to pass its address because some compilers complain otherwise. */
6141
6142 previous = code; /* For handling repetition */
6143 *code = bravalue;
6144 tempcode = code;
6145 tempreqvary = cd->req_varyopt; /* Save value before bracket */
6146 tempbracount = cd->bracount; /* Save value before bracket */
6147 length_prevgroup = 0; /* Initialize for pre-compile phase */
6148
6149 if (!compile_regex(
6150 newoptions, /* The complete new option state */
6151 &tempcode, /* Where to put code (updated) */
6152 &ptr, /* Input pointer (updated) */
6153 errorcodeptr, /* Where to put an error message */
6154 (bravalue == OP_ASSERTBACK ||
6155 bravalue == OP_ASSERTBACK_NOT), /* TRUE if back assert */
6156 reset_bracount, /* True if (?| group */
6157 skipbytes, /* Skip over bracket number */
6158 cond_depth +
6159 ((bravalue == OP_COND)?1:0), /* Depth of condition subpatterns */
6160 &subfirstbyte, /* For possible first char */
6161 &subreqbyte, /* For possible last char */
6162 bcptr, /* Current branch chain */
6163 cd, /* Tables block */
6164 (lengthptr == NULL)? NULL : /* Actual compile phase */
6165 &length_prevgroup /* Pre-compile phase */
6166 ))
6167 goto FAILED;
6168
6169 /* If this was an atomic group and there are no capturing groups within it,
6170 generate OP_ONCE_NC instead of OP_ONCE. */
6171
6172 if (bravalue == OP_ONCE && cd->bracount <= tempbracount)
6173 *code = OP_ONCE_NC;
6174
6175 if (bravalue >= OP_ASSERT && bravalue <= OP_ASSERTBACK_NOT)
6176 cd->assert_depth -= 1;
6177
6178 /* At the end of compiling, code is still pointing to the start of the
6179 group, while tempcode has been updated to point past the end of the group.
6180 The pattern pointer (ptr) is on the bracket.
6181
6182 If this is a conditional bracket, check that there are no more than
6183 two branches in the group, or just one if it's a DEFINE group. We do this
6184 in the real compile phase, not in the pre-pass, where the whole group may
6185 not be available. */
6186
6187 if (bravalue == OP_COND && lengthptr == NULL)
6188 {
6189 uschar *tc = code;
6190 int condcount = 0;
6191
6192 do {
6193 condcount++;
6194 tc += GET(tc,1);
6195 }
6196 while (*tc != OP_KET);
6197
6198 /* A DEFINE group is never obeyed inline (the "condition" is always
6199 false). It must have only one branch. */
6200
6201 if (code[LINK_SIZE+1] == OP_DEF)
6202 {
6203 if (condcount > 1)
6204 {
6205 *errorcodeptr = ERR54;
6206 goto FAILED;
6207 }
6208 bravalue = OP_DEF; /* Just a flag to suppress char handling below */
6209 }
6210
6211 /* A "normal" conditional group. If there is just one branch, we must not
6212 make use of its firstbyte or reqbyte, because this is equivalent to an
6213 empty second branch. */
6214
6215 else
6216 {
6217 if (condcount > 2)
6218 {
6219 *errorcodeptr = ERR27;
6220 goto FAILED;
6221 }
6222 if (condcount == 1) subfirstbyte = subreqbyte = REQ_NONE;
6223 }
6224 }
6225
6226 /* Error if hit end of pattern */
6227
6228 if (*ptr != CHAR_RIGHT_PARENTHESIS)
6229 {
6230 *errorcodeptr = ERR14;
6231 goto FAILED;
6232 }
6233
6234 /* In the pre-compile phase, update the length by the length of the group,
6235 less the brackets at either end. Then reduce the compiled code to just a
6236 set of non-capturing brackets so that it doesn't use much memory if it is
6237 duplicated by a quantifier.*/
6238
6239 if (lengthptr != NULL)
6240 {
6241 if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
6242 {
6243 *errorcodeptr = ERR20;
6244 goto FAILED;
6245 }
6246 *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;
6247 code++; /* This already contains bravalue */
6248 PUTINC(code, 0, 1 + LINK_SIZE);
6249 *code++ = OP_KET;
6250 PUTINC(code, 0, 1 + LINK_SIZE);
6251 break; /* No need to waste time with special character handling */
6252 }
6253
6254 /* Otherwise update the main code pointer to the end of the group. */
6255
6256 code = tempcode;
6257
6258 /* For a DEFINE group, required and first character settings are not
6259 relevant. */
6260
6261 if (bravalue == OP_DEF) break;
6262
6263 /* Handle updating of the required and first characters for other types of
6264 group. Update for normal brackets of all kinds, and conditions with two
6265 branches (see code above). If the bracket is followed by a quantifier with
6266 zero repeat, we have to back off. Hence the definition of zeroreqbyte and
6267 zerofirstbyte outside the main loop so that they can be accessed for the
6268 back off. */
6269
6270 zeroreqbyte = reqbyte;
6271 zerofirstbyte = firstbyte;
6272 groupsetfirstbyte = FALSE;
6273
6274 if (bravalue >= OP_ONCE)
6275 {
6276 /* If we have not yet set a firstbyte in this branch, take it from the
6277 subpattern, remembering that it was set here so that a repeat of more
6278 than one can replicate it as reqbyte if necessary. If the subpattern has
6279 no firstbyte, set "none" for the whole branch. In both cases, a zero
6280 repeat forces firstbyte to "none". */
6281
6282 if (firstbyte == REQ_UNSET)
6283 {
6284 if (subfirstbyte >= 0)
6285 {
6286 firstbyte = subfirstbyte;
6287 groupsetfirstbyte = TRUE;
6288 }
6289 else firstbyte = REQ_NONE;
6290 zerofirstbyte = REQ_NONE;
6291 }
6292
6293 /* If firstbyte was previously set, convert the subpattern's firstbyte
6294 into reqbyte if there wasn't one, using the vary flag that was in
6295 existence beforehand. */
6296
6297 else if (subfirstbyte >= 0 && subreqbyte < 0)
6298 subreqbyte = subfirstbyte | tempreqvary;
6299
6300 /* If the subpattern set a required byte (or set a first byte that isn't
6301 really the first byte - see above), set it. */
6302
6303 if (subreqbyte >= 0) reqbyte = subreqbyte;
6304 }
6305
6306 /* For a forward assertion, we take the reqbyte, if set. This can be
6307 helpful if the pattern that follows the assertion doesn't set a different
6308 char. For example, it's useful for /(?=abcde).+/. We can't set firstbyte
6309 for an assertion, however because it leads to incorrect effect for patterns
6310 such as /(?=a)a.+/ when the "real" "a" would then become a reqbyte instead
6311 of a firstbyte. This is overcome by a scan at the end if there's no
6312 firstbyte, looking for an asserted first char. */
6313
6314 else if (bravalue == OP_ASSERT && subreqbyte >= 0) reqbyte = subreqbyte;
6315 break; /* End of processing '(' */
6316
6317
6318 /* ===================================================================*/
6319 /* Handle metasequences introduced by \. For ones like \d, the ESC_ values
6320 are arranged to be the negation of the corresponding OP_values in the
6321 default case when PCRE_UCP is not set. For the back references, the values
6322 are ESC_REF plus the reference number. Only back references and those types
6323 that consume a character may be repeated. We can test for values between
6324 ESC_b and ESC_Z for the latter; this may have to change if any new ones are
6325 ever created. */
6326
6327 case CHAR_BACKSLASH:
6328 tempptr = ptr;
6329 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, FALSE);
6330 if (*errorcodeptr != 0) goto FAILED;
6331
6332 if (c < 0)
6333 {
6334 if (-c == ESC_Q) /* Handle start of quoted string */
6335 {
6336 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
6337 ptr += 2; /* avoid empty string */
6338 else inescq = TRUE;
6339 continue;
6340 }
6341
6342 if (-c == ESC_E) continue; /* Perl ignores an orphan \E */
6343
6344 /* For metasequences that actually match a character, we disable the
6345 setting of a first character if it hasn't already been set. */
6346
6347 if (firstbyte == REQ_UNSET && -c > ESC_b && -c < ESC_Z)
6348 firstbyte = REQ_NONE;
6349
6350 /* Set values to reset to if this is followed by a zero repeat. */
6351
6352 zerofirstbyte = firstbyte;
6353 zeroreqbyte = reqbyte;
6354
6355 /* \g<name> or \g'name' is a subroutine call by name and \g<n> or \g'n'
6356 is a subroutine call by number (Oniguruma syntax). In fact, the value
6357 -ESC_g is returned only for these cases. So we don't need to check for <
6358 or ' if the value is -ESC_g. For the Perl syntax \g{n} the value is
6359 -ESC_REF+n, and for the Perl syntax \g{name} the result is -ESC_k (as
6360 that is a synonym for a named back reference). */
6361
6362 if (-c == ESC_g)
6363 {
6364 const uschar *p;
6365 save_hwm = cd->hwm; /* Normally this is set when '(' is read */
6366 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6367 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
6368
6369 /* These two statements stop the compiler for warning about possibly
6370 unset variables caused by the jump to HANDLE_NUMERICAL_RECURSION. In
6371 fact, because we actually check for a number below, the paths that
6372 would actually be in error are never taken. */
6373
6374 skipbytes = 0;
6375 reset_bracount = FALSE;
6376
6377 /* Test for a name */
6378
6379 if (ptr[1] != CHAR_PLUS && ptr[1] != CHAR_MINUS)
6380 {
6381 BOOL isnumber = TRUE;
6382 for (p = ptr + 1; *p != 0 && *p != terminator; p++)
6383 {
6384 if ((cd->ctypes[*p] & ctype_digit) == 0) isnumber = FALSE;
6385 if ((cd->ctypes[*p] & ctype_word) == 0) break;
6386 }
6387 if (*p != terminator)
6388 {
6389 *errorcodeptr = ERR57;
6390 break;
6391 }
6392 if (isnumber)
6393 {
6394 ptr++;
6395 goto HANDLE_NUMERICAL_RECURSION;
6396 }
6397 is_recurse = TRUE;
6398 goto NAMED_REF_OR_RECURSE;
6399 }
6400
6401 /* Test a signed number in angle brackets or quotes. */
6402
6403 p = ptr + 2;
6404 while ((digitab[*p] & ctype_digit) != 0) p++;
6405 if (*p != terminator)
6406 {
6407 *errorcodeptr = ERR57;
6408 break;
6409 }
6410 ptr++;
6411 goto HANDLE_NUMERICAL_RECURSION;
6412 }
6413
6414 /* \k<name> or \k'name' is a back reference by name (Perl syntax).
6415 We also support \k{name} (.NET syntax). */
6416
6417 if (-c == ESC_k)
6418 {
6419 if ((ptr[1] != CHAR_LESS_THAN_SIGN &&
6420 ptr[1] != CHAR_APOSTROPHE && ptr[1] != CHAR_LEFT_CURLY_BRACKET))
6421 {
6422 *errorcodeptr = ERR69;
6423 break;
6424 }
6425 is_recurse = FALSE;
6426 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6427 CHAR_GREATER_THAN_SIGN : (*ptr == CHAR_APOSTROPHE)?
6428 CHAR_APOSTROPHE : CHAR_RIGHT_CURLY_BRACKET;
6429 goto NAMED_REF_OR_RECURSE;
6430 }
6431
6432 /* Back references are handled specially; must disable firstbyte if
6433 not set to cope with cases like (?=(\w+))\1: which would otherwise set
6434 ':' later. */
6435
6436 if (-c >= ESC_REF)
6437 {
6438 open_capitem *oc;
6439 recno = -c - ESC_REF;
6440
6441 HANDLE_REFERENCE: /* Come here from named backref handling */
6442 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
6443 previous = code;
6444 *code++ = ((options & PCRE_CASELESS) != 0)? OP_REFI : OP_REF;
6445 PUT2INC(code, 0, recno);
6446 cd->backref_map |= (recno < 32)? (1 << recno) : 1;
6447 if (recno > cd->top_backref) cd->top_backref = recno;
6448
6449 /* Check to see if this back reference is recursive, that it, it
6450 is inside the group that it references. A flag is set so that the
6451 group can be made atomic. */
6452
6453 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
6454 {
6455 if (oc->number == recno)
6456 {
6457 oc->flag = TRUE;
6458 break;
6459 }
6460 }
6461 }
6462
6463 /* So are Unicode property matches, if supported. */
6464
6465 #ifdef SUPPORT_UCP
6466 else if (-c == ESC_P || -c == ESC_p)
6467 {
6468 BOOL negated;
6469 int pdata;
6470 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
6471 if (ptype < 0) goto FAILED;
6472 previous = code;
6473 *code++ = ((-c == ESC_p) != negated)? OP_PROP : OP_NOTPROP;
6474 *code++ = ptype;
6475 *code++ = pdata;
6476 }
6477 #else
6478
6479 /* If Unicode properties are not supported, \X, \P, and \p are not
6480 allowed. */
6481
6482 else if (-c == ESC_X || -c == ESC_P || -c == ESC_p)
6483 {
6484 *errorcodeptr = ERR45;
6485 goto FAILED;
6486 }
6487 #endif
6488
6489 /* For the rest (including \X when Unicode properties are supported), we
6490 can obtain the OP value by negating the escape value in the default
6491 situation when PCRE_UCP is not set. When it *is* set, we substitute
6492 Unicode property tests. */
6493
6494 else
6495 {
6496 #ifdef SUPPORT_UCP
6497 if (-c >= ESC_DU && -c <= ESC_wu)
6498 {
6499 nestptr = ptr + 1; /* Where to resume */
6500 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
6501 }
6502 else
6503 #endif
6504 /* In non-UTF-8 mode, we turn \C into OP_ALLANY instead of OP_ANYBYTE
6505 so that it works in DFA mode and in lookbehinds. */
6506
6507 {
6508 previous = (-c > ESC_b && -c < ESC_Z)? code : NULL;
6509 *code++ = (!utf8 && c == -ESC_C)? OP_ALLANY : -c;
6510 }
6511 }
6512 continue;
6513 }
6514
6515 /* We have a data character whose value is in c. In UTF-8 mode it may have
6516 a value > 127. We set its representation in the length/buffer, and then
6517 handle it as a data character. */
6518
6519 #ifdef SUPPORT_UTF8
6520 if (utf8 && c > 127)
6521 mclength = _pcre_ord2utf8(c, mcbuffer);
6522 else
6523 #endif
6524
6525 {
6526 mcbuffer[0] = c;
6527 mclength = 1;
6528 }
6529 goto ONE_CHAR;
6530
6531
6532 /* ===================================================================*/
6533 /* Handle a literal character. It is guaranteed not to be whitespace or #
6534 when the extended flag is set. If we are in UTF-8 mode, it may be a
6535 multi-byte literal character. */
6536
6537 default:
6538 NORMAL_CHAR:
6539 mclength = 1;
6540 mcbuffer[0] = c;
6541
6542 #ifdef SUPPORT_UTF8
6543 if (utf8 && c >= 0xc0)
6544 {
6545 while ((ptr[1] & 0xc0) == 0x80)
6546 mcbuffer[mclength++] = *(++ptr);
6547 }
6548 #endif
6549
6550 /* At this point we have the character's bytes in mcbuffer, and the length
6551 in mclength. When not in UTF-8 mode, the length is always 1. */
6552
6553 ONE_CHAR:
6554 previous = code;
6555 *code++ = ((options & PCRE_CASELESS) != 0)? OP_CHARI : OP_CHAR;
6556 for (c = 0; c < mclength; c++) *code++ = mcbuffer[c];
6557
6558 /* Remember if \r or \n were seen */
6559
6560 if (mcbuffer[0] == CHAR_CR || mcbuffer[0] == CHAR_NL)
6561 cd->external_flags |= PCRE_HASCRORLF;
6562
6563 /* Set the first and required bytes appropriately. If no previous first
6564 byte, set it from this character, but revert to none on a zero repeat.
6565 Otherwise, leave the firstbyte value alone, and don't change it on a zero
6566 repeat. */
6567
6568 if (firstbyte == REQ_UNSET)
6569 {
6570 zerofirstbyte = REQ_NONE;
6571 zeroreqbyte = reqbyte;
6572
6573 /* If the character is more than one byte long, we can set firstbyte
6574 only if it is not to be matched caselessly. */
6575
6576 if (mclength == 1 || req_caseopt == 0)
6577 {
6578 firstbyte = mcbuffer[0] | req_caseopt;
6579 if (mclength != 1) reqbyte = code[-1] | cd->req_varyopt;
6580 }
6581 else firstbyte = reqbyte = REQ_NONE;
6582 }
6583
6584 /* firstbyte was previously set; we can set reqbyte only if the length is
6585 1 or the matching is caseful. */
6586
6587 else
6588 {
6589 zerofirstbyte = firstbyte;
6590 zeroreqbyte = reqbyte;
6591 if (mclength == 1 || req_caseopt == 0)
6592 reqbyte = code[-1] | req_caseopt | cd->req_varyopt;
6593 }
6594
6595 break; /* End of literal character handling */
6596 }
6597 } /* end of big loop */
6598
6599
6600 /* Control never reaches here by falling through, only by a goto for all the
6601 error states. Pass back the position in the pattern so that it can be displayed
6602 to the user for diagnosing the error. */
6603
6604 FAILED:
6605 *ptrptr = ptr;
6606 return FALSE;
6607 }
6608
6609
6610
6611
6612 /*************************************************
6613 * Compile sequence of alternatives *
6614 *************************************************/
6615
6616 /* On entry, ptr is pointing past the bracket character, but on return it
6617 points to the closing bracket, or vertical bar, or end of string. The code
6618 variable is pointing at the byte into which the BRA operator has been stored.
6619 This function is used during the pre-compile phase when we are trying to find
6620 out the amount of memory needed, as well as during the real compile phase. The
6621 value of lengthptr distinguishes the two phases.
6622
6623 Arguments:
6624 options option bits, including any changes for this subpattern
6625 codeptr -> the address of the current code pointer
6626 ptrptr -> the address of the current pattern pointer
6627 errorcodeptr -> pointer to error code variable
6628 lookbehind TRUE if this is a lookbehind assertion
6629 reset_bracount TRUE to reset the count for each branch
6630 skipbytes skip this many bytes at start (for brackets and OP_COND)
6631 cond_depth depth of nesting for conditional subpatterns
6632 firstbyteptr place to put the first required character, or a negative number
6633 reqbyteptr place to put the last required character, or a negative number
6634 bcptr pointer to the chain of currently open branches
6635 cd points to the data block with tables pointers etc.
6636 lengthptr NULL during the real compile phase
6637 points to length accumulator during pre-compile phase
6638
6639 Returns: TRUE on success
6640 */
6641
6642 static BOOL
6643 compile_regex(int options, uschar **codeptr, const uschar **ptrptr,
6644 int *errorcodeptr, BOOL lookbehind, BOOL reset_bracount, int skipbytes,
6645 int cond_depth, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
6646 compile_data *cd, int *lengthptr)
6647 {
6648 const uschar *ptr = *ptrptr;
6649 uschar *code = *codeptr;