/[pcre]/code/trunk/pcre_compile.c
ViewVC logotype

Contents of /code/trunk/pcre_compile.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 642 - (show annotations) (download)
Thu Jul 28 18:59:40 2011 UTC (3 years ago) by ph10
File MIME type: text/plain
File size: 243683 byte(s)
Avoid false positive for infinite recursion by not checking conditionals at 
compile time, but add tests at runtime that also catch infinite mutual 
recursion.

1 /*************************************************
2 * Perl-Compatible Regular Expressions *
3 *************************************************/
4
5 /* PCRE is a library of functions to support regular expressions whose syntax
6 and semantics are as close as possible to those of the Perl 5 language.
7
8 Written by Philip Hazel
9 Copyright (c) 1997-2011 University of Cambridge
10
11 -----------------------------------------------------------------------------
12 Redistribution and use in source and binary forms, with or without
13 modification, are permitted provided that the following conditions are met:
14
15 * Redistributions of source code must retain the above copyright notice,
16 this list of conditions and the following disclaimer.
17
18 * Redistributions in binary form must reproduce the above copyright
19 notice, this list of conditions and the following disclaimer in the
20 documentation and/or other materials provided with the distribution.
21
22 * Neither the name of the University of Cambridge nor the names of its
23 contributors may be used to endorse or promote products derived from
24 this software without specific prior written permission.
25
26 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
27 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
30 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
37 -----------------------------------------------------------------------------
38 */
39
40
41 /* This module contains the external function pcre_compile(), along with
42 supporting internal functions that are not used by other modules. */
43
44
45 #ifdef HAVE_CONFIG_H
46 #include "config.h"
47 #endif
48
49 #define NLBLOCK cd /* Block containing newline information */
50 #define PSSTART start_pattern /* Field containing processed string start */
51 #define PSEND end_pattern /* Field containing processed string end */
52
53 #include "pcre_internal.h"
54
55
56 /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
57 also used by pcretest. PCRE_DEBUG is not defined when building a production
58 library. */
59
60 #ifdef PCRE_DEBUG
61 #include "pcre_printint.src"
62 #endif
63
64
65 /* Macro for setting individual bits in class bitmaps. */
66
67 #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
68
69 /* Maximum length value to check against when making sure that the integer that
70 holds the compiled pattern length does not overflow. We make it a bit less than
71 INT_MAX to allow for adding in group terminating bytes, so that we don't have
72 to check them every time. */
73
74 #define OFLOW_MAX (INT_MAX - 20)
75
76
77 /*************************************************
78 * Code parameters and static tables *
79 *************************************************/
80
81 /* This value specifies the size of stack workspace that is used during the
82 first pre-compile phase that determines how much memory is required. The regex
83 is partly compiled into this space, but the compiled parts are discarded as
84 soon as they can be, so that hopefully there will never be an overrun. The code
85 does, however, check for an overrun. The largest amount I've seen used is 218,
86 so this number is very generous.
87
88 The same workspace is used during the second, actual compile phase for
89 remembering forward references to groups so that they can be filled in at the
90 end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
91 is 4 there is plenty of room. */
92
93 #define COMPILE_WORK_SIZE (4096)
94
95 /* The overrun tests check for a slightly smaller size so that they detect the
96 overrun before it actually does run off the end of the data block. */
97
98 #define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
99
100
101 /* Table for handling escaped characters in the range '0'-'z'. Positive returns
102 are simple data values; negative values are for special things like \d and so
103 on. Zero means further processing is needed (for things like \x), or the escape
104 is invalid. */
105
106 #ifndef EBCDIC
107
108 /* This is the "normal" table for ASCII systems or for EBCDIC systems running
109 in UTF-8 mode. */
110
111 static const short int escapes[] = {
112 0, 0,
113 0, 0,
114 0, 0,
115 0, 0,
116 0, 0,
117 CHAR_COLON, CHAR_SEMICOLON,
118 CHAR_LESS_THAN_SIGN, CHAR_EQUALS_SIGN,
119 CHAR_GREATER_THAN_SIGN, CHAR_QUESTION_MARK,
120 CHAR_COMMERCIAL_AT, -ESC_A,
121 -ESC_B, -ESC_C,
122 -ESC_D, -ESC_E,
123 0, -ESC_G,
124 -ESC_H, 0,
125 0, -ESC_K,
126 0, 0,
127 -ESC_N, 0,
128 -ESC_P, -ESC_Q,
129 -ESC_R, -ESC_S,
130 0, 0,
131 -ESC_V, -ESC_W,
132 -ESC_X, 0,
133 -ESC_Z, CHAR_LEFT_SQUARE_BRACKET,
134 CHAR_BACKSLASH, CHAR_RIGHT_SQUARE_BRACKET,
135 CHAR_CIRCUMFLEX_ACCENT, CHAR_UNDERSCORE,
136 CHAR_GRAVE_ACCENT, 7,
137 -ESC_b, 0,
138 -ESC_d, ESC_e,
139 ESC_f, 0,
140 -ESC_h, 0,
141 0, -ESC_k,
142 0, 0,
143 ESC_n, 0,
144 -ESC_p, 0,
145 ESC_r, -ESC_s,
146 ESC_tee, 0,
147 -ESC_v, -ESC_w,
148 0, 0,
149 -ESC_z
150 };
151
152 #else
153
154 /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
155
156 static const short int escapes[] = {
157 /* 48 */ 0, 0, 0, '.', '<', '(', '+', '|',
158 /* 50 */ '&', 0, 0, 0, 0, 0, 0, 0,
159 /* 58 */ 0, 0, '!', '$', '*', ')', ';', '~',
160 /* 60 */ '-', '/', 0, 0, 0, 0, 0, 0,
161 /* 68 */ 0, 0, '|', ',', '%', '_', '>', '?',
162 /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0,
163 /* 78 */ 0, '`', ':', '#', '@', '\'', '=', '"',
164 /* 80 */ 0, 7, -ESC_b, 0, -ESC_d, ESC_e, ESC_f, 0,
165 /* 88 */-ESC_h, 0, 0, '{', 0, 0, 0, 0,
166 /* 90 */ 0, 0, -ESC_k, 'l', 0, ESC_n, 0, -ESC_p,
167 /* 98 */ 0, ESC_r, 0, '}', 0, 0, 0, 0,
168 /* A0 */ 0, '~', -ESC_s, ESC_tee, 0,-ESC_v, -ESC_w, 0,
169 /* A8 */ 0,-ESC_z, 0, 0, 0, '[', 0, 0,
170 /* B0 */ 0, 0, 0, 0, 0, 0, 0, 0,
171 /* B8 */ 0, 0, 0, 0, 0, ']', '=', '-',
172 /* C0 */ '{',-ESC_A, -ESC_B, -ESC_C, -ESC_D,-ESC_E, 0, -ESC_G,
173 /* C8 */-ESC_H, 0, 0, 0, 0, 0, 0, 0,
174 /* D0 */ '}', 0, -ESC_K, 0, 0,-ESC_N, 0, -ESC_P,
175 /* D8 */-ESC_Q,-ESC_R, 0, 0, 0, 0, 0, 0,
176 /* E0 */ '\\', 0, -ESC_S, 0, 0,-ESC_V, -ESC_W, -ESC_X,
177 /* E8 */ 0,-ESC_Z, 0, 0, 0, 0, 0, 0,
178 /* F0 */ 0, 0, 0, 0, 0, 0, 0, 0,
179 /* F8 */ 0, 0, 0, 0, 0, 0, 0, 0
180 };
181 #endif
182
183
184 /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
185 searched linearly. Put all the names into a single string, in order to reduce
186 the number of relocations when a shared library is dynamically linked. The
187 string is built from string macros so that it works in UTF-8 mode on EBCDIC
188 platforms. */
189
190 typedef struct verbitem {
191 int len; /* Length of verb name */
192 int op; /* Op when no arg, or -1 if arg mandatory */
193 int op_arg; /* Op when arg present, or -1 if not allowed */
194 } verbitem;
195
196 static const char verbnames[] =
197 "\0" /* Empty name is a shorthand for MARK */
198 STRING_MARK0
199 STRING_ACCEPT0
200 STRING_COMMIT0
201 STRING_F0
202 STRING_FAIL0
203 STRING_PRUNE0
204 STRING_SKIP0
205 STRING_THEN;
206
207 static const verbitem verbs[] = {
208 { 0, -1, OP_MARK },
209 { 4, -1, OP_MARK },
210 { 6, OP_ACCEPT, -1 },
211 { 6, OP_COMMIT, -1 },
212 { 1, OP_FAIL, -1 },
213 { 4, OP_FAIL, -1 },
214 { 5, OP_PRUNE, OP_PRUNE_ARG },
215 { 4, OP_SKIP, OP_SKIP_ARG },
216 { 4, OP_THEN, OP_THEN_ARG }
217 };
218
219 static const int verbcount = sizeof(verbs)/sizeof(verbitem);
220
221
222 /* Tables of names of POSIX character classes and their lengths. The names are
223 now all in a single string, to reduce the number of relocations when a shared
224 library is dynamically loaded. The list of lengths is terminated by a zero
225 length entry. The first three must be alpha, lower, upper, as this is assumed
226 for handling case independence. */
227
228 static const char posix_names[] =
229 STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
230 STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
231 STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
232 STRING_word0 STRING_xdigit;
233
234 static const uschar posix_name_lengths[] = {
235 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
236
237 /* Table of class bit maps for each POSIX class. Each class is formed from a
238 base map, with an optional addition or removal of another map. Then, for some
239 classes, there is some additional tweaking: for [:blank:] the vertical space
240 characters are removed, and for [:alpha:] and [:alnum:] the underscore
241 character is removed. The triples in the table consist of the base map offset,
242 second map offset or -1 if no second map, and a non-negative value for map
243 addition or a negative value for map subtraction (if there are two maps). The
244 absolute value of the third field has these meanings: 0 => no tweaking, 1 =>
245 remove vertical space characters, 2 => remove underscore. */
246
247 static const int posix_class_maps[] = {
248 cbit_word, cbit_digit, -2, /* alpha */
249 cbit_lower, -1, 0, /* lower */
250 cbit_upper, -1, 0, /* upper */
251 cbit_word, -1, 2, /* alnum - word without underscore */
252 cbit_print, cbit_cntrl, 0, /* ascii */
253 cbit_space, -1, 1, /* blank - a GNU extension */
254 cbit_cntrl, -1, 0, /* cntrl */
255 cbit_digit, -1, 0, /* digit */
256 cbit_graph, -1, 0, /* graph */
257 cbit_print, -1, 0, /* print */
258 cbit_punct, -1, 0, /* punct */
259 cbit_space, -1, 0, /* space */
260 cbit_word, -1, 0, /* word - a Perl extension */
261 cbit_xdigit,-1, 0 /* xdigit */
262 };
263
264 /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
265 substitutes must be in the order of the names, defined above, and there are
266 both positive and negative cases. NULL means no substitute. */
267
268 #ifdef SUPPORT_UCP
269 static const uschar *substitutes[] = {
270 (uschar *)"\\P{Nd}", /* \D */
271 (uschar *)"\\p{Nd}", /* \d */
272 (uschar *)"\\P{Xsp}", /* \S */ /* NOTE: Xsp is Perl space */
273 (uschar *)"\\p{Xsp}", /* \s */
274 (uschar *)"\\P{Xwd}", /* \W */
275 (uschar *)"\\p{Xwd}" /* \w */
276 };
277
278 static const uschar *posix_substitutes[] = {
279 (uschar *)"\\p{L}", /* alpha */
280 (uschar *)"\\p{Ll}", /* lower */
281 (uschar *)"\\p{Lu}", /* upper */
282 (uschar *)"\\p{Xan}", /* alnum */
283 NULL, /* ascii */
284 (uschar *)"\\h", /* blank */
285 NULL, /* cntrl */
286 (uschar *)"\\p{Nd}", /* digit */
287 NULL, /* graph */
288 NULL, /* print */
289 NULL, /* punct */
290 (uschar *)"\\p{Xps}", /* space */ /* NOTE: Xps is POSIX space */
291 (uschar *)"\\p{Xwd}", /* word */
292 NULL, /* xdigit */
293 /* Negated cases */
294 (uschar *)"\\P{L}", /* ^alpha */
295 (uschar *)"\\P{Ll}", /* ^lower */
296 (uschar *)"\\P{Lu}", /* ^upper */
297 (uschar *)"\\P{Xan}", /* ^alnum */
298 NULL, /* ^ascii */
299 (uschar *)"\\H", /* ^blank */
300 NULL, /* ^cntrl */
301 (uschar *)"\\P{Nd}", /* ^digit */
302 NULL, /* ^graph */
303 NULL, /* ^print */
304 NULL, /* ^punct */
305 (uschar *)"\\P{Xps}", /* ^space */ /* NOTE: Xps is POSIX space */
306 (uschar *)"\\P{Xwd}", /* ^word */
307 NULL /* ^xdigit */
308 };
309 #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
310 #endif
311
312 #define STRING(a) # a
313 #define XSTRING(s) STRING(s)
314
315 /* The texts of compile-time error messages. These are "char *" because they
316 are passed to the outside world. Do not ever re-use any error number, because
317 they are documented. Always add a new error instead. Messages marked DEAD below
318 are no longer used. This used to be a table of strings, but in order to reduce
319 the number of relocations needed when a shared library is loaded dynamically,
320 it is now one long string. We cannot use a table of offsets, because the
321 lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
322 simply count through to the one we want - this isn't a performance issue
323 because these strings are used only when there is a compilation error.
324
325 Each substring ends with \0 to insert a null character. This includes the final
326 substring, so that the whole string ends with \0\0, which can be detected when
327 counting through. */
328
329 static const char error_texts[] =
330 "no error\0"
331 "\\ at end of pattern\0"
332 "\\c at end of pattern\0"
333 "unrecognized character follows \\\0"
334 "numbers out of order in {} quantifier\0"
335 /* 5 */
336 "number too big in {} quantifier\0"
337 "missing terminating ] for character class\0"
338 "invalid escape sequence in character class\0"
339 "range out of order in character class\0"
340 "nothing to repeat\0"
341 /* 10 */
342 "operand of unlimited repeat could match the empty string\0" /** DEAD **/
343 "internal error: unexpected repeat\0"
344 "unrecognized character after (? or (?-\0"
345 "POSIX named classes are supported only within a class\0"
346 "missing )\0"
347 /* 15 */
348 "reference to non-existent subpattern\0"
349 "erroffset passed as NULL\0"
350 "unknown option bit(s) set\0"
351 "missing ) after comment\0"
352 "parentheses nested too deeply\0" /** DEAD **/
353 /* 20 */
354 "regular expression is too large\0"
355 "failed to get memory\0"
356 "unmatched parentheses\0"
357 "internal error: code overflow\0"
358 "unrecognized character after (?<\0"
359 /* 25 */
360 "lookbehind assertion is not fixed length\0"
361 "malformed number or name after (?(\0"
362 "conditional group contains more than two branches\0"
363 "assertion expected after (?(\0"
364 "(?R or (?[+-]digits must be followed by )\0"
365 /* 30 */
366 "unknown POSIX class name\0"
367 "POSIX collating elements are not supported\0"
368 "this version of PCRE is not compiled with PCRE_UTF8 support\0"
369 "spare error\0" /** DEAD **/
370 "character value in \\x{...} sequence is too large\0"
371 /* 35 */
372 "invalid condition (?(0)\0"
373 "\\C not allowed in lookbehind assertion\0"
374 "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
375 "number after (?C is > 255\0"
376 "closing ) for (?C expected\0"
377 /* 40 */
378 "recursive call could loop indefinitely\0"
379 "unrecognized character after (?P\0"
380 "syntax error in subpattern name (missing terminator)\0"
381 "two named subpatterns have the same name\0"
382 "invalid UTF-8 string\0"
383 /* 45 */
384 "support for \\P, \\p, and \\X has not been compiled\0"
385 "malformed \\P or \\p sequence\0"
386 "unknown property name after \\P or \\p\0"
387 "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
388 "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
389 /* 50 */
390 "repeated subpattern is too long\0" /** DEAD **/
391 "octal value is greater than \\377 (not in UTF-8 mode)\0"
392 "internal error: overran compiling workspace\0"
393 "internal error: previously-checked referenced subpattern not found\0"
394 "DEFINE group contains more than one branch\0"
395 /* 55 */
396 "repeating a DEFINE group is not allowed\0" /** DEAD **/
397 "inconsistent NEWLINE options\0"
398 "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
399 "a numbered reference must not be zero\0"
400 "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
401 /* 60 */
402 "(*VERB) not recognized\0"
403 "number is too big\0"
404 "subpattern name expected\0"
405 "digit expected after (?+\0"
406 "] is an invalid data character in JavaScript compatibility mode\0"
407 /* 65 */
408 "different names for subpatterns of the same number are not allowed\0"
409 "(*MARK) must have an argument\0"
410 "this version of PCRE is not compiled with PCRE_UCP support\0"
411 "\\c must be followed by an ASCII character\0"
412 "\\k is not followed by a braced, angle-bracketed, or quoted name\0"
413 ;
414
415 /* Table to identify digits and hex digits. This is used when compiling
416 patterns. Note that the tables in chartables are dependent on the locale, and
417 may mark arbitrary characters as digits - but the PCRE compiling code expects
418 to handle only 0-9, a-z, and A-Z as digits when compiling. That is why we have
419 a private table here. It costs 256 bytes, but it is a lot faster than doing
420 character value tests (at least in some simple cases I timed), and in some
421 applications one wants PCRE to compile efficiently as well as match
422 efficiently.
423
424 For convenience, we use the same bit definitions as in chartables:
425
426 0x04 decimal digit
427 0x08 hexadecimal digit
428
429 Then we can use ctype_digit and ctype_xdigit in the code. */
430
431 #ifndef EBCDIC
432
433 /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
434 UTF-8 mode. */
435
436 static const unsigned char digitab[] =
437 {
438 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 */
439 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
440 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 */
441 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
442 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - ' */
443 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ( - / */
444 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 */
445 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00, /* 8 - ? */
446 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* @ - G */
447 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H - O */
448 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* P - W */
449 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* X - _ */
450 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* ` - g */
451 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h - o */
452 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* p - w */
453 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* x -127 */
454 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 128-135 */
455 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 136-143 */
456 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144-151 */
457 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 152-159 */
458 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160-167 */
459 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 168-175 */
460 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 176-183 */
461 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
462 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 192-199 */
463 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 200-207 */
464 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 208-215 */
465 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 216-223 */
466 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 224-231 */
467 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 232-239 */
468 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
469 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
470
471 #else
472
473 /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
474
475 static const unsigned char digitab[] =
476 {
477 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 0- 7 0 */
478 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 8- 15 */
479 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 16- 23 10 */
480 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
481 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 32- 39 20 */
482 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
483 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 30 */
484 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
485 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 40 */
486 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 72- | */
487 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 50 */
488 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 88- 95 */
489 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 60 */
490 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ? */
491 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
492 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
493 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* 128- g 80 */
494 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
495 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 144- p 90 */
496 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
497 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 160- x A0 */
498 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
499 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 B0 */
500 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
501 0x00,0x08,0x08,0x08,0x08,0x08,0x08,0x00, /* { - G C0 */
502 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
503 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* } - P D0 */
504 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
505 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* \ - X E0 */
506 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
507 0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c,0x0c, /* 0 - 7 F0 */
508 0x0c,0x0c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
509
510 static const unsigned char ebcdic_chartab[] = { /* chartable partial dup */
511 0x80,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 0- 7 */
512 0x00,0x00,0x00,0x00,0x01,0x01,0x00,0x00, /* 8- 15 */
513 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 16- 23 */
514 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 24- 31 */
515 0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, /* 32- 39 */
516 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 40- 47 */
517 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 48- 55 */
518 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 56- 63 */
519 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - 71 */
520 0x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /* 72- | */
521 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* & - 87 */
522 0x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /* 88- 95 */
523 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* - -103 */
524 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ? */
525 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
526 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 120- " */
527 0x00,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* 128- g */
528 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* h -143 */
529 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* 144- p */
530 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* q -159 */
531 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* 160- x */
532 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* y -175 */
533 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* ^ -183 */
534 0x00,0x00,0x80,0x00,0x00,0x00,0x00,0x00, /* 184-191 */
535 0x80,0x1a,0x1a,0x1a,0x1a,0x1a,0x1a,0x12, /* { - G */
536 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* H -207 */
537 0x00,0x12,0x12,0x12,0x12,0x12,0x12,0x12, /* } - P */
538 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Q -223 */
539 0x00,0x00,0x12,0x12,0x12,0x12,0x12,0x12, /* \ - X */
540 0x12,0x12,0x00,0x00,0x00,0x00,0x00,0x00, /* Y -239 */
541 0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c,0x1c, /* 0 - 7 */
542 0x1c,0x1c,0x00,0x00,0x00,0x00,0x00,0x00};/* 8 -255 */
543 #endif
544
545
546 /* Definition to allow mutual recursion */
547
548 static BOOL
549 compile_regex(int, uschar **, const uschar **, int *, BOOL, BOOL, int, int,
550 int *, int *, branch_chain *, compile_data *, int *);
551
552
553
554 /*************************************************
555 * Find an error text *
556 *************************************************/
557
558 /* The error texts are now all in one long string, to save on relocations. As
559 some of the text is of unknown length, we can't use a table of offsets.
560 Instead, just count through the strings. This is not a performance issue
561 because it happens only when there has been a compilation error.
562
563 Argument: the error number
564 Returns: pointer to the error string
565 */
566
567 static const char *
568 find_error_text(int n)
569 {
570 const char *s = error_texts;
571 for (; n > 0; n--)
572 {
573 while (*s++ != 0) {};
574 if (*s == 0) return "Error text not found (please report)";
575 }
576 return s;
577 }
578
579
580 /*************************************************
581 * Check for counted repeat *
582 *************************************************/
583
584 /* This function is called when a '{' is encountered in a place where it might
585 start a quantifier. It looks ahead to see if it really is a quantifier or not.
586 It is only a quantifier if it is one of the forms {ddd} {ddd,} or {ddd,ddd}
587 where the ddds are digits.
588
589 Arguments:
590 p pointer to the first char after '{'
591
592 Returns: TRUE or FALSE
593 */
594
595 static BOOL
596 is_counted_repeat(const uschar *p)
597 {
598 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
599 while ((digitab[*p] & ctype_digit) != 0) p++;
600 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
601
602 if (*p++ != CHAR_COMMA) return FALSE;
603 if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
604
605 if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
606 while ((digitab[*p] & ctype_digit) != 0) p++;
607
608 return (*p == CHAR_RIGHT_CURLY_BRACKET);
609 }
610
611
612
613 /*************************************************
614 * Handle escapes *
615 *************************************************/
616
617 /* This function is called when a \ has been encountered. It either returns a
618 positive value for a simple escape such as \n, or a negative value which
619 encodes one of the more complicated things such as \d. A backreference to group
620 n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
621 UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
622 ptr is pointing at the \. On exit, it is on the final character of the escape
623 sequence.
624
625 Arguments:
626 ptrptr points to the pattern position pointer
627 errorcodeptr points to the errorcode variable
628 bracount number of previous extracting brackets
629 options the options bits
630 isclass TRUE if inside a character class
631
632 Returns: zero or positive => a data character
633 negative => a special escape sequence
634 on error, errorcodeptr is set
635 */
636
637 static int
638 check_escape(const uschar **ptrptr, int *errorcodeptr, int bracount,
639 int options, BOOL isclass)
640 {
641 BOOL utf8 = (options & PCRE_UTF8) != 0;
642 const uschar *ptr = *ptrptr + 1;
643 int c, i;
644
645 GETCHARINCTEST(c, ptr); /* Get character value, increment pointer */
646 ptr--; /* Set pointer back to the last byte */
647
648 /* If backslash is at the end of the pattern, it's an error. */
649
650 if (c == 0) *errorcodeptr = ERR1;
651
652 /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
653 in a table. A non-zero result is something that can be returned immediately.
654 Otherwise further processing may be required. */
655
656 #ifndef EBCDIC /* ASCII/UTF-8 coding */
657 else if (c < CHAR_0 || c > CHAR_z) {} /* Not alphanumeric */
658 else if ((i = escapes[c - CHAR_0]) != 0) c = i;
659
660 #else /* EBCDIC coding */
661 else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {} /* Not alphanumeric */
662 else if ((i = escapes[c - 0x48]) != 0) c = i;
663 #endif
664
665 /* Escapes that need further processing, or are illegal. */
666
667 else
668 {
669 const uschar *oldptr;
670 BOOL braced, negated;
671
672 switch (c)
673 {
674 /* A number of Perl escapes are not handled by PCRE. We give an explicit
675 error. */
676
677 case CHAR_l:
678 case CHAR_L:
679 case CHAR_u:
680 case CHAR_U:
681 *errorcodeptr = ERR37;
682 break;
683
684 /* In a character class, \g is just a literal "g". Outside a character
685 class, \g must be followed by one of a number of specific things:
686
687 (1) A number, either plain or braced. If positive, it is an absolute
688 backreference. If negative, it is a relative backreference. This is a Perl
689 5.10 feature.
690
691 (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
692 is part of Perl's movement towards a unified syntax for back references. As
693 this is synonymous with \k{name}, we fudge it up by pretending it really
694 was \k.
695
696 (3) For Oniguruma compatibility we also support \g followed by a name or a
697 number either in angle brackets or in single quotes. However, these are
698 (possibly recursive) subroutine calls, _not_ backreferences. Just return
699 the -ESC_g code (cf \k). */
700
701 case CHAR_g:
702 if (isclass) break;
703 if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
704 {
705 c = -ESC_g;
706 break;
707 }
708
709 /* Handle the Perl-compatible cases */
710
711 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
712 {
713 const uschar *p;
714 for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
715 if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
716 if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
717 {
718 c = -ESC_k;
719 break;
720 }
721 braced = TRUE;
722 ptr++;
723 }
724 else braced = FALSE;
725
726 if (ptr[1] == CHAR_MINUS)
727 {
728 negated = TRUE;
729 ptr++;
730 }
731 else negated = FALSE;
732
733 c = 0;
734 while ((digitab[ptr[1]] & ctype_digit) != 0)
735 c = c * 10 + *(++ptr) - CHAR_0;
736
737 if (c < 0) /* Integer overflow */
738 {
739 *errorcodeptr = ERR61;
740 break;
741 }
742
743 if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
744 {
745 *errorcodeptr = ERR57;
746 break;
747 }
748
749 if (c == 0)
750 {
751 *errorcodeptr = ERR58;
752 break;
753 }
754
755 if (negated)
756 {
757 if (c > bracount)
758 {
759 *errorcodeptr = ERR15;
760 break;
761 }
762 c = bracount - (c - 1);
763 }
764
765 c = -(ESC_REF + c);
766 break;
767
768 /* The handling of escape sequences consisting of a string of digits
769 starting with one that is not zero is not straightforward. By experiment,
770 the way Perl works seems to be as follows:
771
772 Outside a character class, the digits are read as a decimal number. If the
773 number is less than 10, or if there are that many previous extracting
774 left brackets, then it is a back reference. Otherwise, up to three octal
775 digits are read to form an escaped byte. Thus \123 is likely to be octal
776 123 (cf \0123, which is octal 012 followed by the literal 3). If the octal
777 value is greater than 377, the least significant 8 bits are taken. Inside a
778 character class, \ followed by a digit is always an octal number. */
779
780 case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
781 case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
782
783 if (!isclass)
784 {
785 oldptr = ptr;
786 c -= CHAR_0;
787 while ((digitab[ptr[1]] & ctype_digit) != 0)
788 c = c * 10 + *(++ptr) - CHAR_0;
789 if (c < 0) /* Integer overflow */
790 {
791 *errorcodeptr = ERR61;
792 break;
793 }
794 if (c < 10 || c <= bracount)
795 {
796 c = -(ESC_REF + c);
797 break;
798 }
799 ptr = oldptr; /* Put the pointer back and fall through */
800 }
801
802 /* Handle an octal number following \. If the first digit is 8 or 9, Perl
803 generates a binary zero byte and treats the digit as a following literal.
804 Thus we have to pull back the pointer by one. */
805
806 if ((c = *ptr) >= CHAR_8)
807 {
808 ptr--;
809 c = 0;
810 break;
811 }
812
813 /* \0 always starts an octal number, but we may drop through to here with a
814 larger first octal digit. The original code used just to take the least
815 significant 8 bits of octal numbers (I think this is what early Perls used
816 to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
817 than 3 octal digits. */
818
819 case CHAR_0:
820 c -= CHAR_0;
821 while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
822 c = c * 8 + *(++ptr) - CHAR_0;
823 if (!utf8 && c > 255) *errorcodeptr = ERR51;
824 break;
825
826 /* \x is complicated. \x{ddd} is a character number which can be greater
827 than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
828 treated as a data character. */
829
830 case CHAR_x:
831 if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
832 {
833 const uschar *pt = ptr + 2;
834 int count = 0;
835
836 c = 0;
837 while ((digitab[*pt] & ctype_xdigit) != 0)
838 {
839 register int cc = *pt++;
840 if (c == 0 && cc == CHAR_0) continue; /* Leading zeroes */
841 count++;
842
843 #ifndef EBCDIC /* ASCII/UTF-8 coding */
844 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
845 c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
846 #else /* EBCDIC coding */
847 if (cc >= CHAR_a && cc <= CHAR_z) cc += 64; /* Convert to upper case */
848 c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
849 #endif
850 }
851
852 if (*pt == CHAR_RIGHT_CURLY_BRACKET)
853 {
854 if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
855 ptr = pt;
856 break;
857 }
858
859 /* If the sequence of hex digits does not end with '}', then we don't
860 recognize this construct; fall through to the normal \x handling. */
861 }
862
863 /* Read just a single-byte hex-defined char */
864
865 c = 0;
866 while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
867 {
868 int cc; /* Some compilers don't like */
869 cc = *(++ptr); /* ++ in initializers */
870 #ifndef EBCDIC /* ASCII/UTF-8 coding */
871 if (cc >= CHAR_a) cc -= 32; /* Convert to upper case */
872 c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
873 #else /* EBCDIC coding */
874 if (cc <= CHAR_z) cc += 64; /* Convert to upper case */
875 c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
876 #endif
877 }
878 break;
879
880 /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
881 An error is given if the byte following \c is not an ASCII character. This
882 coding is ASCII-specific, but then the whole concept of \cx is
883 ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
884
885 case CHAR_c:
886 c = *(++ptr);
887 if (c == 0)
888 {
889 *errorcodeptr = ERR2;
890 break;
891 }
892 #ifndef EBCDIC /* ASCII/UTF-8 coding */
893 if (c > 127) /* Excludes all non-ASCII in either mode */
894 {
895 *errorcodeptr = ERR68;
896 break;
897 }
898 if (c >= CHAR_a && c <= CHAR_z) c -= 32;
899 c ^= 0x40;
900 #else /* EBCDIC coding */
901 if (c >= CHAR_a && c <= CHAR_z) c += 64;
902 c ^= 0xC0;
903 #endif
904 break;
905
906 /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
907 other alphanumeric following \ is an error if PCRE_EXTRA was set;
908 otherwise, for Perl compatibility, it is a literal. This code looks a bit
909 odd, but there used to be some cases other than the default, and there may
910 be again in future, so I haven't "optimized" it. */
911
912 default:
913 if ((options & PCRE_EXTRA) != 0) switch(c)
914 {
915 default:
916 *errorcodeptr = ERR3;
917 break;
918 }
919 break;
920 }
921 }
922
923 /* Perl supports \N{name} for character names, as well as plain \N for "not
924 newline". PCRE does not support \N{name}. However, it does support
925 quantification such as \N{2,3}. */
926
927 if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET &&
928 !is_counted_repeat(ptr+2))
929 *errorcodeptr = ERR37;
930
931 /* If PCRE_UCP is set, we change the values for \d etc. */
932
933 if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
934 c -= (ESC_DU - ESC_D);
935
936 /* Set the pointer to the final character before returning. */
937
938 *ptrptr = ptr;
939 return c;
940 }
941
942
943
944 #ifdef SUPPORT_UCP
945 /*************************************************
946 * Handle \P and \p *
947 *************************************************/
948
949 /* This function is called after \P or \p has been encountered, provided that
950 PCRE is compiled with support for Unicode properties. On entry, ptrptr is
951 pointing at the P or p. On exit, it is pointing at the final character of the
952 escape sequence.
953
954 Argument:
955 ptrptr points to the pattern position pointer
956 negptr points to a boolean that is set TRUE for negation else FALSE
957 dptr points to an int that is set to the detailed property value
958 errorcodeptr points to the error code variable
959
960 Returns: type value from ucp_type_table, or -1 for an invalid type
961 */
962
963 static int
964 get_ucp(const uschar **ptrptr, BOOL *negptr, int *dptr, int *errorcodeptr)
965 {
966 int c, i, bot, top;
967 const uschar *ptr = *ptrptr;
968 char name[32];
969
970 c = *(++ptr);
971 if (c == 0) goto ERROR_RETURN;
972
973 *negptr = FALSE;
974
975 /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
976 negation. */
977
978 if (c == CHAR_LEFT_CURLY_BRACKET)
979 {
980 if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
981 {
982 *negptr = TRUE;
983 ptr++;
984 }
985 for (i = 0; i < (int)sizeof(name) - 1; i++)
986 {
987 c = *(++ptr);
988 if (c == 0) goto ERROR_RETURN;
989 if (c == CHAR_RIGHT_CURLY_BRACKET) break;
990 name[i] = c;
991 }
992 if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
993 name[i] = 0;
994 }
995
996 /* Otherwise there is just one following character */
997
998 else
999 {
1000 name[0] = c;
1001 name[1] = 0;
1002 }
1003
1004 *ptrptr = ptr;
1005
1006 /* Search for a recognized property name using binary chop */
1007
1008 bot = 0;
1009 top = _pcre_utt_size;
1010
1011 while (bot < top)
1012 {
1013 i = (bot + top) >> 1;
1014 c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
1015 if (c == 0)
1016 {
1017 *dptr = _pcre_utt[i].value;
1018 return _pcre_utt[i].type;
1019 }
1020 if (c > 0) bot = i + 1; else top = i;
1021 }
1022
1023 *errorcodeptr = ERR47;
1024 *ptrptr = ptr;
1025 return -1;
1026
1027 ERROR_RETURN:
1028 *errorcodeptr = ERR46;
1029 *ptrptr = ptr;
1030 return -1;
1031 }
1032 #endif
1033
1034
1035
1036
1037 /*************************************************
1038 * Read repeat counts *
1039 *************************************************/
1040
1041 /* Read an item of the form {n,m} and return the values. This is called only
1042 after is_counted_repeat() has confirmed that a repeat-count quantifier exists,
1043 so the syntax is guaranteed to be correct, but we need to check the values.
1044
1045 Arguments:
1046 p pointer to first char after '{'
1047 minp pointer to int for min
1048 maxp pointer to int for max
1049 returned as -1 if no max
1050 errorcodeptr points to error code variable
1051
1052 Returns: pointer to '}' on success;
1053 current ptr on error, with errorcodeptr set non-zero
1054 */
1055
1056 static const uschar *
1057 read_repeat_counts(const uschar *p, int *minp, int *maxp, int *errorcodeptr)
1058 {
1059 int min = 0;
1060 int max = -1;
1061
1062 /* Read the minimum value and do a paranoid check: a negative value indicates
1063 an integer overflow. */
1064
1065 while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
1066 if (min < 0 || min > 65535)
1067 {
1068 *errorcodeptr = ERR5;
1069 return p;
1070 }
1071
1072 /* Read the maximum value if there is one, and again do a paranoid on its size.
1073 Also, max must not be less than min. */
1074
1075 if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
1076 {
1077 if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
1078 {
1079 max = 0;
1080 while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
1081 if (max < 0 || max > 65535)
1082 {
1083 *errorcodeptr = ERR5;
1084 return p;
1085 }
1086 if (max < min)
1087 {
1088 *errorcodeptr = ERR4;
1089 return p;
1090 }
1091 }
1092 }
1093
1094 /* Fill in the required variables, and pass back the pointer to the terminating
1095 '}'. */
1096
1097 *minp = min;
1098 *maxp = max;
1099 return p;
1100 }
1101
1102
1103
1104 /*************************************************
1105 * Subroutine for finding forward reference *
1106 *************************************************/
1107
1108 /* This recursive function is called only from find_parens() below. The
1109 top-level call starts at the beginning of the pattern. All other calls must
1110 start at a parenthesis. It scans along a pattern's text looking for capturing
1111 subpatterns, and counting them. If it finds a named pattern that matches the
1112 name it is given, it returns its number. Alternatively, if the name is NULL, it
1113 returns when it reaches a given numbered subpattern. Recursion is used to keep
1114 track of subpatterns that reset the capturing group numbers - the (?| feature.
1115
1116 This function was originally called only from the second pass, in which we know
1117 that if (?< or (?' or (?P< is encountered, the name will be correctly
1118 terminated because that is checked in the first pass. There is now one call to
1119 this function in the first pass, to check for a recursive back reference by
1120 name (so that we can make the whole group atomic). In this case, we need check
1121 only up to the current position in the pattern, and that is still OK because
1122 and previous occurrences will have been checked. To make this work, the test
1123 for "end of pattern" is a check against cd->end_pattern in the main loop,
1124 instead of looking for a binary zero. This means that the special first-pass
1125 call can adjust cd->end_pattern temporarily. (Checks for binary zero while
1126 processing items within the loop are OK, because afterwards the main loop will
1127 terminate.)
1128
1129 Arguments:
1130 ptrptr address of the current character pointer (updated)
1131 cd compile background data
1132 name name to seek, or NULL if seeking a numbered subpattern
1133 lorn name length, or subpattern number if name is NULL
1134 xmode TRUE if we are in /x mode
1135 utf8 TRUE if we are in UTF-8 mode
1136 count pointer to the current capturing subpattern number (updated)
1137
1138 Returns: the number of the named subpattern, or -1 if not found
1139 */
1140
1141 static int
1142 find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
1143 BOOL xmode, BOOL utf8, int *count)
1144 {
1145 uschar *ptr = *ptrptr;
1146 int start_count = *count;
1147 int hwm_count = start_count;
1148 BOOL dup_parens = FALSE;
1149
1150 /* If the first character is a parenthesis, check on the type of group we are
1151 dealing with. The very first call may not start with a parenthesis. */
1152
1153 if (ptr[0] == CHAR_LEFT_PARENTHESIS)
1154 {
1155 /* Handle specials such as (*SKIP) or (*UTF8) etc. */
1156
1157 if (ptr[1] == CHAR_ASTERISK) ptr += 2;
1158
1159 /* Handle a normal, unnamed capturing parenthesis. */
1160
1161 else if (ptr[1] != CHAR_QUESTION_MARK)
1162 {
1163 *count += 1;
1164 if (name == NULL && *count == lorn) return *count;
1165 ptr++;
1166 }
1167
1168 /* All cases now have (? at the start. Remember when we are in a group
1169 where the parenthesis numbers are duplicated. */
1170
1171 else if (ptr[2] == CHAR_VERTICAL_LINE)
1172 {
1173 ptr += 3;
1174 dup_parens = TRUE;
1175 }
1176
1177 /* Handle comments; all characters are allowed until a ket is reached. */
1178
1179 else if (ptr[2] == CHAR_NUMBER_SIGN)
1180 {
1181 for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
1182 goto FAIL_EXIT;
1183 }
1184
1185 /* Handle a condition. If it is an assertion, just carry on so that it
1186 is processed as normal. If not, skip to the closing parenthesis of the
1187 condition (there can't be any nested parens). */
1188
1189 else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
1190 {
1191 ptr += 2;
1192 if (ptr[1] != CHAR_QUESTION_MARK)
1193 {
1194 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
1195 if (*ptr != 0) ptr++;
1196 }
1197 }
1198
1199 /* Start with (? but not a condition. */
1200
1201 else
1202 {
1203 ptr += 2;
1204 if (*ptr == CHAR_P) ptr++; /* Allow optional P */
1205
1206 /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
1207
1208 if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
1209 ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
1210 {
1211 int term;
1212 const uschar *thisname;
1213 *count += 1;
1214 if (name == NULL && *count == lorn) return *count;
1215 term = *ptr++;
1216 if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
1217 thisname = ptr;
1218 while (*ptr != term) ptr++;
1219 if (name != NULL && lorn == ptr - thisname &&
1220 strncmp((const char *)name, (const char *)thisname, lorn) == 0)
1221 return *count;
1222 term++;
1223 }
1224 }
1225 }
1226
1227 /* Past any initial parenthesis handling, scan for parentheses or vertical
1228 bars. Stop if we get to cd->end_pattern. Note that this is important for the
1229 first-pass call when this value is temporarily adjusted to stop at the current
1230 position. So DO NOT change this to a test for binary zero. */
1231
1232 for (; ptr < cd->end_pattern; ptr++)
1233 {
1234 /* Skip over backslashed characters and also entire \Q...\E */
1235
1236 if (*ptr == CHAR_BACKSLASH)
1237 {
1238 if (*(++ptr) == 0) goto FAIL_EXIT;
1239 if (*ptr == CHAR_Q) for (;;)
1240 {
1241 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1242 if (*ptr == 0) goto FAIL_EXIT;
1243 if (*(++ptr) == CHAR_E) break;
1244 }
1245 continue;
1246 }
1247
1248 /* Skip over character classes; this logic must be similar to the way they
1249 are handled for real. If the first character is '^', skip it. Also, if the
1250 first few characters (either before or after ^) are \Q\E or \E we skip them
1251 too. This makes for compatibility with Perl. Note the use of STR macros to
1252 encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
1253
1254 if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
1255 {
1256 BOOL negate_class = FALSE;
1257 for (;;)
1258 {
1259 if (ptr[1] == CHAR_BACKSLASH)
1260 {
1261 if (ptr[2] == CHAR_E)
1262 ptr+= 2;
1263 else if (strncmp((const char *)ptr+2,
1264 STR_Q STR_BACKSLASH STR_E, 3) == 0)
1265 ptr += 4;
1266 else
1267 break;
1268 }
1269 else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
1270 {
1271 negate_class = TRUE;
1272 ptr++;
1273 }
1274 else break;
1275 }
1276
1277 /* If the next character is ']', it is a data character that must be
1278 skipped, except in JavaScript compatibility mode. */
1279
1280 if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
1281 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
1282 ptr++;
1283
1284 while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
1285 {
1286 if (*ptr == 0) return -1;
1287 if (*ptr == CHAR_BACKSLASH)
1288 {
1289 if (*(++ptr) == 0) goto FAIL_EXIT;
1290 if (*ptr == CHAR_Q) for (;;)
1291 {
1292 while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
1293 if (*ptr == 0) goto FAIL_EXIT;
1294 if (*(++ptr) == CHAR_E) break;
1295 }
1296 continue;
1297 }
1298 }
1299 continue;
1300 }
1301
1302 /* Skip comments in /x mode */
1303
1304 if (xmode && *ptr == CHAR_NUMBER_SIGN)
1305 {
1306 ptr++;
1307 while (*ptr != 0)
1308 {
1309 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
1310 ptr++;
1311 #ifdef SUPPORT_UTF8
1312 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
1313 #endif
1314 }
1315 if (*ptr == 0) goto FAIL_EXIT;
1316 continue;
1317 }
1318
1319 /* Check for the special metacharacters */
1320
1321 if (*ptr == CHAR_LEFT_PARENTHESIS)
1322 {
1323 int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
1324 if (rc > 0) return rc;
1325 if (*ptr == 0) goto FAIL_EXIT;
1326 }
1327
1328 else if (*ptr == CHAR_RIGHT_PARENTHESIS)
1329 {
1330 if (dup_parens && *count < hwm_count) *count = hwm_count;
1331 goto FAIL_EXIT;
1332 }
1333
1334 else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
1335 {
1336 if (*count > hwm_count) hwm_count = *count;
1337 *count = start_count;
1338 }
1339 }
1340
1341 FAIL_EXIT:
1342 *ptrptr = ptr;
1343 return -1;
1344 }
1345
1346
1347
1348
1349 /*************************************************
1350 * Find forward referenced subpattern *
1351 *************************************************/
1352
1353 /* This function scans along a pattern's text looking for capturing
1354 subpatterns, and counting them. If it finds a named pattern that matches the
1355 name it is given, it returns its number. Alternatively, if the name is NULL, it
1356 returns when it reaches a given numbered subpattern. This is used for forward
1357 references to subpatterns. We used to be able to start this scan from the
1358 current compiling point, using the current count value from cd->bracount, and
1359 do it all in a single loop, but the addition of the possibility of duplicate
1360 subpattern numbers means that we have to scan from the very start, in order to
1361 take account of such duplicates, and to use a recursive function to keep track
1362 of the different types of group.
1363
1364 Arguments:
1365 cd compile background data
1366 name name to seek, or NULL if seeking a numbered subpattern
1367 lorn name length, or subpattern number if name is NULL
1368 xmode TRUE if we are in /x mode
1369 utf8 TRUE if we are in UTF-8 mode
1370
1371 Returns: the number of the found subpattern, or -1 if not found
1372 */
1373
1374 static int
1375 find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
1376 BOOL utf8)
1377 {
1378 uschar *ptr = (uschar *)cd->start_pattern;
1379 int count = 0;
1380 int rc;
1381
1382 /* If the pattern does not start with an opening parenthesis, the first call
1383 to find_parens_sub() will scan right to the end (if necessary). However, if it
1384 does start with a parenthesis, find_parens_sub() will return when it hits the
1385 matching closing parens. That is why we have to have a loop. */
1386
1387 for (;;)
1388 {
1389 rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
1390 if (rc > 0 || *ptr++ == 0) break;
1391 }
1392
1393 return rc;
1394 }
1395
1396
1397
1398
1399 /*************************************************
1400 * Find first significant op code *
1401 *************************************************/
1402
1403 /* This is called by several functions that scan a compiled expression looking
1404 for a fixed first character, or an anchoring op code etc. It skips over things
1405 that do not influence this. For some calls, it makes sense to skip negative
1406 forward and all backward assertions, and also the \b assertion; for others it
1407 does not.
1408
1409 Arguments:
1410 code pointer to the start of the group
1411 skipassert TRUE if certain assertions are to be skipped
1412
1413 Returns: pointer to the first significant opcode
1414 */
1415
1416 static const uschar*
1417 first_significant_code(const uschar *code, BOOL skipassert)
1418 {
1419 for (;;)
1420 {
1421 switch ((int)*code)
1422 {
1423 case OP_ASSERT_NOT:
1424 case OP_ASSERTBACK:
1425 case OP_ASSERTBACK_NOT:
1426 if (!skipassert) return code;
1427 do code += GET(code, 1); while (*code == OP_ALT);
1428 code += _pcre_OP_lengths[*code];
1429 break;
1430
1431 case OP_WORD_BOUNDARY:
1432 case OP_NOT_WORD_BOUNDARY:
1433 if (!skipassert) return code;
1434 /* Fall through */
1435
1436 case OP_CALLOUT:
1437 case OP_CREF:
1438 case OP_NCREF:
1439 case OP_RREF:
1440 case OP_NRREF:
1441 case OP_DEF:
1442 code += _pcre_OP_lengths[*code];
1443 break;
1444
1445 default:
1446 return code;
1447 }
1448 }
1449 /* Control never reaches here */
1450 }
1451
1452
1453
1454
1455 /*************************************************
1456 * Find the fixed length of a branch *
1457 *************************************************/
1458
1459 /* Scan a branch and compute the fixed length of subject that will match it,
1460 if the length is fixed. This is needed for dealing with backward assertions.
1461 In UTF8 mode, the result is in characters rather than bytes. The branch is
1462 temporarily terminated with OP_END when this function is called.
1463
1464 This function is called when a backward assertion is encountered, so that if it
1465 fails, the error message can point to the correct place in the pattern.
1466 However, we cannot do this when the assertion contains subroutine calls,
1467 because they can be forward references. We solve this by remembering this case
1468 and doing the check at the end; a flag specifies which mode we are running in.
1469
1470 Arguments:
1471 code points to the start of the pattern (the bracket)
1472 utf8 TRUE in UTF-8 mode
1473 atend TRUE if called when the pattern is complete
1474 cd the "compile data" structure
1475
1476 Returns: the fixed length,
1477 or -1 if there is no fixed length,
1478 or -2 if \C was encountered
1479 or -3 if an OP_RECURSE item was encountered and atend is FALSE
1480 */
1481
1482 static int
1483 find_fixedlength(uschar *code, BOOL utf8, BOOL atend, compile_data *cd)
1484 {
1485 int length = -1;
1486
1487 register int branchlength = 0;
1488 register uschar *cc = code + 1 + LINK_SIZE;
1489
1490 /* Scan along the opcodes for this branch. If we get to the end of the
1491 branch, check the length against that of the other branches. */
1492
1493 for (;;)
1494 {
1495 int d;
1496 uschar *ce, *cs;
1497 register int op = *cc;
1498 switch (op)
1499 {
1500 /* We only need to continue for OP_CBRA (normal capturing bracket) and
1501 OP_BRA (normal non-capturing bracket) because the other variants of these
1502 opcodes are all concerned with unlimited repeated groups, which of course
1503 are not of fixed length. They will cause a -1 response from the default
1504 case of this switch. */
1505
1506 case OP_CBRA:
1507 case OP_BRA:
1508 case OP_ONCE:
1509 case OP_COND:
1510 d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), utf8, atend, cd);
1511 if (d < 0) return d;
1512 branchlength += d;
1513 do cc += GET(cc, 1); while (*cc == OP_ALT);
1514 cc += 1 + LINK_SIZE;
1515 break;
1516
1517 /* Reached end of a branch; if it's a ket it is the end of a nested
1518 call. If it's ALT it is an alternation in a nested call. If it is
1519 END it's the end of the outer call. All can be handled by the same code.
1520 Note that we must not include the OP_KETRxxx opcodes here, because they
1521 all imply an unlimited repeat. */
1522
1523 case OP_ALT:
1524 case OP_KET:
1525 case OP_END:
1526 if (length < 0) length = branchlength;
1527 else if (length != branchlength) return -1;
1528 if (*cc != OP_ALT) return length;
1529 cc += 1 + LINK_SIZE;
1530 branchlength = 0;
1531 break;
1532
1533 /* A true recursion implies not fixed length, but a subroutine call may
1534 be OK. If the subroutine is a forward reference, we can't deal with
1535 it until the end of the pattern, so return -3. */
1536
1537 case OP_RECURSE:
1538 if (!atend) return -3;
1539 cs = ce = (uschar *)cd->start_code + GET(cc, 1); /* Start subpattern */
1540 do ce += GET(ce, 1); while (*ce == OP_ALT); /* End subpattern */
1541 if (cc > cs && cc < ce) return -1; /* Recursion */
1542 d = find_fixedlength(cs + 2, utf8, atend, cd);
1543 if (d < 0) return d;
1544 branchlength += d;
1545 cc += 1 + LINK_SIZE;
1546 break;
1547
1548 /* Skip over assertive subpatterns */
1549
1550 case OP_ASSERT:
1551 case OP_ASSERT_NOT:
1552 case OP_ASSERTBACK:
1553 case OP_ASSERTBACK_NOT:
1554 do cc += GET(cc, 1); while (*cc == OP_ALT);
1555 /* Fall through */
1556
1557 /* Skip over things that don't match chars */
1558
1559 case OP_REVERSE:
1560 case OP_CREF:
1561 case OP_NCREF:
1562 case OP_RREF:
1563 case OP_NRREF:
1564 case OP_DEF:
1565 case OP_CALLOUT:
1566 case OP_SOD:
1567 case OP_SOM:
1568 case OP_SET_SOM:
1569 case OP_EOD:
1570 case OP_EODN:
1571 case OP_CIRC:
1572 case OP_CIRCM:
1573 case OP_DOLL:
1574 case OP_DOLLM:
1575 case OP_NOT_WORD_BOUNDARY:
1576 case OP_WORD_BOUNDARY:
1577 cc += _pcre_OP_lengths[*cc];
1578 break;
1579
1580 /* Handle literal characters */
1581
1582 case OP_CHAR:
1583 case OP_CHARI:
1584 case OP_NOT:
1585 case OP_NOTI:
1586 branchlength++;
1587 cc += 2;
1588 #ifdef SUPPORT_UTF8
1589 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1590 #endif
1591 break;
1592
1593 /* Handle exact repetitions. The count is already in characters, but we
1594 need to skip over a multibyte character in UTF8 mode. */
1595
1596 case OP_EXACT:
1597 branchlength += GET2(cc,1);
1598 cc += 4;
1599 #ifdef SUPPORT_UTF8
1600 if (utf8 && cc[-1] >= 0xc0) cc += _pcre_utf8_table4[cc[-1] & 0x3f];
1601 #endif
1602 break;
1603
1604 case OP_TYPEEXACT:
1605 branchlength += GET2(cc,1);
1606 if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
1607 cc += 4;
1608 break;
1609
1610 /* Handle single-char matchers */
1611
1612 case OP_PROP:
1613 case OP_NOTPROP:
1614 cc += 2;
1615 /* Fall through */
1616
1617 case OP_NOT_DIGIT:
1618 case OP_DIGIT:
1619 case OP_NOT_WHITESPACE:
1620 case OP_WHITESPACE:
1621 case OP_NOT_WORDCHAR:
1622 case OP_WORDCHAR:
1623 case OP_ANY:
1624 case OP_ALLANY:
1625 branchlength++;
1626 cc++;
1627 break;
1628
1629 /* The single-byte matcher isn't allowed */
1630
1631 case OP_ANYBYTE:
1632 return -2;
1633
1634 /* Check a class for variable quantification */
1635
1636 #ifdef SUPPORT_UTF8
1637 case OP_XCLASS:
1638 cc += GET(cc, 1) - 33;
1639 /* Fall through */
1640 #endif
1641
1642 case OP_CLASS:
1643 case OP_NCLASS:
1644 cc += 33;
1645
1646 switch (*cc)
1647 {
1648 case OP_CRSTAR:
1649 case OP_CRMINSTAR:
1650 case OP_CRQUERY:
1651 case OP_CRMINQUERY:
1652 return -1;
1653
1654 case OP_CRRANGE:
1655 case OP_CRMINRANGE:
1656 if (GET2(cc,1) != GET2(cc,3)) return -1;
1657 branchlength += GET2(cc,1);
1658 cc += 5;
1659 break;
1660
1661 default:
1662 branchlength++;
1663 }
1664 break;
1665
1666 /* Anything else is variable length */
1667
1668 default:
1669 return -1;
1670 }
1671 }
1672 /* Control never gets here */
1673 }
1674
1675
1676
1677
1678 /*************************************************
1679 * Scan compiled regex for specific bracket *
1680 *************************************************/
1681
1682 /* This little function scans through a compiled pattern until it finds a
1683 capturing bracket with the given number, or, if the number is negative, an
1684 instance of OP_REVERSE for a lookbehind. The function is global in the C sense
1685 so that it can be called from pcre_study() when finding the minimum matching
1686 length.
1687
1688 Arguments:
1689 code points to start of expression
1690 utf8 TRUE in UTF-8 mode
1691 number the required bracket number or negative to find a lookbehind
1692
1693 Returns: pointer to the opcode for the bracket, or NULL if not found
1694 */
1695
1696 const uschar *
1697 _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
1698 {
1699 for (;;)
1700 {
1701 register int c = *code;
1702
1703 if (c == OP_END) return NULL;
1704
1705 /* XCLASS is used for classes that cannot be represented just by a bit
1706 map. This includes negated single high-valued characters. The length in
1707 the table is zero; the actual length is stored in the compiled code. */
1708
1709 if (c == OP_XCLASS) code += GET(code, 1);
1710
1711 /* Handle recursion */
1712
1713 else if (c == OP_REVERSE)
1714 {
1715 if (number < 0) return (uschar *)code;
1716 code += _pcre_OP_lengths[c];
1717 }
1718
1719 /* Handle capturing bracket */
1720
1721 else if (c == OP_CBRA || c == OP_SCBRA ||
1722 c == OP_CBRAPOS || c == OP_SCBRAPOS)
1723 {
1724 int n = GET2(code, 1+LINK_SIZE);
1725 if (n == number) return (uschar *)code;
1726 code += _pcre_OP_lengths[c];
1727 }
1728
1729 /* Otherwise, we can get the item's length from the table, except that for
1730 repeated character types, we have to test for \p and \P, which have an extra
1731 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1732 must add in its length. */
1733
1734 else
1735 {
1736 switch(c)
1737 {
1738 case OP_TYPESTAR:
1739 case OP_TYPEMINSTAR:
1740 case OP_TYPEPLUS:
1741 case OP_TYPEMINPLUS:
1742 case OP_TYPEQUERY:
1743 case OP_TYPEMINQUERY:
1744 case OP_TYPEPOSSTAR:
1745 case OP_TYPEPOSPLUS:
1746 case OP_TYPEPOSQUERY:
1747 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1748 break;
1749
1750 case OP_TYPEUPTO:
1751 case OP_TYPEMINUPTO:
1752 case OP_TYPEEXACT:
1753 case OP_TYPEPOSUPTO:
1754 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1755 break;
1756
1757 case OP_MARK:
1758 case OP_PRUNE_ARG:
1759 case OP_SKIP_ARG:
1760 code += code[1];
1761 break;
1762
1763 case OP_THEN_ARG:
1764 code += code[1+LINK_SIZE];
1765 break;
1766 }
1767
1768 /* Add in the fixed length from the table */
1769
1770 code += _pcre_OP_lengths[c];
1771
1772 /* In UTF-8 mode, opcodes that are followed by a character may be followed by
1773 a multi-byte character. The length in the table is a minimum, so we have to
1774 arrange to skip the extra bytes. */
1775
1776 #ifdef SUPPORT_UTF8
1777 if (utf8) switch(c)
1778 {
1779 case OP_CHAR:
1780 case OP_CHARI:
1781 case OP_EXACT:
1782 case OP_EXACTI:
1783 case OP_UPTO:
1784 case OP_UPTOI:
1785 case OP_MINUPTO:
1786 case OP_MINUPTOI:
1787 case OP_POSUPTO:
1788 case OP_POSUPTOI:
1789 case OP_STAR:
1790 case OP_STARI:
1791 case OP_MINSTAR:
1792 case OP_MINSTARI:
1793 case OP_POSSTAR:
1794 case OP_POSSTARI:
1795 case OP_PLUS:
1796 case OP_PLUSI:
1797 case OP_MINPLUS:
1798 case OP_MINPLUSI:
1799 case OP_POSPLUS:
1800 case OP_POSPLUSI:
1801 case OP_QUERY:
1802 case OP_QUERYI:
1803 case OP_MINQUERY:
1804 case OP_MINQUERYI:
1805 case OP_POSQUERY:
1806 case OP_POSQUERYI:
1807 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
1808 break;
1809 }
1810 #else
1811 (void)(utf8); /* Keep compiler happy by referencing function argument */
1812 #endif
1813 }
1814 }
1815 }
1816
1817
1818
1819 /*************************************************
1820 * Scan compiled regex for recursion reference *
1821 *************************************************/
1822
1823 /* This little function scans through a compiled pattern until it finds an
1824 instance of OP_RECURSE.
1825
1826 Arguments:
1827 code points to start of expression
1828 utf8 TRUE in UTF-8 mode
1829
1830 Returns: pointer to the opcode for OP_RECURSE, or NULL if not found
1831 */
1832
1833 static const uschar *
1834 find_recurse(const uschar *code, BOOL utf8)
1835 {
1836 for (;;)
1837 {
1838 register int c = *code;
1839 if (c == OP_END) return NULL;
1840 if (c == OP_RECURSE) return code;
1841
1842 /* XCLASS is used for classes that cannot be represented just by a bit
1843 map. This includes negated single high-valued characters. The length in
1844 the table is zero; the actual length is stored in the compiled code. */
1845
1846 if (c == OP_XCLASS) code += GET(code, 1);
1847
1848 /* Otherwise, we can get the item's length from the table, except that for
1849 repeated character types, we have to test for \p and \P, which have an extra
1850 two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
1851 must add in its length. */
1852
1853 else
1854 {
1855 switch(c)
1856 {
1857 case OP_TYPESTAR:
1858 case OP_TYPEMINSTAR:
1859 case OP_TYPEPLUS:
1860 case OP_TYPEMINPLUS:
1861 case OP_TYPEQUERY:
1862 case OP_TYPEMINQUERY:
1863 case OP_TYPEPOSSTAR:
1864 case OP_TYPEPOSPLUS:
1865 case OP_TYPEPOSQUERY:
1866 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
1867 break;
1868
1869 case OP_TYPEPOSUPTO:
1870 case OP_TYPEUPTO:
1871 case OP_TYPEMINUPTO:
1872 case OP_TYPEEXACT:
1873 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
1874 break;
1875
1876 case OP_MARK:
1877 case OP_PRUNE_ARG:
1878 case OP_SKIP_ARG:
1879 code += code[1];
1880 break;
1881
1882 case OP_THEN_ARG:
1883 code += code[1+LINK_SIZE];
1884 break;
1885 }
1886
1887 /* Add in the fixed length from the table */
1888
1889 code += _pcre_OP_lengths[c];
1890
1891 /* In UTF-8 mode, opcodes that are followed by a character may be followed
1892 by a multi-byte character. The length in the table is a minimum, so we have
1893 to arrange to skip the extra bytes. */
1894
1895 #ifdef SUPPORT_UTF8
1896 if (utf8) switch(c)
1897 {
1898 case OP_CHAR:
1899 case OP_CHARI:
1900 case OP_EXACT:
1901 case OP_EXACTI:
1902 case OP_UPTO:
1903 case OP_UPTOI:
1904 case OP_MINUPTO:
1905 case OP_MINUPTOI:
1906 case OP_POSUPTO:
1907 case OP_POSUPTOI:
1908 case OP_STAR:
1909 case OP_STARI:
1910 case OP_MINSTAR:
1911 case OP_MINSTARI:
1912 case OP_POSSTAR:
1913 case OP_POSSTARI:
1914 case OP_PLUS:
1915 case OP_PLUSI:
1916 case OP_MINPLUS:
1917 case OP_MINPLUSI:
1918 case OP_POSPLUS:
1919 case OP_POSPLUSI:
1920 case OP_QUERY:
1921 case OP_QUERYI:
1922 case OP_MINQUERY:
1923 case OP_MINQUERYI:
1924 case OP_POSQUERY:
1925 case OP_POSQUERYI:
1926 if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
1927 break;
1928 }
1929 #else
1930 (void)(utf8); /* Keep compiler happy by referencing function argument */
1931 #endif
1932 }
1933 }
1934 }
1935
1936
1937
1938 /*************************************************
1939 * Scan compiled branch for non-emptiness *
1940 *************************************************/
1941
1942 /* This function scans through a branch of a compiled pattern to see whether it
1943 can match the empty string or not. It is called from could_be_empty()
1944 below and from compile_branch() when checking for an unlimited repeat of a
1945 group that can match nothing. Note that first_significant_code() skips over
1946 backward and negative forward assertions when its final argument is TRUE. If we
1947 hit an unclosed bracket, we return "empty" - this means we've struck an inner
1948 bracket whose current branch will already have been scanned.
1949
1950 Arguments:
1951 code points to start of search
1952 endcode points to where to stop
1953 utf8 TRUE if in UTF8 mode
1954 cd contains pointers to tables etc.
1955
1956 Returns: TRUE if what is matched could be empty
1957 */
1958
1959 static BOOL
1960 could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
1961 compile_data *cd)
1962 {
1963 register int c;
1964 for (code = first_significant_code(code + _pcre_OP_lengths[*code], TRUE);
1965 code < endcode;
1966 code = first_significant_code(code + _pcre_OP_lengths[c], TRUE))
1967 {
1968 const uschar *ccode;
1969
1970 c = *code;
1971
1972 /* Skip over forward assertions; the other assertions are skipped by
1973 first_significant_code() with a TRUE final argument. */
1974
1975 if (c == OP_ASSERT)
1976 {
1977 do code += GET(code, 1); while (*code == OP_ALT);
1978 c = *code;
1979 continue;
1980 }
1981
1982 /* For a recursion/subroutine call, if its end has been reached, which
1983 implies a backward reference subroutine call, we can scan it. If it's a
1984 forward reference subroutine call, we can't. To detect forward reference
1985 we have to scan up the list that is kept in the workspace. This function is
1986 called only when doing the real compile, not during the pre-compile that
1987 measures the size of the compiled pattern. */
1988
1989 if (c == OP_RECURSE)
1990 {
1991 const uschar *scode;
1992 BOOL empty_branch;
1993
1994 /* Test for forward reference */
1995
1996 for (scode = cd->start_workspace; scode < cd->hwm; scode += LINK_SIZE)
1997 if (GET(scode, 0) == code + 1 - cd->start_code) return TRUE;
1998
1999 /* Not a forward reference, test for completed backward reference */
2000
2001 empty_branch = FALSE;
2002 scode = cd->start_code + GET(code, 1);
2003 if (GET(scode, 1) == 0) return TRUE; /* Unclosed */
2004
2005 /* Completed backwards reference */
2006
2007 do
2008 {
2009 if (could_be_empty_branch(scode, endcode, utf8, cd))
2010 {
2011 empty_branch = TRUE;
2012 break;
2013 }
2014 scode += GET(scode, 1);
2015 }
2016 while (*scode == OP_ALT);
2017
2018 if (!empty_branch) return FALSE; /* All branches are non-empty */
2019 continue;
2020 }
2021
2022 /* Groups with zero repeats can of course be empty; skip them. */
2023
2024 if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO ||
2025 c == OP_BRAPOSZERO)
2026 {
2027 code += _pcre_OP_lengths[c];
2028 do code += GET(code, 1); while (*code == OP_ALT);
2029 c = *code;
2030 continue;
2031 }
2032
2033 /* A nested group that is already marked as "could be empty" can just be
2034 skipped. */
2035
2036 if (c == OP_SBRA || c == OP_SBRAPOS ||
2037 c == OP_SCBRA || c == OP_SCBRAPOS)
2038 {
2039 do code += GET(code, 1); while (*code == OP_ALT);
2040 c = *code;
2041 continue;
2042 }
2043
2044 /* For other groups, scan the branches. */
2045
2046 if (c == OP_BRA || c == OP_BRAPOS ||
2047 c == OP_CBRA || c == OP_CBRAPOS ||
2048 c == OP_ONCE || c == OP_COND)
2049 {
2050 BOOL empty_branch;
2051 if (GET(code, 1) == 0) return TRUE; /* Hit unclosed bracket */
2052
2053 /* If a conditional group has only one branch, there is a second, implied,
2054 empty branch, so just skip over the conditional, because it could be empty.
2055 Otherwise, scan the individual branches of the group. */
2056
2057 if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
2058 code += GET(code, 1);
2059 else
2060 {
2061 empty_branch = FALSE;
2062 do
2063 {
2064 if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
2065 empty_branch = TRUE;
2066 code += GET(code, 1);
2067 }
2068 while (*code == OP_ALT);
2069 if (!empty_branch) return FALSE; /* All branches are non-empty */
2070 }
2071
2072 c = *code;
2073 continue;
2074 }
2075
2076 /* Handle the other opcodes */
2077
2078 switch (c)
2079 {
2080 /* Check for quantifiers after a class. XCLASS is used for classes that
2081 cannot be represented just by a bit map. This includes negated single
2082 high-valued characters. The length in _pcre_OP_lengths[] is zero; the
2083 actual length is stored in the compiled code, so we must update "code"
2084 here. */
2085
2086 #ifdef SUPPORT_UTF8
2087 case OP_XCLASS:
2088 ccode = code += GET(code, 1);
2089 goto CHECK_CLASS_REPEAT;
2090 #endif
2091
2092 case OP_CLASS:
2093 case OP_NCLASS:
2094 ccode = code + 33;
2095
2096 #ifdef SUPPORT_UTF8
2097 CHECK_CLASS_REPEAT:
2098 #endif
2099
2100 switch (*ccode)
2101 {
2102 case OP_CRSTAR: /* These could be empty; continue */
2103 case OP_CRMINSTAR:
2104 case OP_CRQUERY:
2105 case OP_CRMINQUERY:
2106 break;
2107
2108 default: /* Non-repeat => class must match */
2109 case OP_CRPLUS: /* These repeats aren't empty */
2110 case OP_CRMINPLUS:
2111 return FALSE;
2112
2113 case OP_CRRANGE:
2114 case OP_CRMINRANGE:
2115 if (GET2(ccode, 1) > 0) return FALSE; /* Minimum > 0 */
2116 break;
2117 }
2118 break;
2119
2120 /* Opcodes that must match a character */
2121
2122 case OP_PROP:
2123 case OP_NOTPROP:
2124 case OP_EXTUNI:
2125 case OP_NOT_DIGIT:
2126 case OP_DIGIT:
2127 case OP_NOT_WHITESPACE:
2128 case OP_WHITESPACE:
2129 case OP_NOT_WORDCHAR:
2130 case OP_WORDCHAR:
2131 case OP_ANY:
2132 case OP_ALLANY:
2133 case OP_ANYBYTE:
2134 case OP_CHAR:
2135 case OP_CHARI:
2136 case OP_NOT:
2137 case OP_NOTI:
2138 case OP_PLUS:
2139 case OP_MINPLUS:
2140 case OP_POSPLUS:
2141 case OP_EXACT:
2142 case OP_NOTPLUS:
2143 case OP_NOTMINPLUS:
2144 case OP_NOTPOSPLUS:
2145 case OP_NOTEXACT:
2146 case OP_TYPEPLUS:
2147 case OP_TYPEMINPLUS:
2148 case OP_TYPEPOSPLUS:
2149 case OP_TYPEEXACT:
2150 return FALSE;
2151
2152 /* These are going to continue, as they may be empty, but we have to
2153 fudge the length for the \p and \P cases. */
2154
2155 case OP_TYPESTAR:
2156 case OP_TYPEMINSTAR:
2157 case OP_TYPEPOSSTAR:
2158 case OP_TYPEQUERY:
2159 case OP_TYPEMINQUERY:
2160 case OP_TYPEPOSQUERY:
2161 if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
2162 break;
2163
2164 /* Same for these */
2165
2166 case OP_TYPEUPTO:
2167 case OP_TYPEMINUPTO:
2168 case OP_TYPEPOSUPTO:
2169 if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
2170 break;
2171
2172 /* End of branch */
2173
2174 case OP_KET:
2175 case OP_KETRMAX:
2176 case OP_KETRMIN:
2177 case OP_KETRPOS:
2178 case OP_ALT:
2179 return TRUE;
2180
2181 /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
2182 MINUPTO, and POSUPTO may be followed by a multibyte character */
2183
2184 #ifdef SUPPORT_UTF8
2185 case OP_STAR:
2186 case OP_STARI:
2187 case OP_MINSTAR:
2188 case OP_MINSTARI:
2189 case OP_POSSTAR:
2190 case OP_POSSTARI:
2191 case OP_QUERY:
2192 case OP_QUERYI:
2193 case OP_MINQUERY:
2194 case OP_MINQUERYI:
2195 case OP_POSQUERY:
2196 case OP_POSQUERYI:
2197 if (utf8 && code[1] >= 0xc0) code += _pcre_utf8_table4[code[1] & 0x3f];
2198 break;
2199
2200 case OP_UPTO:
2201 case OP_UPTOI:
2202 case OP_MINUPTO:
2203 case OP_MINUPTOI:
2204 case OP_POSUPTO:
2205 case OP_POSUPTOI:
2206 if (utf8 && code[3] >= 0xc0) code += _pcre_utf8_table4[code[3] & 0x3f];
2207 break;
2208 #endif
2209
2210 /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
2211 string. */
2212
2213 case OP_MARK:
2214 case OP_PRUNE_ARG:
2215 case OP_SKIP_ARG:
2216 code += code[1];
2217 break;
2218
2219 case OP_THEN_ARG:
2220 code += code[1+LINK_SIZE];
2221 break;
2222
2223 /* None of the remaining opcodes are required to match a character. */
2224
2225 default:
2226 break;
2227 }
2228 }
2229
2230 return TRUE;
2231 }
2232
2233
2234
2235 /*************************************************
2236 * Scan compiled regex for non-emptiness *
2237 *************************************************/
2238
2239 /* This function is called to check for left recursive calls. We want to check
2240 the current branch of the current pattern to see if it could match the empty
2241 string. If it could, we must look outwards for branches at other levels,
2242 stopping when we pass beyond the bracket which is the subject of the recursion.
2243 This function is called only during the real compile, not during the
2244 pre-compile.
2245
2246 Arguments:
2247 code points to start of the recursion
2248 endcode points to where to stop (current RECURSE item)
2249 bcptr points to the chain of current (unclosed) branch starts
2250 utf8 TRUE if in UTF-8 mode
2251 cd pointers to tables etc
2252
2253 Returns: TRUE if what is matched could be empty
2254 */
2255
2256 static BOOL
2257 could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,
2258 BOOL utf8, compile_data *cd)
2259 {
2260 while (bcptr != NULL && bcptr->current_branch >= code)
2261 {
2262 if (!could_be_empty_branch(bcptr->current_branch, endcode, utf8, cd))
2263 return FALSE;
2264 bcptr = bcptr->outer;
2265 }
2266 return TRUE;
2267 }
2268
2269
2270
2271 /*************************************************
2272 * Check for POSIX class syntax *
2273 *************************************************/
2274
2275 /* This function is called when the sequence "[:" or "[." or "[=" is
2276 encountered in a character class. It checks whether this is followed by a
2277 sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
2278 reach an unescaped ']' without the special preceding character, return FALSE.
2279
2280 Originally, this function only recognized a sequence of letters between the
2281 terminators, but it seems that Perl recognizes any sequence of characters,
2282 though of course unknown POSIX names are subsequently rejected. Perl gives an
2283 "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
2284 didn't consider this to be a POSIX class. Likewise for [:1234:].
2285
2286 The problem in trying to be exactly like Perl is in the handling of escapes. We
2287 have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
2288 class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
2289 below handles the special case of \], but does not try to do any other escape
2290 processing. This makes it different from Perl for cases such as [:l\ower:]
2291 where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
2292 "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
2293 I think.
2294
2295 A user pointed out that PCRE was rejecting [:a[:digit:]] whereas Perl was not.
2296 It seems that the appearance of a nested POSIX class supersedes an apparent
2297 external class. For example, [:a[:digit:]b:] matches "a", "b", ":", or
2298 a digit. Also, unescaped square brackets may also appear as part of class
2299 names. For example, [:a[:abc]b:] gives unknown class "[:abc]b:]"in Perl.
2300
2301 Arguments:
2302 ptr pointer to the initial [
2303 endptr where to return the end pointer
2304
2305 Returns: TRUE or FALSE
2306 */
2307
2308 static BOOL
2309 check_posix_syntax(const uschar *ptr, const uschar **endptr)
2310 {
2311 int terminator; /* Don't combine these lines; the Solaris cc */
2312 terminator = *(++ptr); /* compiler warns about "non-constant" initializer. */
2313 for (++ptr; *ptr != 0; ptr++)
2314 {
2315 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2316 ptr++;
2317 else
2318 {
2319 if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
2320 {
2321 *endptr = ptr;
2322 return TRUE;
2323 }
2324 if (*ptr == CHAR_LEFT_SQUARE_BRACKET &&
2325 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
2326 ptr[1] == CHAR_EQUALS_SIGN) &&
2327 check_posix_syntax(ptr, endptr))
2328 return FALSE;
2329 }
2330 }
2331 return FALSE;
2332 }
2333
2334
2335
2336
2337 /*************************************************
2338 * Check POSIX class name *
2339 *************************************************/
2340
2341 /* This function is called to check the name given in a POSIX-style class entry
2342 such as [:alnum:].
2343
2344 Arguments:
2345 ptr points to the first letter
2346 len the length of the name
2347
2348 Returns: a value representing the name, or -1 if unknown
2349 */
2350
2351 static int
2352 check_posix_name(const uschar *ptr, int len)
2353 {
2354 const char *pn = posix_names;
2355 register int yield = 0;
2356 while (posix_name_lengths[yield] != 0)
2357 {
2358 if (len == posix_name_lengths[yield] &&
2359 strncmp((const char *)ptr, pn, len) == 0) return yield;
2360 pn += posix_name_lengths[yield] + 1;
2361 yield++;
2362 }
2363 return -1;
2364 }
2365
2366
2367 /*************************************************
2368 * Adjust OP_RECURSE items in repeated group *
2369 *************************************************/
2370
2371 /* OP_RECURSE items contain an offset from the start of the regex to the group
2372 that is referenced. This means that groups can be replicated for fixed
2373 repetition simply by copying (because the recursion is allowed to refer to
2374 earlier groups that are outside the current group). However, when a group is
2375 optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
2376 inserted before it, after it has been compiled. This means that any OP_RECURSE
2377 items within it that refer to the group itself or any contained groups have to
2378 have their offsets adjusted. That one of the jobs of this function. Before it
2379 is called, the partially compiled regex must be temporarily terminated with
2380 OP_END.
2381
2382 This function has been extended with the possibility of forward references for
2383 recursions and subroutine calls. It must also check the list of such references
2384 for the group we are dealing with. If it finds that one of the recursions in
2385 the current group is on this list, it adjusts the offset in the list, not the
2386 value in the reference (which is a group number).
2387
2388 Arguments:
2389 group points to the start of the group
2390 adjust the amount by which the group is to be moved
2391 utf8 TRUE in UTF-8 mode
2392 cd contains pointers to tables etc.
2393 save_hwm the hwm forward reference pointer at the start of the group
2394
2395 Returns: nothing
2396 */
2397
2398 static void
2399 adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd,
2400 uschar *save_hwm)
2401 {
2402 uschar *ptr = group;
2403
2404 while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
2405 {
2406 int offset;
2407 uschar *hc;
2408
2409 /* See if this recursion is on the forward reference list. If so, adjust the
2410 reference. */
2411
2412 for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
2413 {
2414 offset = GET(hc, 0);
2415 if (cd->start_code + offset == ptr + 1)
2416 {
2417 PUT(hc, 0, offset + adjust);
2418 break;
2419 }
2420 }
2421
2422 /* Otherwise, adjust the recursion offset if it's after the start of this
2423 group. */
2424
2425 if (hc >= cd->hwm)
2426 {
2427 offset = GET(ptr, 1);
2428 if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
2429 }
2430
2431 ptr += 1 + LINK_SIZE;
2432 }
2433 }
2434
2435
2436
2437 /*************************************************
2438 * Insert an automatic callout point *
2439 *************************************************/
2440
2441 /* This function is called when the PCRE_AUTO_CALLOUT option is set, to insert
2442 callout points before each pattern item.
2443
2444 Arguments:
2445 code current code pointer
2446 ptr current pattern pointer
2447 cd pointers to tables etc
2448
2449 Returns: new code pointer
2450 */
2451
2452 static uschar *
2453 auto_callout(uschar *code, const uschar *ptr, compile_data *cd)
2454 {
2455 *code++ = OP_CALLOUT;
2456 *code++ = 255;
2457 PUT(code, 0, (int)(ptr - cd->start_pattern)); /* Pattern offset */
2458 PUT(code, LINK_SIZE, 0); /* Default length */
2459 return code + 2*LINK_SIZE;
2460 }
2461
2462
2463
2464 /*************************************************
2465 * Complete a callout item *
2466 *************************************************/
2467
2468 /* A callout item contains the length of the next item in the pattern, which
2469 we can't fill in till after we have reached the relevant point. This is used
2470 for both automatic and manual callouts.
2471
2472 Arguments:
2473 previous_callout points to previous callout item
2474 ptr current pattern pointer
2475 cd pointers to tables etc
2476
2477 Returns: nothing
2478 */
2479
2480 static void
2481 complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)
2482 {
2483 int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
2484 PUT(previous_callout, 2 + LINK_SIZE, length);
2485 }
2486
2487
2488
2489 #ifdef SUPPORT_UCP
2490 /*************************************************
2491 * Get othercase range *
2492 *************************************************/
2493
2494 /* This function is passed the start and end of a class range, in UTF-8 mode
2495 with UCP support. It searches up the characters, looking for internal ranges of
2496 characters in the "other" case. Each call returns the next one, updating the
2497 start address.
2498
2499 Arguments:
2500 cptr points to starting character value; updated
2501 d end value
2502 ocptr where to put start of othercase range
2503 odptr where to put end of othercase range
2504
2505 Yield: TRUE when range returned; FALSE when no more
2506 */
2507
2508 static BOOL
2509 get_othercase_range(unsigned int *cptr, unsigned int d, unsigned int *ocptr,
2510 unsigned int *odptr)
2511 {
2512 unsigned int c, othercase, next;
2513
2514 for (c = *cptr; c <= d; c++)
2515 { if ((othercase = UCD_OTHERCASE(c)) != c) break; }
2516
2517 if (c > d) return FALSE;
2518
2519 *ocptr = othercase;
2520 next = othercase + 1;
2521
2522 for (++c; c <= d; c++)
2523 {
2524 if (UCD_OTHERCASE(c) != next) break;
2525 next++;
2526 }
2527
2528 *odptr = next - 1;
2529 *cptr = c;
2530
2531 return TRUE;
2532 }
2533
2534
2535
2536 /*************************************************
2537 * Check a character and a property *
2538 *************************************************/
2539
2540 /* This function is called by check_auto_possessive() when a property item
2541 is adjacent to a fixed character.
2542
2543 Arguments:
2544 c the character
2545 ptype the property type
2546 pdata the data for the type
2547 negated TRUE if it's a negated property (\P or \p{^)
2548
2549 Returns: TRUE if auto-possessifying is OK
2550 */
2551
2552 static BOOL
2553 check_char_prop(int c, int ptype, int pdata, BOOL negated)
2554 {
2555 const ucd_record *prop = GET_UCD(c);
2556 switch(ptype)
2557 {
2558 case PT_LAMP:
2559 return (prop->chartype == ucp_Lu ||
2560 prop->chartype == ucp_Ll ||
2561 prop->chartype == ucp_Lt) == negated;
2562
2563 case PT_GC:
2564 return (pdata == _pcre_ucp_gentype[prop->chartype]) == negated;
2565
2566 case PT_PC:
2567 return (pdata == prop->chartype) == negated;
2568
2569 case PT_SC:
2570 return (pdata == prop->script) == negated;
2571
2572 /* These are specials */
2573
2574 case PT_ALNUM:
2575 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2576 _pcre_ucp_gentype[prop->chartype] == ucp_N) == negated;
2577
2578 case PT_SPACE: /* Perl space */
2579 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2580 c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
2581 == negated;
2582
2583 case PT_PXSPACE: /* POSIX space */
2584 return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
2585 c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
2586 c == CHAR_FF || c == CHAR_CR)
2587 == negated;
2588
2589 case PT_WORD:
2590 return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
2591 _pcre_ucp_gentype[prop->chartype] == ucp_N ||
2592 c == CHAR_UNDERSCORE) == negated;
2593 }
2594 return FALSE;
2595 }
2596 #endif /* SUPPORT_UCP */
2597
2598
2599
2600 /*************************************************
2601 * Check if auto-possessifying is possible *
2602 *************************************************/
2603
2604 /* This function is called for unlimited repeats of certain items, to see
2605 whether the next thing could possibly match the repeated item. If not, it makes
2606 sense to automatically possessify the repeated item.
2607
2608 Arguments:
2609 previous pointer to the repeated opcode
2610 utf8 TRUE in UTF-8 mode
2611 ptr next character in pattern
2612 options options bits
2613 cd contains pointers to tables etc.
2614
2615 Returns: TRUE if possessifying is wanted
2616 */
2617
2618 static BOOL
2619 check_auto_possessive(const uschar *previous, BOOL utf8, const uschar *ptr,
2620 int options, compile_data *cd)
2621 {
2622 int c, next;
2623 int op_code = *previous++;
2624
2625 /* Skip whitespace and comments in extended mode */
2626
2627 if ((options & PCRE_EXTENDED) != 0)
2628 {
2629 for (;;)
2630 {
2631 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2632 if (*ptr == CHAR_NUMBER_SIGN)
2633 {
2634 ptr++;
2635 while (*ptr != 0)
2636 {
2637 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2638 ptr++;
2639 #ifdef SUPPORT_UTF8
2640 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2641 #endif
2642 }
2643 }
2644 else break;
2645 }
2646 }
2647
2648 /* If the next item is one that we can handle, get its value. A non-negative
2649 value is a character, a negative value is an escape value. */
2650
2651 if (*ptr == CHAR_BACKSLASH)
2652 {
2653 int temperrorcode = 0;
2654 next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
2655 if (temperrorcode != 0) return FALSE;
2656 ptr++; /* Point after the escape sequence */
2657 }
2658
2659 else if ((cd->ctypes[*ptr] & ctype_meta) == 0)
2660 {
2661 #ifdef SUPPORT_UTF8
2662 if (utf8) { GETCHARINC(next, ptr); } else
2663 #endif
2664 next = *ptr++;
2665 }
2666
2667 else return FALSE;
2668
2669 /* Skip whitespace and comments in extended mode */
2670
2671 if ((options & PCRE_EXTENDED) != 0)
2672 {
2673 for (;;)
2674 {
2675 while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
2676 if (*ptr == CHAR_NUMBER_SIGN)
2677 {
2678 ptr++;
2679 while (*ptr != 0)
2680 {
2681 if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
2682 ptr++;
2683 #ifdef SUPPORT_UTF8
2684 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
2685 #endif
2686 }
2687 }
2688 else break;
2689 }
2690 }
2691
2692 /* If the next thing is itself optional, we have to give up. */
2693
2694 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2695 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2696 return FALSE;
2697
2698 /* Now compare the next item with the previous opcode. First, handle cases when
2699 the next item is a character. */
2700
2701 if (next >= 0) switch(op_code)
2702 {
2703 case OP_CHAR:
2704 #ifdef SUPPORT_UTF8
2705 GETCHARTEST(c, previous);
2706 #else
2707 c = *previous;
2708 #endif
2709 return c != next;
2710
2711 /* For CHARI (caseless character) we must check the other case. If we have
2712 Unicode property support, we can use it to test the other case of
2713 high-valued characters. */
2714
2715 case OP_CHARI:
2716 #ifdef SUPPORT_UTF8
2717 GETCHARTEST(c, previous);
2718 #else
2719 c = *previous;
2720 #endif
2721 if (c == next) return FALSE;
2722 #ifdef SUPPORT_UTF8
2723 if (utf8)
2724 {
2725 unsigned int othercase;
2726 if (next < 128) othercase = cd->fcc[next]; else
2727 #ifdef SUPPORT_UCP
2728 othercase = UCD_OTHERCASE((unsigned int)next);
2729 #else
2730 othercase = NOTACHAR;
2731 #endif
2732 return (unsigned int)c != othercase;
2733 }
2734 else
2735 #endif /* SUPPORT_UTF8 */
2736 return (c != cd->fcc[next]); /* Non-UTF-8 mode */
2737
2738 /* For OP_NOT and OP_NOTI, the data is always a single-byte character. These
2739 opcodes are not used for multi-byte characters, because they are coded using
2740 an XCLASS instead. */
2741
2742 case OP_NOT:
2743 return (c = *previous) == next;
2744
2745 case OP_NOTI:
2746 if ((c = *previous) == next) return TRUE;
2747 #ifdef SUPPORT_UTF8
2748 if (utf8)
2749 {
2750 unsigned int othercase;
2751 if (next < 128) othercase = cd->fcc[next]; else
2752 #ifdef SUPPORT_UCP
2753 othercase = UCD_OTHERCASE(next);
2754 #else
2755 othercase = NOTACHAR;
2756 #endif
2757 return (unsigned int)c == othercase;
2758 }
2759 else
2760 #endif /* SUPPORT_UTF8 */
2761 return (c == cd->fcc[next]); /* Non-UTF-8 mode */
2762
2763 /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
2764 When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
2765
2766 case OP_DIGIT:
2767 return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
2768
2769 case OP_NOT_DIGIT:
2770 return next <= 127 && (cd->ctypes[next] & ctype_digit) != 0;
2771
2772 case OP_WHITESPACE:
2773 return next > 127 || (cd->ctypes[next] & ctype_space) == 0;
2774
2775 case OP_NOT_WHITESPACE:
2776 return next <= 127 && (cd->ctypes[next] & ctype_space) != 0;
2777
2778 case OP_WORDCHAR:
2779 return next > 127 || (cd->ctypes[next] & ctype_word) == 0;
2780
2781 case OP_NOT_WORDCHAR:
2782 return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
2783
2784 case OP_HSPACE:
2785 case OP_NOT_HSPACE:
2786 switch(next)
2787 {
2788 case 0x09:
2789 case 0x20:
2790 case 0xa0:
2791 case 0x1680:
2792 case 0x180e:
2793 case 0x2000:
2794 case 0x2001:
2795 case 0x2002:
2796 case 0x2003:
2797 case 0x2004:
2798 case 0x2005:
2799 case 0x2006:
2800 case 0x2007:
2801 case 0x2008:
2802 case 0x2009:
2803 case 0x200A:
2804 case 0x202f:
2805 case 0x205f:
2806 case 0x3000:
2807 return op_code == OP_NOT_HSPACE;
2808 default:
2809 return op_code != OP_NOT_HSPACE;
2810 }
2811
2812 case OP_ANYNL:
2813 case OP_VSPACE:
2814 case OP_NOT_VSPACE:
2815 switch(next)
2816 {
2817 case 0x0a:
2818 case 0x0b:
2819 case 0x0c:
2820 case 0x0d:
2821 case 0x85:
2822 case 0x2028:
2823 case 0x2029:
2824 return op_code == OP_NOT_VSPACE;
2825 default:
2826 return op_code != OP_NOT_VSPACE;
2827 }
2828
2829 #ifdef SUPPORT_UCP
2830 case OP_PROP:
2831 return check_char_prop(next, previous[0], previous[1], FALSE);
2832
2833 case OP_NOTPROP:
2834 return check_char_prop(next, previous[0], previous[1], TRUE);
2835 #endif
2836
2837 default:
2838 return FALSE;
2839 }
2840
2841
2842 /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
2843 is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
2844 generated only when PCRE_UCP is *not* set, that is, when only ASCII
2845 characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
2846 replaced by OP_PROP codes when PCRE_UCP is set. */
2847
2848 switch(op_code)
2849 {
2850 case OP_CHAR:
2851 case OP_CHARI:
2852 #ifdef SUPPORT_UTF8
2853 GETCHARTEST(c, previous);
2854 #else
2855 c = *previous;
2856 #endif
2857 switch(-next)
2858 {
2859 case ESC_d:
2860 return c > 127 || (cd->ctypes[c] & ctype_digit) == 0;
2861
2862 case ESC_D:
2863 return c <= 127 && (cd->ctypes[c] & ctype_digit) != 0;
2864
2865 case ESC_s:
2866 return c > 127 || (cd->ctypes[c] & ctype_space) == 0;
2867
2868 case ESC_S:
2869 return c <= 127 && (cd->ctypes[c] & ctype_space) != 0;
2870
2871 case ESC_w:
2872 return c > 127 || (cd->ctypes[c] & ctype_word) == 0;
2873
2874 case ESC_W:
2875 return c <= 127 && (cd->ctypes[c] & ctype_word) != 0;
2876
2877 case ESC_h:
2878 case ESC_H:
2879 switch(c)
2880 {
2881 case 0x09:
2882 case 0x20:
2883 case 0xa0:
2884 case 0x1680:
2885 case 0x180e:
2886 case 0x2000:
2887 case 0x2001:
2888 case 0x2002:
2889 case 0x2003:
2890 case 0x2004:
2891 case 0x2005:
2892 case 0x2006:
2893 case 0x2007:
2894 case 0x2008:
2895 case 0x2009:
2896 case 0x200A:
2897 case 0x202f:
2898 case 0x205f:
2899 case 0x3000:
2900 return -next != ESC_h;
2901 default:
2902 return -next == ESC_h;
2903 }
2904
2905 case ESC_v:
2906 case ESC_V:
2907 switch(c)
2908 {
2909 case 0x0a:
2910 case 0x0b:
2911 case 0x0c:
2912 case 0x0d:
2913 case 0x85:
2914 case 0x2028:
2915 case 0x2029:
2916 return -next != ESC_v;
2917 default:
2918 return -next == ESC_v;
2919 }
2920
2921 /* When PCRE_UCP is set, these values get generated for \d etc. Find
2922 their substitutions and process them. The result will always be either
2923 -ESC_p or -ESC_P. Then fall through to process those values. */
2924
2925 #ifdef SUPPORT_UCP
2926 case ESC_du:
2927 case ESC_DU:
2928 case ESC_wu:
2929 case ESC_WU:
2930 case ESC_su:
2931 case ESC_SU:
2932 {
2933 int temperrorcode = 0;
2934 ptr = substitutes[-next - ESC_DU];
2935 next = check_escape(&ptr, &temperrorcode, 0, options, FALSE);
2936 if (temperrorcode != 0) return FALSE;
2937 ptr++; /* For compatibility */
2938 }
2939 /* Fall through */
2940
2941 case ESC_p:
2942 case ESC_P:
2943 {
2944 int ptype, pdata, errorcodeptr;
2945 BOOL negated;
2946
2947 ptr--; /* Make ptr point at the p or P */
2948 ptype = get_ucp(&ptr, &negated, &pdata, &errorcodeptr);
2949 if (ptype < 0) return FALSE;
2950 ptr++; /* Point past the final curly ket */
2951
2952 /* If the property item is optional, we have to give up. (When generated
2953 from \d etc by PCRE_UCP, this test will have been applied much earlier,
2954 to the original \d etc. At this point, ptr will point to a zero byte. */
2955
2956 if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
2957 strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
2958 return FALSE;
2959
2960 /* Do the property check. */
2961
2962 return check_char_prop(c, ptype, pdata, (next == -ESC_P) != negated);
2963 }
2964 #endif
2965
2966 default:
2967 return FALSE;
2968 }
2969
2970 /* In principle, support for Unicode properties should be integrated here as
2971 well. It means re-organizing the above code so as to get hold of the property
2972 values before switching on the op-code. However, I wonder how many patterns
2973 combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
2974 these op-codes are never generated.) */
2975
2976 case OP_DIGIT:
2977 return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
2978 next == -ESC_h || next == -ESC_v || next == -ESC_R;
2979
2980 case OP_NOT_DIGIT:
2981 return next == -ESC_d;
2982
2983 case OP_WHITESPACE:
2984 return next == -ESC_S || next == -ESC_d || next == -ESC_w || next == -ESC_R;
2985
2986 case OP_NOT_WHITESPACE:
2987 return next == -ESC_s || next == -ESC_h || next == -ESC_v;
2988
2989 case OP_HSPACE:
2990 return next == -ESC_S || next == -ESC_H || next == -ESC_d ||
2991 next == -ESC_w || next == -ESC_v || next == -ESC_R;
2992
2993 case OP_NOT_HSPACE:
2994 return next == -ESC_h;
2995
2996 /* Can't have \S in here because VT matches \S (Perl anomaly) */
2997 case OP_ANYNL:
2998 case OP_VSPACE:
2999 return next == -ESC_V || next == -ESC_d || next == -ESC_w;
3000
3001 case OP_NOT_VSPACE:
3002 return next == -ESC_v || next == -ESC_R;
3003
3004 case OP_WORDCHAR:
3005 return next == -ESC_W || next == -ESC_s || next == -ESC_h ||
3006 next == -ESC_v || next == -ESC_R;
3007
3008 case OP_NOT_WORDCHAR:
3009 return next == -ESC_w || next == -ESC_d;
3010
3011 default:
3012 return FALSE;
3013 }
3014
3015 /* Control does not reach here */
3016 }
3017
3018
3019
3020 /*************************************************
3021 * Compile one branch *
3022 *************************************************/
3023
3024 /* Scan the pattern, compiling it into the a vector. If the options are
3025 changed during the branch, the pointer is used to change the external options
3026 bits. This function is used during the pre-compile phase when we are trying
3027 to find out the amount of memory needed, as well as during the real compile
3028 phase. The value of lengthptr distinguishes the two phases.
3029
3030 Arguments:
3031 optionsptr pointer to the option bits
3032 codeptr points to the pointer to the current code point
3033 ptrptr points to the current pattern pointer
3034 errorcodeptr points to error code variable
3035 firstbyteptr set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
3036 reqbyteptr set to the last literal character required, else < 0
3037 bcptr points to current branch chain
3038 cond_depth conditional nesting depth
3039 cd contains pointers to tables etc.
3040 lengthptr NULL during the real compile phase
3041 points to length accumulator during pre-compile phase
3042
3043 Returns: TRUE on success
3044 FALSE, with *errorcodeptr set non-zero on error
3045 */
3046
3047 static BOOL
3048 compile_branch(int *optionsptr, uschar **codeptr, const uschar **ptrptr,
3049 int *errorcodeptr, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
3050 int cond_depth, compile_data *cd, int *lengthptr)
3051 {
3052 int repeat_type, op_type;
3053 int repeat_min = 0, repeat_max = 0; /* To please picky compilers */
3054 int bravalue = 0;
3055 int greedy_default, greedy_non_default;
3056 int firstbyte, reqbyte;
3057 int zeroreqbyte, zerofirstbyte;
3058 int req_caseopt, reqvary, tempreqvary;
3059 int options = *optionsptr; /* May change dynamically */
3060 int after_manual_callout = 0;
3061 int length_prevgroup = 0;
3062 register int c;
3063 register uschar *code = *codeptr;
3064 uschar *last_code = code;
3065 uschar *orig_code = code;
3066 uschar *tempcode;
3067 BOOL inescq = FALSE;
3068 BOOL groupsetfirstbyte = FALSE;
3069 const uschar *ptr = *ptrptr;
3070 const uschar *tempptr;
3071 const uschar *nestptr = NULL;
3072 uschar *previous = NULL;
3073 uschar *previous_callout = NULL;
3074 uschar *save_hwm = NULL;
3075 uschar classbits[32];
3076
3077 /* We can fish out the UTF-8 setting once and for all into a BOOL, but we
3078 must not do this for other options (e.g. PCRE_EXTENDED) because they may change
3079 dynamically as we process the pattern. */
3080
3081 #ifdef SUPPORT_UTF8
3082 BOOL class_utf8;
3083 BOOL utf8 = (options & PCRE_UTF8) != 0;
3084 uschar *class_utf8data;
3085 uschar *class_utf8data_base;
3086 uschar utf8_char[6];
3087 #else
3088 BOOL utf8 = FALSE;
3089 uschar *utf8_char = NULL;
3090 #endif
3091
3092 #ifdef PCRE_DEBUG
3093 if (lengthptr != NULL) DPRINTF((">> start branch\n"));
3094 #endif
3095
3096 /* Set up the default and non-default settings for greediness */
3097
3098 greedy_default = ((options & PCRE_UNGREEDY) != 0);
3099 greedy_non_default = greedy_default ^ 1;
3100
3101 /* Initialize no first byte, no required byte. REQ_UNSET means "no char
3102 matching encountered yet". It gets changed to REQ_NONE if we hit something that
3103 matches a non-fixed char first char; reqbyte just remains unset if we never
3104 find one.
3105
3106 When we hit a repeat whose minimum is zero, we may have to adjust these values
3107 to take the zero repeat into account. This is implemented by setting them to
3108 zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
3109 item types that can be repeated set these backoff variables appropriately. */
3110
3111 firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
3112
3113 /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
3114 according to the current setting of the caseless flag. REQ_CASELESS is a bit
3115 value > 255. It is added into the firstbyte or reqbyte variables to record the
3116 case status of the value. This is used only for ASCII characters. */
3117
3118 req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
3119
3120 /* Switch on next character until the end of the branch */
3121
3122 for (;; ptr++)
3123 {
3124 BOOL negate_class;
3125 BOOL should_flip_negation;
3126 BOOL possessive_quantifier;
3127 BOOL is_quantifier;
3128 BOOL is_recurse;
3129 BOOL reset_bracount;
3130 int class_charcount;
3131 int class_lastchar;
3132 int newoptions;
3133 int recno;
3134 int refsign;
3135 int skipbytes;
3136 int subreqbyte;
3137 int subfirstbyte;
3138 int terminator;
3139 int mclength;
3140 uschar mcbuffer[8];
3141
3142 /* Get next byte in the pattern */
3143
3144 c = *ptr;
3145
3146 /* If we are at the end of a nested substitution, revert to the outer level
3147 string. Nesting only happens one level deep. */
3148
3149 if (c == 0 && nestptr != NULL)
3150 {
3151 ptr = nestptr;
3152 nestptr = NULL;
3153 c = *ptr;
3154 }
3155
3156 /* If we are in the pre-compile phase, accumulate the length used for the
3157 previous cycle of this loop. */
3158
3159 if (lengthptr != NULL)
3160 {
3161 #ifdef PCRE_DEBUG
3162 if (code > cd->hwm) cd->hwm = code; /* High water info */
3163 #endif
3164 if (code > cd->start_workspace + WORK_SIZE_CHECK) /* Check for overrun */
3165 {
3166 *errorcodeptr = ERR52;
3167 goto FAILED;
3168 }
3169
3170 /* There is at least one situation where code goes backwards: this is the
3171 case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
3172 the class is simply eliminated. However, it is created first, so we have to
3173 allow memory for it. Therefore, don't ever reduce the length at this point.
3174 */
3175
3176 if (code < last_code) code = last_code;
3177
3178 /* Paranoid check for integer overflow */
3179
3180 if (OFLOW_MAX - *lengthptr < code - last_code)
3181 {
3182 *errorcodeptr = ERR20;
3183 goto FAILED;
3184 }
3185
3186 *lengthptr += (int)(code - last_code);
3187 DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));
3188
3189 /* If "previous" is set and it is not at the start of the work space, move
3190 it back to there, in order to avoid filling up the work space. Otherwise,
3191 if "previous" is NULL, reset the current code pointer to the start. */
3192
3193 if (previous != NULL)
3194 {
3195 if (previous > orig_code)
3196 {
3197 memmove(orig_code, previous, code - previous);
3198 code -= previous - orig_code;
3199 previous = orig_code;
3200 }
3201 }
3202 else code = orig_code;
3203
3204 /* Remember where this code item starts so we can pick up the length
3205 next time round. */
3206
3207 last_code = code;
3208 }
3209
3210 /* In the real compile phase, just check the workspace used by the forward
3211 reference list. */
3212
3213 else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
3214 {
3215 *errorcodeptr = ERR52;
3216 goto FAILED;
3217 }
3218
3219 /* If in \Q...\E, check for the end; if not, we have a literal */
3220
3221 if (inescq && c != 0)
3222 {
3223 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3224 {
3225 inescq = FALSE;
3226 ptr++;
3227 continue;
3228 }
3229 else
3230 {
3231 if (previous_callout != NULL)
3232 {
3233 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3234 complete_callout(previous_callout, ptr, cd);
3235 previous_callout = NULL;
3236 }
3237 if ((options & PCRE_AUTO_CALLOUT) != 0)
3238 {
3239 previous_callout = code;
3240 code = auto_callout(code, ptr, cd);
3241 }
3242 goto NORMAL_CHAR;
3243 }
3244 }
3245
3246 /* Fill in length of a previous callout, except when the next thing is
3247 a quantifier. */
3248
3249 is_quantifier =
3250 c == CHAR_ASTERISK || c == CHAR_PLUS || c == CHAR_QUESTION_MARK ||
3251 (c == CHAR_LEFT_CURLY_BRACKET && is_counted_repeat(ptr+1));
3252
3253 if (!is_quantifier && previous_callout != NULL &&
3254 after_manual_callout-- <= 0)
3255 {
3256 if (lengthptr == NULL) /* Don't attempt in pre-compile phase */
3257 complete_callout(previous_callout, ptr, cd);
3258 previous_callout = NULL;
3259 }
3260
3261 /* In extended mode, skip white space and comments. */
3262
3263 if ((options & PCRE_EXTENDED) != 0)
3264 {
3265 if ((cd->ctypes[c] & ctype_space) != 0) continue;
3266 if (c == CHAR_NUMBER_SIGN)
3267 {
3268 ptr++;
3269 while (*ptr != 0)
3270 {
3271 if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
3272 ptr++;
3273 #ifdef SUPPORT_UTF8
3274 if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
3275 #endif
3276 }
3277 if (*ptr != 0) continue;
3278
3279 /* Else fall through to handle end of string */
3280 c = 0;
3281 }
3282 }
3283
3284 /* No auto callout for quantifiers. */
3285
3286 if ((options & PCRE_AUTO_CALLOUT) != 0 && !is_quantifier)
3287 {
3288 previous_callout = code;
3289 code = auto_callout(code, ptr, cd);
3290 }
3291
3292 switch(c)
3293 {
3294 /* ===================================================================*/
3295 case 0: /* The branch terminates at string end */
3296 case CHAR_VERTICAL_LINE: /* or | or ) */
3297 case CHAR_RIGHT_PARENTHESIS:
3298 *firstbyteptr = firstbyte;
3299 *reqbyteptr = reqbyte;
3300 *codeptr = code;
3301 *ptrptr = ptr;
3302 if (lengthptr != NULL)
3303 {
3304 if (OFLOW_MAX - *lengthptr < code - last_code)
3305 {
3306 *errorcodeptr = ERR20;
3307 goto FAILED;
3308 }
3309 *lengthptr += (int)(code - last_code); /* To include callout length */
3310 DPRINTF((">> end branch\n"));
3311 }
3312 return TRUE;
3313
3314
3315 /* ===================================================================*/
3316 /* Handle single-character metacharacters. In multiline mode, ^ disables
3317 the setting of any following char as a first character. */
3318
3319 case CHAR_CIRCUMFLEX_ACCENT:
3320 previous = NULL;
3321 if ((options & PCRE_MULTILINE) != 0)
3322 {
3323 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3324 *code++ = OP_CIRCM;
3325 }
3326 else *code++ = OP_CIRC;
3327 break;
3328
3329 case CHAR_DOLLAR_SIGN:
3330 previous = NULL;
3331 *code++ = ((options & PCRE_MULTILINE) != 0)? OP_DOLLM : OP_DOLL;
3332 break;
3333
3334 /* There can never be a first char if '.' is first, whatever happens about
3335 repeats. The value of reqbyte doesn't change either. */
3336
3337 case CHAR_DOT:
3338 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3339 zerofirstbyte = firstbyte;
3340 zeroreqbyte = reqbyte;
3341 previous = code;
3342 *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
3343 break;
3344
3345
3346 /* ===================================================================*/
3347 /* Character classes. If the included characters are all < 256, we build a
3348 32-byte bitmap of the permitted characters, except in the special case
3349 where there is only one such character. For negated classes, we build the
3350 map as usual, then invert it at the end. However, we use a different opcode
3351 so that data characters > 255 can be handled correctly.
3352
3353 If the class contains characters outside the 0-255 range, a different
3354 opcode is compiled. It may optionally have a bit map for characters < 256,
3355 but those above are are explicitly listed afterwards. A flag byte tells
3356 whether the bitmap is present, and whether this is a negated class or not.
3357
3358 In JavaScript compatibility mode, an isolated ']' causes an error. In
3359 default (Perl) mode, it is treated as a data character. */
3360
3361 case CHAR_RIGHT_SQUARE_BRACKET:
3362 if ((cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3363 {
3364 *errorcodeptr = ERR64;
3365 goto FAILED;
3366 }
3367 goto NORMAL_CHAR;
3368
3369 case CHAR_LEFT_SQUARE_BRACKET:
3370 previous = code;
3371
3372 /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
3373 they are encountered at the top level, so we'll do that too. */
3374
3375 if ((ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3376 ptr[1] == CHAR_EQUALS_SIGN) &&
3377 check_posix_syntax(ptr, &tempptr))
3378 {
3379 *errorcodeptr = (ptr[1] == CHAR_COLON)? ERR13 : ERR31;
3380 goto FAILED;
3381 }
3382
3383 /* If the first character is '^', set the negation flag and skip it. Also,
3384 if the first few characters (either before or after ^) are \Q\E or \E we
3385 skip them too. This makes for compatibility with Perl. */
3386
3387 negate_class = FALSE;
3388 for (;;)
3389 {
3390 c = *(++ptr);
3391 if (c == CHAR_BACKSLASH)
3392 {
3393 if (ptr[1] == CHAR_E)
3394 ptr++;
3395 else if (strncmp((const char *)ptr+1,
3396 STR_Q STR_BACKSLASH STR_E, 3) == 0)
3397 ptr += 3;
3398 else
3399 break;
3400 }
3401 else if (!negate_class && c == CHAR_CIRCUMFLEX_ACCENT)
3402 negate_class = TRUE;
3403 else break;
3404 }
3405
3406 /* Empty classes are allowed in JavaScript compatibility mode. Otherwise,
3407 an initial ']' is taken as a data character -- the code below handles
3408 that. In JS mode, [] must always fail, so generate OP_FAIL, whereas
3409 [^] must match any character, so generate OP_ALLANY. */
3410
3411 if (c == CHAR_RIGHT_SQUARE_BRACKET &&
3412 (cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
3413 {
3414 *code++ = negate_class? OP_ALLANY : OP_FAIL;
3415 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
3416 zerofirstbyte = firstbyte;
3417 break;
3418 }
3419
3420 /* If a class contains a negative special such as \S, we need to flip the
3421 negation flag at the end, so that support for characters > 255 works
3422 correctly (they are all included in the class). */
3423
3424 should_flip_negation = FALSE;
3425
3426 /* Keep a count of chars with values < 256 so that we can optimize the case
3427 of just a single character (as long as it's < 256). However, For higher
3428 valued UTF-8 characters, we don't yet do any optimization. */
3429
3430 class_charcount = 0;
3431 class_lastchar = -1;
3432
3433 /* Initialize the 32-char bit map to all zeros. We build the map in a
3434 temporary bit of memory, in case the class contains only 1 character (less
3435 than 256), because in that case the compiled code doesn't use the bit map.
3436 */
3437
3438 memset(classbits, 0, 32 * sizeof(uschar));
3439
3440 #ifdef SUPPORT_UTF8
3441 class_utf8 = FALSE; /* No chars >= 256 */
3442 class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
3443 class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
3444 #endif
3445
3446 /* Process characters until ] is reached. By writing this as a "do" it
3447 means that an initial ] is taken as a data character. At the start of the
3448 loop, c contains the first byte of the character. */
3449
3450 if (c != 0) do
3451 {
3452 const uschar *oldptr;
3453
3454 #ifdef SUPPORT_UTF8
3455 if (utf8 && c > 127)
3456 { /* Braces are required because the */
3457 GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
3458 }
3459
3460 /* In the pre-compile phase, accumulate the length of any UTF-8 extra
3461 data and reset the pointer. This is so that very large classes that
3462 contain a zillion UTF-8 characters no longer overwrite the work space
3463 (which is on the stack). */
3464
3465 if (lengthptr != NULL)
3466 {
3467 *lengthptr += class_utf8data - class_utf8data_base;
3468 class_utf8data = class_utf8data_base;
3469 }
3470
3471 #endif
3472
3473 /* Inside \Q...\E everything is literal except \E */
3474
3475 if (inescq)
3476 {
3477 if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E) /* If we are at \E */
3478 {
3479 inescq = FALSE; /* Reset literal state */
3480 ptr++; /* Skip the 'E' */
3481 continue; /* Carry on with next */
3482 }
3483 goto CHECK_RANGE; /* Could be range if \E follows */
3484 }
3485
3486 /* Handle POSIX class names. Perl allows a negation extension of the
3487 form [:^name:]. A square bracket that doesn't match the syntax is
3488 treated as a literal. We also recognize the POSIX constructions
3489 [.ch.] and [=ch=] ("collating elements") and fault them, as Perl
3490 5.6 and 5.8 do. */
3491
3492 if (c == CHAR_LEFT_SQUARE_BRACKET &&
3493 (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
3494 ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &tempptr))
3495 {
3496 BOOL local_negate = FALSE;
3497 int posix_class, taboffset, tabopt;
3498 register const uschar *cbits = cd->cbits;
3499 uschar pbits[32];
3500
3501 if (ptr[1] != CHAR_COLON)
3502 {
3503 *errorcodeptr = ERR31;
3504 goto FAILED;
3505 }
3506
3507 ptr += 2;
3508 if (*ptr == CHAR_CIRCUMFLEX_ACCENT)
3509 {
3510 local_negate = TRUE;
3511 should_flip_negation = TRUE; /* Note negative special */
3512 ptr++;
3513 }
3514
3515 posix_class = check_posix_name(ptr, (int)(tempptr - ptr));
3516 if (posix_class < 0)
3517 {
3518 *errorcodeptr = ERR30;
3519 goto FAILED;
3520 }
3521
3522 /* If matching is caseless, upper and lower are converted to
3523 alpha. This relies on the fact that the class table starts with
3524 alpha, lower, upper as the first 3 entries. */
3525
3526 if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)
3527 posix_class = 0;
3528
3529 /* When PCRE_UCP is set, some of the POSIX classes are converted to
3530 different escape sequences that use Unicode properties. */
3531
3532 #ifdef SUPPORT_UCP
3533 if ((options & PCRE_UCP) != 0)
3534 {
3535 int pc = posix_class + ((local_negate)? POSIX_SUBSIZE/2 : 0);
3536 if (posix_substitutes[pc] != NULL)
3537 {
3538 nestptr = tempptr + 1;
3539 ptr = posix_substitutes[pc] - 1;
3540 continue;
3541 }
3542 }
3543 #endif
3544 /* In the non-UCP case, we build the bit map for the POSIX class in a
3545 chunk of local store because we may be adding and subtracting from it,
3546 and we don't want to subtract bits that may be in the main map already.
3547 At the end we or the result into the bit map that is being built. */
3548
3549 posix_class *= 3;
3550
3551 /* Copy in the first table (always present) */
3552
3553 memcpy(pbits, cbits + posix_class_maps[posix_class],
3554 32 * sizeof(uschar));
3555
3556 /* If there is a second table, add or remove it as required. */
3557
3558 taboffset = posix_class_maps[posix_class + 1];
3559 tabopt = posix_class_maps[posix_class + 2];
3560
3561 if (taboffset >= 0)
3562 {
3563 if (tabopt >= 0)
3564 for (c = 0; c < 32; c++) pbits[c] |= cbits[c + taboffset];
3565 else
3566 for (c = 0; c < 32; c++) pbits[c] &= ~cbits[c + taboffset];
3567 }
3568
3569 /* Not see if we need to remove any special characters. An option
3570 value of 1 removes vertical space and 2 removes underscore. */
3571
3572 if (tabopt < 0) tabopt = -tabopt;
3573 if (tabopt == 1) pbits[1] &= ~0x3c;
3574 else if (tabopt == 2) pbits[11] &= 0x7f;
3575
3576 /* Add the POSIX table or its complement into the main table that is
3577 being built and we are done. */
3578
3579 if (local_negate)
3580 for (c = 0; c < 32; c++) classbits[c] |= ~pbits[c];
3581 else
3582 for (c = 0; c < 32; c++) classbits[c] |= pbits[c];
3583
3584 ptr = tempptr + 1;
3585 class_charcount = 10; /* Set > 1; assumes more than 1 per class */
3586 continue; /* End of POSIX syntax handling */
3587 }
3588
3589 /* Backslash may introduce a single character, or it may introduce one
3590 of the specials, which just set a flag. The sequence \b is a special
3591 case. Inside a class (and only there) it is treated as backspace. We
3592 assume that other escapes have more than one character in them, so set
3593 class_charcount bigger than one. Unrecognized escapes fall through and
3594 are either treated as literal characters (by default), or are faulted if
3595 PCRE_EXTRA is set. */
3596
3597 if (c == CHAR_BACKSLASH)
3598 {
3599 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
3600 if (*errorcodeptr != 0) goto FAILED;
3601
3602 if (-c == ESC_b) c = CHAR_BS; /* \b is backspace in a class */
3603 else if (-c == ESC_Q) /* Handle start of quoted string */
3604 {
3605 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
3606 {
3607 ptr += 2; /* avoid empty string */
3608 }
3609 else inescq = TRUE;
3610 continue;
3611 }
3612 else if (-c == ESC_E) continue; /* Ignore orphan \E */
3613
3614 if (c < 0)
3615 {
3616 register const uschar *cbits = cd->cbits;
3617 class_charcount += 2; /* Greater than 1 is what matters */
3618
3619 switch (-c)
3620 {
3621 #ifdef SUPPORT_UCP
3622 case ESC_du: /* These are the values given for \d etc */
3623 case ESC_DU: /* when PCRE_UCP is set. We replace the */
3624 case ESC_wu: /* escape sequence with an appropriate \p */
3625 case ESC_WU: /* or \P to test Unicode properties instead */
3626 case ESC_su: /* of the default ASCII testing. */
3627 case ESC_SU:
3628 nestptr = ptr;
3629 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
3630 class_charcount -= 2; /* Undo! */
3631 continue;
3632 #endif
3633 case ESC_d:
3634 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
3635 continue;
3636
3637 case ESC_D:
3638 should_flip_negation = TRUE;
3639 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];
3640 continue;
3641
3642 case ESC_w:
3643 for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_word];
3644 continue;
3645
3646 case ESC_W:
3647 should_flip_negation = TRUE;
3648 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];
3649 continue;
3650
3651 /* Perl 5.004 onwards omits VT from \s, but we must preserve it
3652 if it was previously set by something earlier in the character
3653 class. */
3654
3655 case ESC_s:
3656 classbits[0] |= cbits[cbit_space];
3657 classbits[1] |= cbits[cbit_space+1] & ~0x08;
3658 for (c = 2; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
3659 continue;
3660
3661 case ESC_S:
3662 should_flip_negation = TRUE;
3663 for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];
3664 classbits[1] |= 0x08; /* Perl 5.004 onwards omits VT from \s */
3665 continue;
3666
3667 case ESC_h:
3668 SETBIT(classbits, 0x09); /* VT */
3669 SETBIT(classbits, 0x20); /* SPACE */
3670 SETBIT(classbits, 0xa0); /* NSBP */
3671 #ifdef SUPPORT_UTF8
3672 if (utf8)
3673 {
3674 class_utf8 = TRUE;
3675 *class_utf8data++ = XCL_SINGLE;
3676 class_utf8data += _pcre_ord2utf8(0x1680, class_utf8data);
3677 *class_utf8data++ = XCL_SINGLE;
3678 class_utf8data += _pcre_ord2utf8(0x180e, class_utf8data);
3679 *class_utf8data++ = XCL_RANGE;
3680 class_utf8data += _pcre_ord2utf8(0x2000, class_utf8data);
3681 class_utf8data += _pcre_ord2utf8(0x200A, class_utf8data);
3682 *class_utf8data++ = XCL_SINGLE;
3683 class_utf8data += _pcre_ord2utf8(0x202f, class_utf8data);
3684 *class_utf8data++ = XCL_SINGLE;
3685 class_utf8data += _pcre_ord2utf8(0x205f, class_utf8data);
3686 *class_utf8data++ = XCL_SINGLE;
3687 class_utf8data += _pcre_ord2utf8(0x3000, class_utf8data);
3688 }
3689 #endif
3690 continue;
3691
3692 case ESC_H:
3693 for (c = 0; c < 32; c++)
3694 {
3695 int x = 0xff;
3696 switch (c)
3697 {
3698 case 0x09/8: x ^= 1 << (0x09%8); break;
3699 case 0x20/8: x ^= 1 << (0x20%8); break;
3700 case 0xa0/8: x ^= 1 << (0xa0%8); break;
3701 default: break;
3702 }
3703 classbits[c] |= x;
3704 }
3705
3706 #ifdef SUPPORT_UTF8
3707 if (utf8)
3708 {
3709 class_utf8 = TRUE;
3710 *class_utf8data++ = XCL_RANGE;
3711 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3712 class_utf8data += _pcre_ord2utf8(0x167f, class_utf8data);
3713 *class_utf8data++ = XCL_RANGE;
3714 class_utf8data += _pcre_ord2utf8(0x1681, class_utf8data);
3715 class_utf8data += _pcre_ord2utf8(0x180d, class_utf8data);
3716 *class_utf8data++ = XCL_RANGE;
3717 class_utf8data += _pcre_ord2utf8(0x180f, class_utf8data);
3718 class_utf8data += _pcre_ord2utf8(0x1fff, class_utf8data);
3719 *class_utf8data++ = XCL_RANGE;
3720 class_utf8data += _pcre_ord2utf8(0x200B, class_utf8data);
3721 class_utf8data += _pcre_ord2utf8(0x202e, class_utf8data);
3722 *class_utf8data++ = XCL_RANGE;
3723 class_utf8data += _pcre_ord2utf8(0x2030, class_utf8data);
3724 class_utf8data += _pcre_ord2utf8(0x205e, class_utf8data);
3725 *class_utf8data++ = XCL_RANGE;
3726 class_utf8data += _pcre_ord2utf8(0x2060, class_utf8data);
3727 class_utf8data += _pcre_ord2utf8(0x2fff, class_utf8data);
3728 *class_utf8data++ = XCL_RANGE;
3729 class_utf8data += _pcre_ord2utf8(0x3001, class_utf8data);
3730 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3731 }
3732 #endif
3733 continue;
3734
3735 case ESC_v:
3736 SETBIT(classbits, 0x0a); /* LF */
3737 SETBIT(classbits, 0x0b); /* VT */
3738 SETBIT(classbits, 0x0c); /* FF */
3739 SETBIT(classbits, 0x0d); /* CR */
3740 SETBIT(classbits, 0x85); /* NEL */
3741 #ifdef SUPPORT_UTF8
3742 if (utf8)
3743 {
3744 class_utf8 = TRUE;
3745 *class_utf8data++ = XCL_RANGE;
3746 class_utf8data += _pcre_ord2utf8(0x2028, class_utf8data);
3747 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3748 }
3749 #endif
3750 continue;
3751
3752 case ESC_V:
3753 for (c = 0; c < 32; c++)
3754 {
3755 int x = 0xff;
3756 switch (c)
3757 {
3758 case 0x0a/8: x ^= 1 << (0x0a%8);
3759 x ^= 1 << (0x0b%8);
3760 x ^= 1 << (0x0c%8);
3761 x ^= 1 << (0x0d%8);
3762 break;
3763 case 0x85/8: x ^= 1 << (0x85%8); break;
3764 default: break;
3765 }
3766 classbits[c] |= x;
3767 }
3768
3769 #ifdef SUPPORT_UTF8
3770 if (utf8)
3771 {
3772 class_utf8 = TRUE;
3773 *class_utf8data++ = XCL_RANGE;
3774 class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
3775 class_utf8data += _pcre_ord2utf8(0x2027, class_utf8data);
3776 *class_utf8data++ = XCL_RANGE;
3777 class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
3778 class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
3779 }
3780 #endif
3781 continue;
3782
3783 #ifdef SUPPORT_UCP
3784 case ESC_p:
3785 case ESC_P:
3786 {
3787 BOOL negated;
3788 int pdata;
3789 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
3790 if (ptype < 0) goto FAILED;
3791 class_utf8 = TRUE;
3792 *class_utf8data++ = ((-c == ESC_p) != negated)?
3793 XCL_PROP : XCL_NOTPROP;
3794 *class_utf8data++ = ptype;
3795 *class_utf8data++ = pdata;
3796 class_charcount -= 2; /* Not a < 256 character */
3797 continue;
3798 }
3799 #endif
3800 /* Unrecognized escapes are faulted if PCRE is running in its
3801 strict mode. By default, for compatibility with Perl, they are
3802 treated as literals. */
3803
3804 default:
3805 if ((options & PCRE_EXTRA) != 0)
3806 {
3807 *errorcodeptr = ERR7;
3808 goto FAILED;
3809 }
3810 class_charcount -= 2; /* Undo the default count from above */
3811 c = *ptr; /* Get the final character and fall through */
3812 break;
3813 }
3814 }
3815
3816 /* Fall through if we have a single character (c >= 0). This may be
3817 greater than 256 in UTF-8 mode. */
3818
3819 } /* End of backslash handling */
3820
3821 /* A single character may be followed by '-' to form a range. However,
3822 Perl does not permit ']' to be the end of the range. A '-' character
3823 at the end is treated as a literal. Perl ignores orphaned \E sequences
3824 entirely. The code for handling \Q and \E is messy. */
3825
3826 CHECK_RANGE:
3827 while (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
3828 {
3829 inescq = FALSE;
3830 ptr += 2;
3831 }
3832
3833 oldptr = ptr;
3834
3835 /* Remember \r or \n */
3836
3837 if (c == CHAR_CR || c == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
3838
3839 /* Check for range */
3840
3841 if (!inescq && ptr[1] == CHAR_MINUS)
3842 {
3843 int d;
3844 ptr += 2;
3845 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E) ptr += 2;
3846
3847 /* If we hit \Q (not followed by \E) at this point, go into escaped
3848 mode. */
3849
3850 while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
3851 {
3852 ptr += 2;
3853 if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E)
3854 { ptr += 2; continue; }
3855 inescq = TRUE;
3856 break;
3857 }
3858
3859 if (*ptr == 0 || (!inescq && *ptr == CHAR_RIGHT_SQUARE_BRACKET))
3860 {
3861 ptr = oldptr;
3862 goto LONE_SINGLE_CHARACTER;
3863 }
3864
3865 #ifdef SUPPORT_UTF8
3866 if (utf8)
3867 { /* Braces are required because the */
3868 GETCHARLEN(d, ptr, ptr); /* macro generates multiple statements */
3869 }
3870 else
3871 #endif
3872 d = *ptr; /* Not UTF-8 mode */
3873
3874 /* The second part of a range can be a single-character escape, but
3875 not any of the other escapes. Perl 5.6 treats a hyphen as a literal
3876 in such circumstances. */
3877
3878 if (!inescq && d == CHAR_BACKSLASH)
3879 {
3880 d = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
3881 if (*errorcodeptr != 0) goto FAILED;
3882
3883 /* \b is backspace; any other special means the '-' was literal */
3884
3885 if (d < 0)
3886 {
3887 if (d == -ESC_b) d = CHAR_BS; else
3888 {
3889 ptr = oldptr;
3890 goto LONE_SINGLE_CHARACTER; /* A few lines below */
3891 }
3892 }
3893 }
3894
3895 /* Check that the two values are in the correct order. Optimize
3896 one-character ranges */
3897
3898 if (d < c)
3899 {
3900 *errorcodeptr = ERR8;
3901 goto FAILED;
3902 }
3903
3904 if (d == c) goto LONE_SINGLE_CHARACTER; /* A few lines below */
3905
3906 /* Remember \r or \n */
3907
3908 if (d == CHAR_CR || d == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
3909
3910 /* In UTF-8 mode, if the upper limit is > 255, or > 127 for caseless
3911 matching, we have to use an XCLASS with extra data items. Caseless
3912 matching for characters > 127 is available only if UCP support is
3913 available. */
3914
3915 #ifdef SUPPORT_UTF8
3916 if (utf8 && (d > 255 || ((options & PCRE_CASELESS) != 0 && d > 127)))
3917 {
3918 class_utf8 = TRUE;
3919
3920 /* With UCP support, we can find the other case equivalents of
3921 the relevant characters. There may be several ranges. Optimize how
3922 they fit with the basic range. */
3923
3924 #ifdef SUPPORT_UCP
3925 if ((options & PCRE_CASELESS) != 0)
3926 {
3927 unsigned int occ, ocd;
3928 unsigned int cc = c;
3929 unsigned int origd = d;
3930 while (get_othercase_range(&cc, origd, &occ, &ocd))
3931 {
3932 if (occ >= (unsigned int)c &&
3933 ocd <= (unsigned int)d)
3934 continue; /* Skip embedded ranges */
3935
3936 if (occ < (unsigned int)c &&
3937 ocd >= (unsigned int)c - 1) /* Extend the basic range */
3938 { /* if there is overlap, */
3939 c = occ; /* noting that if occ < c */
3940 continue; /* we can't have ocd > d */
3941 } /* because a subrange is */
3942 if (ocd > (unsigned int)d &&
3943 occ <= (unsigned int)d + 1) /* always shorter than */
3944 { /* the basic range. */
3945 d = ocd;
3946 continue;
3947 }
3948
3949 if (occ == ocd)
3950 {
3951 *class_utf8data++ = XCL_SINGLE;
3952 }
3953 else
3954 {
3955 *class_utf8data++ = XCL_RANGE;
3956 class_utf8data += _pcre_ord2utf8(occ, class_utf8data);
3957 }
3958 class_utf8data += _pcre_ord2utf8(ocd, class_utf8data);
3959 }
3960 }
3961 #endif /* SUPPORT_UCP */
3962
3963 /* Now record the original range, possibly modified for UCP caseless
3964 overlapping ranges. */
3965
3966 *class_utf8data++ = XCL_RANGE;
3967 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
3968 class_utf8data += _pcre_ord2utf8(d, class_utf8data);
3969
3970 /* With UCP support, we are done. Without UCP support, there is no
3971 caseless matching for UTF-8 characters > 127; we can use the bit map
3972 for the smaller ones. */
3973
3974 #ifdef SUPPORT_UCP
3975 continue; /* With next character in the class */
3976 #else
3977 if ((options & PCRE_CASELESS) == 0 || c > 127) continue;
3978
3979 /* Adjust upper limit and fall through to set up the map */
3980
3981 d = 127;
3982
3983 #endif /* SUPPORT_UCP */
3984 }
3985 #endif /* SUPPORT_UTF8 */
3986
3987 /* We use the bit map for all cases when not in UTF-8 mode; else
3988 ranges that lie entirely within 0-127 when there is UCP support; else
3989 for partial ranges without UCP support. */
3990
3991 class_charcount += d - c + 1;
3992 class_lastchar = d;
3993
3994 /* We can save a bit of time by skipping this in the pre-compile. */
3995
3996 if (lengthptr == NULL) for (; c <= d; c++)
3997 {
3998 classbits[c/8] |= (1 << (c&7));
3999 if ((options & PCRE_CASELESS) != 0)
4000 {
4001 int uc = cd->fcc[c]; /* flip case */
4002 classbits[uc/8] |= (1 << (uc&7));
4003 }
4004 }
4005
4006 continue; /* Go get the next char in the class */
4007 }
4008
4009 /* Handle a lone single character - we can get here for a normal
4010 non-escape char, or after \ that introduces a single character or for an
4011 apparent range that isn't. */
4012
4013 LONE_SINGLE_CHARACTER:
4014
4015 /* Handle a character that cannot go in the bit map */
4016
4017 #ifdef SUPPORT_UTF8
4018 if (utf8 && (c > 255 || ((options & PCRE_CASELESS) != 0 && c > 127)))
4019 {
4020 class_utf8 = TRUE;
4021 *class_utf8data++ = XCL_SINGLE;
4022 class_utf8data += _pcre_ord2utf8(c, class_utf8data);
4023
4024 #ifdef SUPPORT_UCP
4025 if ((options & PCRE_CASELESS) != 0)
4026 {
4027 unsigned int othercase;
4028 if ((othercase = UCD_OTHERCASE(c)) != c)
4029 {
4030 *class_utf8data++ = XCL_SINGLE;
4031 class_utf8data += _pcre_ord2utf8(othercase, class_utf8data);
4032 }
4033 }
4034 #endif /* SUPPORT_UCP */
4035
4036 }
4037 else
4038 #endif /* SUPPORT_UTF8 */
4039
4040 /* Handle a single-byte character */
4041 {
4042 classbits[c/8] |= (1 << (c&7));
4043 if ((options & PCRE_CASELESS) != 0)
4044 {
4045 c = cd->fcc[c]; /* flip case */
4046 classbits[c/8] |= (1 << (c&7));
4047 }
4048 class_charcount++;
4049 class_lastchar = c;
4050 }
4051 }
4052
4053 /* Loop until ']' reached. This "while" is the end of the "do" far above.
4054 If we are at the end of an internal nested string, revert to the outer
4055 string. */
4056
4057 while (((c = *(++ptr)) != 0 ||
4058 (nestptr != NULL &&
4059 (ptr = nestptr, nestptr = NULL, c = *(++ptr)) != 0)) &&
4060 (c != CHAR_RIGHT_SQUARE_BRACKET || inescq));
4061
4062 /* Check for missing terminating ']' */
4063
4064 if (c == 0)
4065 {
4066 *errorcodeptr = ERR6;
4067 goto FAILED;
4068 }
4069
4070 /* If class_charcount is 1, we saw precisely one character whose value is
4071 less than 256. As long as there were no characters >= 128 and there was no
4072 use of \p or \P, in other words, no use of any XCLASS features, we can
4073 optimize.
4074
4075 In UTF-8 mode, we can optimize the negative case only if there were no
4076 characters >= 128 because OP_NOT and the related opcodes like OP_NOTSTAR
4077 operate on single-bytes characters only. This is an historical hangover.
4078 Maybe one day we can tidy these opcodes to handle multi-byte characters.
4079
4080 The optimization throws away the bit map. We turn the item into a
4081 1-character OP_CHAR[I] if it's positive, or OP_NOT[I] if it's negative.
4082 Note that OP_NOT[I] does not support multibyte characters. In the positive
4083 case, it can cause firstbyte to be set. Otherwise, there can be no first
4084 char if this item is first, whatever repeat count may follow. In the case
4085 of reqbyte, save the previous value for reinstating. */
4086
4087 #ifdef SUPPORT_UTF8
4088 if (class_charcount == 1 && !class_utf8 &&
4089 (!utf8 || !negate_class || class_lastchar < 128))
4090 #else
4091 if (class_charcount == 1)
4092 #endif
4093 {
4094 zeroreqbyte = reqbyte;
4095
4096 /* The OP_NOT[I] opcodes work on one-byte characters only. */
4097
4098 if (negate_class)
4099 {
4100 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4101 zerofirstbyte = firstbyte;
4102 *code++ = ((options & PCRE_CASELESS) != 0)? OP_NOTI: OP_NOT;
4103 *code++ = class_lastchar;
4104 break;
4105 }
4106
4107 /* For a single, positive character, get the value into mcbuffer, and
4108 then we can handle this with the normal one-character code. */
4109
4110 #ifdef SUPPORT_UTF8
4111 if (utf8 && class_lastchar > 127)
4112 mclength = _pcre_ord2utf8(class_lastchar, mcbuffer);
4113 else
4114 #endif
4115 {
4116 mcbuffer[0] = class_lastchar;
4117 mclength = 1;
4118 }
4119 goto ONE_CHAR;
4120 } /* End of 1-char optimization */
4121
4122 /* The general case - not the one-char optimization. If this is the first
4123 thing in the branch, there can be no first char setting, whatever the
4124 repeat count. Any reqbyte setting must remain unchanged after any kind of
4125 repeat. */
4126
4127 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
4128 zerofirstbyte = firstbyte;
4129 zeroreqbyte = reqbyte;
4130
4131 /* If there are characters with values > 255, we have to compile an
4132 extended class, with its own opcode, unless there was a negated special
4133 such as \S in the class, and PCRE_UCP is not set, because in that case all
4134 characters > 255 are in the class, so any that were explicitly given as
4135 well can be ignored. If (when there are explicit characters > 255 that must
4136 be listed) there are no characters < 256, we can omit the bitmap in the
4137 actual compiled code. */
4138
4139 #ifdef SUPPORT_UTF8
4140 if (class_utf8 && (!should_flip_negation || (options & PCRE_UCP) != 0))
4141 {
4142 *class_utf8data++ = XCL_END; /* Marks the end of extra data */
4143 *code++ = OP_XCLASS;
4144 code += LINK_SIZE;
4145 *code = negate_class? XCL_NOT : 0;
4146
4147 /* If the map is required, move up the extra data to make room for it;
4148 otherwise just move the code pointer to the end of the extra data. */
4149
4150 if (class_charcount > 0)
4151 {
4152 *code++ |= XCL_MAP;
4153 memmove(code + 32, code, class_utf8data - code);
4154 memcpy(code, classbits, 32);
4155 code = class_utf8data + 32;
4156 }
4157 else code = class_utf8data;
4158
4159 /* Now fill in the complete length of the item */
4160
4161 PUT(previous, 1, code - previous);
4162 break; /* End of class handling */
4163 }
4164 #endif
4165
4166 /* If there are no characters > 255, or they are all to be included or
4167 excluded, set the opcode to OP_CLASS or OP_NCLASS, depending on whether the
4168 whole class was negated and whether there were negative specials such as \S
4169 (non-UCP) in the class. Then copy the 32-byte map into the code vector,
4170 negating it if necessary. */
4171
4172 *code++ = (negate_class == should_flip_negation) ? OP_CLASS : OP_NCLASS;
4173 if (negate_class)
4174 {
4175 if (lengthptr == NULL) /* Save time in the pre-compile phase */
4176 for (c = 0; c < 32; c++) code[c] = ~classbits[c];
4177 }
4178 else
4179 {
4180 memcpy(code, classbits, 32);
4181 }
4182 code += 32;
4183 break;
4184
4185
4186 /* ===================================================================*/
4187 /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
4188 has been tested above. */
4189
4190 case CHAR_LEFT_CURLY_BRACKET:
4191 if (!is_quantifier) goto NORMAL_CHAR;
4192 ptr = read_repeat_counts(ptr+1, &repeat_min, &repeat_max, errorcodeptr);
4193 if (*errorcodeptr != 0) goto FAILED;
4194 goto REPEAT;
4195
4196 case CHAR_ASTERISK:
4197 repeat_min = 0;
4198 repeat_max = -1;
4199 goto REPEAT;
4200
4201 case CHAR_PLUS:
4202 repeat_min = 1;
4203 repeat_max = -1;
4204 goto REPEAT;
4205
4206 case CHAR_QUESTION_MARK:
4207 repeat_min = 0;
4208 repeat_max = 1;
4209
4210 REPEAT:
4211 if (previous == NULL)
4212 {
4213 *errorcodeptr = ERR9;
4214 goto FAILED;
4215 }
4216
4217 if (repeat_min == 0)
4218 {
4219 firstbyte = zerofirstbyte; /* Adjust for zero repeat */
4220 reqbyte = zeroreqbyte; /* Ditto */
4221 }
4222
4223 /* Remember whether this is a variable length repeat */
4224
4225 reqvary = (repeat_min == repeat_max)? 0 : REQ_VARY;
4226
4227 op_type = 0; /* Default single-char op codes */
4228 possessive_quantifier = FALSE; /* Default not possessive quantifier */
4229
4230 /* Save start of previous item, in case we have to move it up in order to
4231 insert something before it. */
4232
4233 tempcode = previous;
4234
4235 /* If the next character is '+', we have a possessive quantifier. This
4236 implies greediness, whatever the setting of the PCRE_UNGREEDY option.
4237 If the next character is '?' this is a minimizing repeat, by default,
4238 but if PCRE_UNGREEDY is set, it works the other way round. We change the
4239 repeat type to the non-default. */
4240
4241 if (ptr[1] == CHAR_PLUS)
4242 {
4243 repeat_type = 0; /* Force greedy */
4244 possessive_quantifier = TRUE;
4245 ptr++;
4246 }
4247 else if (ptr[1] == CHAR_QUESTION_MARK)
4248 {
4249 repeat_type = greedy_non_default;
4250 ptr++;
4251 }
4252 else repeat_type = greedy_default;
4253
4254 /* If previous was a recursion call, wrap it in atomic brackets so that
4255 previous becomes the atomic group. All recursions were so wrapped in the
4256 past, but it no longer happens for non-repeated recursions. In fact, the
4257 repeated ones could be re-implemented independently so as not to need this,
4258 but for the moment we rely on the code for repeating groups. */
4259
4260 if (*previous == OP_RECURSE)
4261 {
4262 memmove(previous + 1 + LINK_SIZE, previous, 1 + LINK_SIZE);
4263 *previous = OP_ONCE;
4264 PUT(previous, 1, 2 + 2*LINK_SIZE);
4265 previous[2 + 2*LINK_SIZE] = OP_KET;
4266 PUT(previous, 3 + 2*LINK_SIZE, 2 + 2*LINK_SIZE);
4267 code += 2 + 2 * LINK_SIZE;
4268 length_prevgroup = 3 + 3*LINK_SIZE;
4269
4270 /* When actually compiling, we need to check whether this was a forward
4271 reference, and if so, adjust the offset. */
4272
4273 if (lengthptr == NULL && cd->hwm >= cd->start_workspace + LINK_SIZE)
4274 {
4275 int offset = GET(cd->hwm, -LINK_SIZE);
4276 if (offset == previous + 1 - cd->start_code)
4277 PUT(cd->hwm, -LINK_SIZE, offset + 1 + LINK_SIZE);
4278 }
4279 }
4280
4281 /* Now handle repetition for the different types of item. */
4282
4283 /* If previous was a character match, abolish the item and generate a
4284 repeat item instead. If a char item has a minumum of more than one, ensure
4285 that it is set in reqbyte - it might not be if a sequence such as x{3} is
4286 the first thing in a branch because the x will have gone into firstbyte
4287 instead. */
4288
4289 if (*previous == OP_CHAR || *previous == OP_CHARI)
4290 {
4291 op_type = (*previous == OP_CHAR)? 0 : OP_STARI - OP_STAR;
4292
4293 /* Deal with UTF-8 characters that take up more than one byte. It's
4294 easier to write this out separately than try to macrify it. Use c to
4295 hold the length of the character in bytes, plus 0x80 to flag that it's a
4296 length rather than a small character. */
4297
4298 #ifdef SUPPORT_UTF8
4299 if (utf8 && (code[-1] & 0x80) != 0)
4300 {
4301 uschar *lastchar = code - 1;
4302 while((*lastchar & 0xc0) == 0x80) lastchar--;
4303 c = code - lastchar; /* Length of UTF-8 character */
4304 memcpy(utf8_char, lastchar, c); /* Save the char */
4305 c |= 0x80; /* Flag c as a length */
4306 }
4307 else
4308 #endif
4309
4310 /* Handle the case of a single byte - either with no UTF8 support, or
4311 with UTF-8 disabled, or for a UTF-8 character < 128. */
4312
4313 {
4314 c = code[-1];
4315 if (repeat_min > 1) reqbyte = c | req_caseopt | cd->req_varyopt;
4316 }
4317
4318 /* If the repetition is unlimited, it pays to see if the next thing on
4319 the line is something that cannot possibly match this character. If so,
4320 automatically possessifying this item gains some performance in the case
4321 where the match fails. */
4322
4323 if (!possessive_quantifier &&
4324 repeat_max < 0 &&
4325 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4326 {
4327 repeat_type = 0; /* Force greedy */
4328 possessive_quantifier = TRUE;
4329 }
4330
4331 goto OUTPUT_SINGLE_REPEAT; /* Code shared with single character types */
4332 }
4333
4334 /* If previous was a single negated character ([^a] or similar), we use
4335 one of the special opcodes, replacing it. The code is shared with single-
4336 character repeats by setting opt_type to add a suitable offset into
4337 repeat_type. We can also test for auto-possessification. OP_NOT and OP_NOTI
4338 are currently used only for single-byte chars. */
4339
4340 else if (*previous == OP_NOT || *previous == OP_NOTI)
4341 {
4342 op_type = ((*previous == OP_NOT)? OP_NOTSTAR : OP_NOTSTARI) - OP_STAR;
4343 c = previous[1];
4344 if (!possessive_quantifier &&
4345 repeat_max < 0 &&
4346 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4347 {
4348 repeat_type = 0; /* Force greedy */
4349 possessive_quantifier = TRUE;
4350 }
4351 goto OUTPUT_SINGLE_REPEAT;
4352 }
4353
4354 /* If previous was a character type match (\d or similar), abolish it and
4355 create a suitable repeat item. The code is shared with single-character
4356 repeats by setting op_type to add a suitable offset into repeat_type. Note
4357 the the Unicode property types will be present only when SUPPORT_UCP is
4358 defined, but we don't wrap the little bits of code here because it just
4359 makes it horribly messy. */
4360
4361 else if (*previous < OP_EODN)
4362 {
4363 uschar *oldcode;
4364 int prop_type, prop_value;
4365 op_type = OP_TYPESTAR - OP_STAR; /* Use type opcodes */
4366 c = *previous;
4367
4368 if (!possessive_quantifier &&
4369 repeat_max < 0 &&
4370 check_auto_possessive(previous, utf8, ptr + 1, options, cd))
4371 {
4372 repeat_type = 0; /* Force greedy */
4373 possessive_quantifier = TRUE;
4374 }
4375
4376 OUTPUT_SINGLE_REPEAT:
4377 if (*previous == OP_PROP || *previous == OP_NOTPROP)
4378 {
4379 prop_type = previous[1];
4380 prop_value = previous[2];
4381 }
4382 else prop_type = prop_value = -1;
4383
4384 oldcode = code;
4385 code = previous; /* Usually overwrite previous item */
4386
4387 /* If the maximum is zero then the minimum must also be zero; Perl allows
4388 this case, so we do too - by simply omitting the item altogether. */
4389
4390 if (repeat_max == 0) goto END_REPEAT;
4391
4392 /*--------------------------------------------------------------------*/
4393 /* This code is obsolete from release 8.00; the restriction was finally
4394 removed: */
4395
4396 /* All real repeats make it impossible to handle partial matching (maybe
4397 one day we will be able to remove this restriction). */
4398
4399 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4400 /*--------------------------------------------------------------------*/
4401
4402 /* Combine the op_type with the repeat_type */
4403
4404 repeat_type += op_type;
4405
4406 /* A minimum of zero is handled either as the special case * or ?, or as
4407 an UPTO, with the maximum given. */
4408
4409 if (repeat_min == 0)
4410 {
4411 if (repeat_max == -1) *code++ = OP_STAR + repeat_type;
4412 else if (repeat_max == 1) *code++ = OP_QUERY + repeat_type;
4413 else
4414 {
4415 *code++ = OP_UPTO + repeat_type;
4416 PUT2INC(code, 0, repeat_max);
4417 }
4418 }
4419
4420 /* A repeat minimum of 1 is optimized into some special cases. If the
4421 maximum is unlimited, we use OP_PLUS. Otherwise, the original item is
4422 left in place and, if the maximum is greater than 1, we use OP_UPTO with
4423 one less than the maximum. */
4424
4425 else if (repeat_min == 1)
4426 {
4427 if (repeat_max == -1)
4428 *code++ = OP_PLUS + repeat_type;
4429 else
4430 {
4431 code = oldcode; /* leave previous item in place */
4432 if (repeat_max == 1) goto END_REPEAT;
4433 *code++ = OP_UPTO + repeat_type;
4434 PUT2INC(code, 0, repeat_max - 1);
4435 }
4436 }
4437
4438 /* The case {n,n} is just an EXACT, while the general case {n,m} is
4439 handled as an EXACT followed by an UPTO. */
4440
4441 else
4442 {
4443 *code++ = OP_EXACT + op_type; /* NB EXACT doesn't have repeat_type */
4444 PUT2INC(code, 0, repeat_min);
4445
4446 /* If the maximum is unlimited, insert an OP_STAR. Before doing so,
4447 we have to insert the character for the previous code. For a repeated
4448 Unicode property match, there are two extra bytes that define the
4449 required property. In UTF-8 mode, long characters have their length in
4450 c, with the 0x80 bit as a flag. */
4451
4452 if (repeat_max < 0)
4453 {
4454 #ifdef SUPPORT_UTF8
4455 if (utf8 && c >= 128)
4456 {
4457 memcpy(code, utf8_char, c & 7);
4458 code += c & 7;
4459 }
4460 else
4461 #endif
4462 {
4463 *code++ = c;
4464 if (prop_type >= 0)
4465 {
4466 *code++ = prop_type;
4467 *code++ = prop_value;
4468 }
4469 }
4470 *code++ = OP_STAR + repeat_type;
4471 }
4472
4473 /* Else insert an UPTO if the max is greater than the min, again
4474 preceded by the character, for the previously inserted code. If the
4475 UPTO is just for 1 instance, we can use QUERY instead. */
4476
4477 else if (repeat_max != repeat_min)
4478 {
4479 #ifdef SUPPORT_UTF8
4480 if (utf8 && c >= 128)
4481 {
4482 memcpy(code, utf8_char, c & 7);
4483 code += c & 7;
4484 }
4485 else
4486 #endif
4487 *code++ = c;
4488 if (prop_type >= 0)
4489 {
4490 *code++ = prop_type;
4491 *code++ = prop_value;
4492 }
4493 repeat_max -= repeat_min;
4494
4495 if (repeat_max == 1)
4496 {
4497 *code++ = OP_QUERY + repeat_type;
4498 }
4499 else
4500 {
4501 *code++ = OP_UPTO + repeat_type;
4502 PUT2INC(code, 0, repeat_max);
4503 }
4504 }
4505 }
4506
4507 /* The character or character type itself comes last in all cases. */
4508
4509 #ifdef SUPPORT_UTF8
4510 if (utf8 && c >= 128)
4511 {
4512 memcpy(code, utf8_char, c & 7);
4513 code += c & 7;
4514 }
4515 else
4516 #endif
4517 *code++ = c;
4518
4519 /* For a repeated Unicode property match, there are two extra bytes that
4520 define the required property. */
4521
4522 #ifdef SUPPORT_UCP
4523 if (prop_type >= 0)
4524 {
4525 *code++ = prop_type;
4526 *code++ = prop_value;
4527 }
4528 #endif
4529 }
4530
4531 /* If previous was a character class or a back reference, we put the repeat
4532 stuff after it, but just skip the item if the repeat was {0,0}. */
4533
4534 else if (*previous == OP_CLASS ||
4535 *previous == OP_NCLASS ||
4536 #ifdef SUPPORT_UTF8
4537 *previous == OP_XCLASS ||
4538 #endif
4539 *previous == OP_REF ||
4540 *previous == OP_REFI)
4541 {
4542 if (repeat_max == 0)
4543 {
4544 code = previous;
4545 goto END_REPEAT;
4546 }
4547
4548 /*--------------------------------------------------------------------*/
4549 /* This code is obsolete from release 8.00; the restriction was finally
4550 removed: */
4551
4552 /* All real repeats make it impossible to handle partial matching (maybe
4553 one day we will be able to remove this restriction). */
4554
4555 /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
4556 /*--------------------------------------------------------------------*/
4557
4558 if (repeat_min == 0 && repeat_max == -1)
4559 *code++ = OP_CRSTAR + repeat_type;
4560 else if (repeat_min == 1 && repeat_max == -1)
4561 *code++ = OP_CRPLUS + repeat_type;
4562 else if (repeat_min == 0 && repeat_max == 1)
4563 *code++ = OP_CRQUERY + repeat_type;
4564 else
4565 {
4566 *code++ = OP_CRRANGE + repeat_type;
4567 PUT2INC(code, 0, repeat_min);
4568 if (repeat_max == -1) repeat_max = 0; /* 2-byte encoding for max */
4569 PUT2INC(code, 0, repeat_max);
4570 }
4571 }
4572
4573 /* If previous was a bracket group, we may have to replicate it in certain
4574 cases. Note that at this point we can encounter only the "basic" bracket
4575 opcodes such as BRA and CBRA, as this is the place where they get converted
4576 into the more special varieties such as BRAPOS and SBRA. A test for >=
4577 OP_ASSERT and <= OP_COND includes ASSERT, ASSERT_NOT, ASSERTBACK,
4578 ASSERTBACK_NOT, ONCE, BRA, CBRA, and COND. Originally, PCRE did not allow
4579 repetition of assertions, but now it does, for Perl compatibility. */
4580
4581 else if (*previous >= OP_ASSERT && *previous <= OP_COND)
4582 {
4583 register int i;
4584 int len = (int)(code - previous);
4585 uschar *bralink = NULL;
4586 uschar *brazeroptr = NULL;
4587
4588 /* Repeating a DEFINE group is pointless, but Perl allows the syntax, so
4589 we just ignore the repeat. */
4590
4591 if (*previous == OP_COND && previous[LINK_SIZE+1] == OP_DEF)
4592 goto END_REPEAT;
4593
4594 /* There is no sense in actually repeating assertions. The only potential
4595 use of repetition is in cases when the assertion is optional. Therefore,
4596 if the minimum is greater than zero, just ignore the repeat. If the
4597 maximum is not not zero or one, set it to 1. */
4598
4599 if (*previous < OP_ONCE) /* Assertion */
4600 {
4601 if (repeat_min > 0) goto END_REPEAT;
4602 if (repeat_max < 0 || repeat_max > 1) repeat_max = 1;
4603 }
4604
4605 /* The case of a zero minimum is special because of the need to stick
4606 OP_BRAZERO in front of it, and because the group appears once in the
4607 data, whereas in other cases it appears the minimum number of times. For
4608 this reason, it is simplest to treat this case separately, as otherwise
4609 the code gets far too messy. There are several special subcases when the
4610 minimum is zero. */
4611
4612 if (repeat_min == 0)
4613 {
4614 /* If the maximum is also zero, we used to just omit the group from the
4615 output altogether, like this:
4616
4617 ** if (repeat_max == 0)
4618 ** {
4619 ** code = previous;
4620 ** goto END_REPEAT;
4621 ** }
4622
4623 However, that fails when a group or a subgroup within it is referenced
4624 as a subroutine from elsewhere in the pattern, so now we stick in
4625 OP_SKIPZERO in front of it so that it is skipped on execution. As we
4626 don't have a list of which groups are referenced, we cannot do this
4627 selectively.
4628
4629 If the maximum is 1 or unlimited, we just have to stick in the BRAZERO
4630 and do no more at this point. However, we do need to adjust any
4631 OP_RECURSE calls inside the group that refer to the group itself or any
4632 internal or forward referenced group, because the offset is from the
4633 start of the whole regex. Temporarily terminate the pattern while doing
4634 this. */
4635
4636 if (repeat_max <= 1) /* Covers 0, 1, and unlimited */
4637 {
4638 *code = OP_END;
4639 adjust_recurse(previous, 1, utf8, cd, save_hwm);
4640 memmove(previous+1, previous, len);
4641 code++;
4642 if (repeat_max == 0)
4643 {
4644 *previous++ = OP_SKIPZERO;
4645 goto END_REPEAT;
4646 }
4647 brazeroptr = previous; /* Save for possessive optimizing */
4648 *previous++ = OP_BRAZERO + repeat_type;
4649 }
4650
4651 /* If the maximum is greater than 1 and limited, we have to replicate
4652 in a nested fashion, sticking OP_BRAZERO before each set of brackets.
4653 The first one has to be handled carefully because it's the original
4654 copy, which has to be moved up. The remainder can be handled by code
4655 that is common with the non-zero minimum case below. We have to
4656 adjust the value or repeat_max, since one less copy is required. Once
4657 again, we may have to adjust any OP_RECURSE calls inside the group. */
4658
4659 else
4660 {
4661 int offset;
4662 *code = OP_END;
4663 adjust_recurse(previous, 2 + LINK_SIZE, utf8, cd, save_hwm);
4664 memmove(previous + 2 + LINK_SIZE, previous, len);
4665 code += 2 + LINK_SIZE;
4666 *previous++ = OP_BRAZERO + repeat_type;
4667 *previous++ = OP_BRA;
4668
4669 /* We chain together the bracket offset fields that have to be
4670 filled in later when the ends of the brackets are reached. */
4671
4672 offset = (bralink == NULL)? 0 : (int)(previous - bralink);
4673 bralink = previous;
4674 PUTINC(previous, 0, offset);
4675 }
4676
4677 repeat_max--;
4678 }
4679
4680 /* If the minimum is greater than zero, replicate the group as many
4681 times as necessary, and adjust the maximum to the number of subsequent
4682 copies that we need. If we set a first char from the group, and didn't
4683 set a required char, copy the latter from the former. If there are any
4684 forward reference subroutine calls in the group, there will be entries on
4685 the workspace list; replicate these with an appropriate increment. */
4686
4687 else
4688 {
4689 if (repeat_min > 1)
4690 {
4691 /* In the pre-compile phase, we don't actually do the replication. We
4692 just adjust the length as if we had. Do some paranoid checks for
4693 potential integer overflow. The INT64_OR_DOUBLE type is a 64-bit
4694 integer type when available, otherwise double. */
4695
4696 if (lengthptr != NULL)
4697 {
4698 int delta = (repeat_min - 1)*length_prevgroup;
4699 if ((INT64_OR_DOUBLE)(repeat_min - 1)*
4700 (INT64_OR_DOUBLE)length_prevgroup >
4701 (INT64_OR_DOUBLE)INT_MAX ||
4702 OFLOW_MAX - *lengthptr < delta)
4703 {
4704 *errorcodeptr = ERR20;
4705 goto FAILED;
4706 }
4707 *lengthptr += delta;
4708 }
4709
4710 /* This is compiling for real */
4711
4712 else
4713 {
4714 if (groupsetfirstbyte && reqbyte < 0) reqbyte = firstbyte;
4715 for (i = 1; i < repeat_min; i++)
4716 {
4717 uschar *hc;
4718 uschar *this_hwm = cd->hwm;
4719 memcpy(code, previous, len);
4720 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4721 {
4722 PUT(cd->hwm, 0, GET(hc, 0) + len);
4723 cd->hwm += LINK_SIZE;
4724 }
4725 save_hwm = this_hwm;
4726 code += len;
4727 }
4728 }
4729 }
4730
4731 if (repeat_max > 0) repeat_max -= repeat_min;
4732 }
4733
4734 /* This code is common to both the zero and non-zero minimum cases. If
4735 the maximum is limited, it replicates the group in a nested fashion,
4736 remembering the bracket starts on a stack. In the case of a zero minimum,
4737 the first one was set up above. In all cases the repeat_max now specifies
4738 the number of additional copies needed. Again, we must remember to
4739 replicate entries on the forward reference list. */
4740
4741 if (repeat_max >= 0)
4742 {
4743 /* In the pre-compile phase, we don't actually do the replication. We
4744 just adjust the length as if we had. For each repetition we must add 1
4745 to the length for BRAZERO and for all but the last repetition we must
4746 add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
4747 paranoid checks to avoid integer overflow. The INT64_OR_DOUBLE type is
4748 a 64-bit integer type when available, otherwise double. */
4749
4750 if (lengthptr != NULL && repeat_max > 0)
4751 {
4752 int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
4753 2 - 2*LINK_SIZE; /* Last one doesn't nest */
4754 if ((INT64_OR_DOUBLE)repeat_max *
4755 (INT64_OR_DOUBLE)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
4756 > (INT64_OR_DOUBLE)INT_MAX ||
4757 OFLOW_MAX - *lengthptr < delta)
4758 {
4759 *errorcodeptr = ERR20;
4760 goto FAILED;
4761 }
4762 *lengthptr += delta;
4763 }
4764
4765 /* This is compiling for real */
4766
4767 else for (i = repeat_max - 1; i >= 0; i--)
4768 {
4769 uschar *hc;
4770 uschar *this_hwm = cd->hwm;
4771
4772 *code++ = OP_BRAZERO + repeat_type;
4773
4774 /* All but the final copy start a new nesting, maintaining the
4775 chain of brackets outstanding. */
4776
4777 if (i != 0)
4778 {
4779 int offset;
4780 *code++ = OP_BRA;
4781 offset = (bralink == NULL)? 0 : (int)(code - bralink);
4782 bralink = code;
4783 PUTINC(code, 0, offset);
4784 }
4785
4786 memcpy(code, previous, len);
4787 for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
4788 {
4789 PUT(cd->hwm, 0, GET(hc, 0) + len + ((i != 0)? 2+LINK_SIZE : 1));
4790 cd->hwm += LINK_SIZE;
4791 }
4792 save_hwm = this_hwm;
4793 code += len;
4794 }
4795
4796 /* Now chain through the pending brackets, and fill in their length
4797 fields (which are holding the chain links pro tem). */
4798
4799 while (bralink != NULL)
4800 {
4801 int oldlinkoffset;
4802 int offset = (int)(code - bralink + 1);
4803 uschar *bra = code - offset;
4804 oldlinkoffset = GET(bra, 1);
4805 bralink = (oldlinkoffset == 0)? NULL : bralink - oldlinkoffset;
4806 *code++ = OP_KET;
4807 PUTINC(code, 0, offset);
4808 PUT(bra, 1, offset);
4809 }
4810 }
4811
4812 /* If the maximum is unlimited, set a repeater in the final copy. For
4813 ONCE brackets, that's all we need to do. However, possessively repeated
4814 ONCE brackets can be converted into non-capturing brackets, as the
4815 behaviour of (?:xx)++ is the same as (?>xx)++ and this saves having to
4816 deal with possessive ONCEs specially.
4817
4818 Otherwise, if the quantifier was possessive, we convert the BRA code to
4819 the POS form, and the KET code to KETRPOS. (It turns out to be convenient
4820 at runtime to detect this kind of subpattern at both the start and at the
4821 end.) The use of special opcodes makes it possible to reduce greatly the
4822 stack usage in pcre_exec(). If the group is preceded by OP_BRAZERO,
4823 convert this to OP_BRAPOSZERO. Then cancel the possessive flag so that
4824 the default action below, of wrapping everything inside atomic brackets,
4825 does not happen.
4826
4827 Then, when we are doing the actual compile phase, check to see whether
4828 this group is one that could match an empty string. If so, convert the
4829 initial operator to the S form (e.g. OP_BRA -> OP_SBRA) so that runtime
4830 checking can be done. [This check is also applied to ONCE groups at
4831 runtime, but in a different way.] */
4832
4833 else
4834 {
4835 uschar *ketcode = code - 1 - LINK_SIZE;
4836 uschar *bracode = ketcode - GET(ketcode, 1);
4837
4838 if (*bracode == OP_ONCE && possessive_quantifier) *bracode = OP_BRA;
4839 if (*bracode == OP_ONCE)
4840 *ketcode = OP_KETRMAX + repeat_type;
4841 else
4842 {
4843 if (possessive_quantifier)
4844 {
4845 *bracode += 1; /* Switch to xxxPOS opcodes */
4846 *ketcode = OP_KETRPOS;
4847 if (brazeroptr != NULL) *brazeroptr = OP_BRAPOSZERO;
4848 possessive_quantifier = FALSE;
4849 }
4850 else *ketcode = OP_KETRMAX + repeat_type;
4851
4852 if (lengthptr == NULL)
4853 {
4854 uschar *scode = bracode;
4855 do
4856 {
4857 if (could_be_empty_branch(scode, ketcode, utf8, cd))
4858 {
4859 *bracode += OP_SBRA - OP_BRA;
4860 break;
4861 }
4862 scode += GET(scode, 1);
4863 }
4864 while (*scode == OP_ALT);
4865 }
4866 }
4867 }
4868 }
4869
4870 /* If previous is OP_FAIL, it was generated by an empty class [] in
4871 JavaScript mode. The other ways in which OP_FAIL can be generated, that is
4872 by (*FAIL) or (?!) set previous to NULL, which gives a "nothing to repeat"
4873 error above. We can just ignore the repeat in JS case. */
4874
4875 else if (*previous == OP_FAIL) goto END_REPEAT;
4876
4877 /* Else there's some kind of shambles */
4878
4879 else
4880 {
4881 *errorcodeptr = ERR11;
4882 goto FAILED;
4883 }
4884
4885 /* If the character following a repeat is '+', or if certain optimization
4886 tests above succeeded, possessive_quantifier is TRUE. For some opcodes,
4887 there are special alternative opcodes for this case. For anything else, we
4888 wrap the entire repeated item inside OP_ONCE brackets. Logically, the '+'
4889 notation is just syntactic sugar, taken from Sun's Java package, but the
4890 special opcodes can optimize it.
4891
4892 Possessively repeated subpatterns have already been handled in the code
4893 just above, so possessive_quantifier is always FALSE for them at this
4894 stage.
4895
4896 Note that the repeated item starts at tempcode, not at previous, which
4897 might be the first part of a string whose (former) last char we repeated.
4898
4899 Possessifying an 'exact' quantifier has no effect, so we can ignore it. But
4900 an 'upto' may follow. We skip over an 'exact' item, and then test the
4901 length of what remains before proceeding. */
4902
4903 if (possessive_quantifier)
4904 {
4905 int len;
4906
4907 if (*tempcode == OP_TYPEEXACT)
4908 tempcode += _pcre_OP_lengths[*tempcode] +
4909 ((tempcode[3] == OP_PROP || tempcode[3] == OP_NOTPROP)? 2 : 0);
4910
4911 else if (*tempcode == OP_EXACT || *tempcode == OP_NOTEXACT)
4912 {
4913 tempcode += _pcre_OP_lengths[*tempcode];
4914 #ifdef SUPPORT_UTF8
4915 if (utf8 && tempcode[-1] >= 0xc0)
4916 tempcode += _pcre_utf8_table4[tempcode[-1] & 0x3f];
4917 #endif
4918 }
4919
4920 len = (int)(code - tempcode);
4921 if (len > 0) switch (*tempcode)
4922 {
4923 case OP_STAR: *tempcode = OP_POSSTAR; break;
4924 case OP_PLUS: *tempcode = OP_POSPLUS; break;
4925 case OP_QUERY: *tempcode = OP_POSQUERY; break;
4926 case OP_UPTO: *tempcode = OP_POSUPTO; break;
4927
4928 case OP_STARI: *tempcode = OP_POSSTARI; break;
4929 case OP_PLUSI: *tempcode = OP_POSPLUSI; break;
4930 case OP_QUERYI: *tempcode = OP_POSQUERYI; break;
4931 case OP_UPTOI: *tempcode = OP_POSUPTOI; break;
4932
4933 case OP_NOTSTAR: *tempcode = OP_NOTPOSSTAR; break;
4934 case OP_NOTPLUS: *tempcode = OP_NOTPOSPLUS; break;
4935 case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
4936 case OP_NOTUPTO: *tempcode = OP_NOTPOSUPTO; break;
4937
4938 case OP_NOTSTARI: *tempcode = OP_NOTPOSSTARI; break;
4939 case OP_NOTPLUSI: *tempcode = OP_NOTPOSPLUSI; break;
4940 case OP_NOTQUERYI: *tempcode = OP_NOTPOSQUERYI; break;
4941 case OP_NOTUPTOI: *tempcode = OP_NOTPOSUPTOI; break;
4942
4943 case OP_TYPESTAR: *tempcode = OP_TYPEPOSSTAR; break;
4944 case OP_TYPEPLUS: *tempcode = OP_TYPEPOSPLUS; break;
4945 case OP_TYPEQUERY: *tempcode = OP_TYPEPOSQUERY; break;
4946 case OP_TYPEUPTO: *tempcode = OP_TYPEPOSUPTO; break;
4947
4948 /* Because we are moving code along, we must ensure that any
4949 pending recursive references are updated. */
4950
4951 default:
4952 *code = OP_END;
4953 adjust_recurse(tempcode, 1 + LINK_SIZE, utf8, cd, save_hwm);
4954 memmove(tempcode + 1+LINK_SIZE, tempcode, len);
4955 code += 1 + LINK_SIZE;
4956 len += 1 + LINK_SIZE;
4957 tempcode[0] = OP_ONCE;
4958 *code++ = OP_KET;
4959 PUTINC(code, 0, len);
4960 PUT(tempcode, 1, len);
4961 break;
4962 }
4963 }
4964
4965 /* In all case we no longer have a previous item. We also set the
4966 "follows varying string" flag for subsequently encountered reqbytes if
4967 it isn't already set and we have just passed a varying length item. */
4968
4969 END_REPEAT:
4970 previous = NULL;
4971 cd->req_varyopt |= reqvary;
4972 break;
4973
4974
4975 /* ===================================================================*/
4976 /* Start of nested parenthesized sub-expression, or comment or lookahead or
4977 lookbehind or option setting or condition or all the other extended
4978 parenthesis forms. */
4979
4980 case CHAR_LEFT_PARENTHESIS:
4981 newoptions = options;
4982 skipbytes = 0;
4983 bravalue = OP_CBRA;
4984 save_hwm = cd->hwm;
4985 reset_bracount = FALSE;
4986
4987 /* First deal with various "verbs" that can be introduced by '*'. */
4988
4989 if (*(++ptr) == CHAR_ASTERISK &&
4990 ((cd->ctypes[ptr[1]] & ctype_letter) != 0 || ptr[1] == ':'))
4991 {
4992 int i, namelen;
4993 int arglen = 0;
4994 const char *vn = verbnames;
4995 const uschar *name = ptr + 1;
4996 const uschar *arg = NULL;
4997 previous = NULL;
4998 while ((cd->ctypes[*++ptr] & ctype_letter) != 0) {};
4999 namelen = (int)(ptr - name);
5000
5001 if (*ptr == CHAR_COLON)
5002 {
5003 arg = ++ptr;
5004 while ((cd->ctypes[*ptr] & (ctype_letter|ctype_digit)) != 0
5005 || *ptr == '_') ptr++;
5006 arglen = (int)(ptr - arg);
5007 }
5008
5009 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5010 {
5011 *errorcodeptr = ERR60;
5012 goto FAILED;
5013 }
5014
5015 /* Scan the table of verb names */
5016
5017 for (i = 0; i < verbcount; i++)
5018 {
5019 if (namelen == verbs[i].len &&
5020 strncmp((char *)name, vn, namelen) == 0)
5021 {
5022 /* Check for open captures before ACCEPT and convert it to
5023 ASSERT_ACCEPT if in an assertion. */
5024
5025 if (verbs[i].op == OP_ACCEPT)
5026 {
5027 open_capitem *oc;
5028 if (arglen != 0)
5029 {
5030 *errorcodeptr = ERR59;
5031 goto FAILED;
5032 }
5033 cd->had_accept = TRUE;
5034 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
5035 {
5036 *code++ = OP_CLOSE;
5037 PUT2INC(code, 0, oc->number);
5038 }
5039 *code++ = (cd->assert_depth > 0)? OP_ASSERT_ACCEPT : OP_ACCEPT;
5040 }
5041
5042 /* Handle other cases with/without an argument */
5043
5044 else if (arglen == 0)
5045 {
5046 if (verbs[i].op < 0) /* Argument is mandatory */
5047 {
5048 *errorcodeptr = ERR66;
5049 goto FAILED;
5050 }
5051 *code = verbs[i].op;
5052 if (*code++ == OP_THEN)
5053 {
5054 PUT(code, 0, code - bcptr->current_branch - 1);
5055 code += LINK_SIZE;
5056 }
5057 }
5058
5059 else
5060 {
5061 if (verbs[i].op_arg < 0) /* Argument is forbidden */
5062 {
5063 *errorcodeptr = ERR59;
5064 goto FAILED;
5065 }
5066 *code = verbs[i].op_arg;
5067 if (*code++ == OP_THEN_ARG)
5068 {
5069 PUT(code, 0, code - bcptr->current_branch - 1);
5070 code += LINK_SIZE;
5071 }
5072 *code++ = arglen;
5073 memcpy(code, arg, arglen);
5074 code += arglen;
5075 *code++ = 0;
5076 }
5077
5078 break; /* Found verb, exit loop */
5079 }
5080
5081 vn += verbs[i].len + 1;
5082 }
5083
5084 if (i < verbcount) continue; /* Successfully handled a verb */
5085 *errorcodeptr = ERR60; /* Verb not recognized */
5086 goto FAILED;
5087 }
5088
5089 /* Deal with the extended parentheses; all are introduced by '?', and the
5090 appearance of any of them means that this is not a capturing group. */
5091
5092 else if (*ptr == CHAR_QUESTION_MARK)
5093 {
5094 int i, set, unset, namelen;
5095 int *optset;
5096 const uschar *name;
5097 uschar *slot;
5098
5099 switch (*(++ptr))
5100 {
5101 case CHAR_NUMBER_SIGN: /* Comment; skip to ket */
5102 ptr++;
5103 while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
5104 if (*ptr == 0)
5105 {
5106 *errorcodeptr = ERR18;
5107 goto FAILED;
5108 }
5109 continue;
5110
5111
5112 /* ------------------------------------------------------------ */
5113 case CHAR_VERTICAL_LINE: /* Reset capture count for each branch */
5114 reset_bracount = TRUE;
5115 /* Fall through */
5116
5117 /* ------------------------------------------------------------ */
5118 case CHAR_COLON: /* Non-capturing bracket */
5119 bravalue = OP_BRA;
5120 ptr++;
5121 break;
5122
5123
5124 /* ------------------------------------------------------------ */
5125 case CHAR_LEFT_PARENTHESIS:
5126 bravalue = OP_COND; /* Conditional group */
5127
5128 /* A condition can be an assertion, a number (referring to a numbered
5129 group), a name (referring to a named group), or 'R', referring to
5130 recursion. R<digits> and R&name are also permitted for recursion tests.
5131
5132 There are several syntaxes for testing a named group: (?(name)) is used
5133 by Python; Perl 5.10 onwards uses (?(<name>) or (?('name')).
5134
5135 There are two unfortunate ambiguities, caused by history. (a) 'R' can
5136 be the recursive thing or the name 'R' (and similarly for 'R' followed
5137 by digits), and (b) a number could be a name that consists of digits.
5138 In both cases, we look for a name first; if not found, we try the other
5139 cases. */
5140
5141 /* For conditions that are assertions, check the syntax, and then exit
5142 the switch. This will take control down to where bracketed groups,
5143 including assertions, are processed. */
5144
5145 if (ptr[1] == CHAR_QUESTION_MARK && (ptr[2] == CHAR_EQUALS_SIGN ||
5146 ptr[2] == CHAR_EXCLAMATION_MARK || ptr[2] == CHAR_LESS_THAN_SIGN))
5147 break;
5148
5149 /* Most other conditions use OP_CREF (a couple change to OP_RREF
5150 below), and all need to skip 3 bytes at the start of the group. */
5151
5152 code[1+LINK_SIZE] = OP_CREF;
5153 skipbytes = 3;
5154 refsign = -1;
5155
5156 /* Check for a test for recursion in a named group. */
5157
5158 if (ptr[1] == CHAR_R && ptr[2] == CHAR_AMPERSAND)
5159 {
5160 terminator = -1;
5161 ptr += 2;
5162 code[1+LINK_SIZE] = OP_RREF; /* Change the type of test */
5163 }
5164
5165 /* Check for a test for a named group's having been set, using the Perl
5166 syntax (?(<name>) or (?('name') */
5167
5168 else if (ptr[1] == CHAR_LESS_THAN_SIGN)
5169 {
5170 terminator = CHAR_GREATER_THAN_SIGN;
5171 ptr++;
5172 }
5173 else if (ptr[1] == CHAR_APOSTROPHE)
5174 {
5175 terminator = CHAR_APOSTROPHE;
5176 ptr++;
5177 }
5178 else
5179 {
5180 terminator = 0;
5181 if (ptr[1] == CHAR_MINUS || ptr[1] == CHAR_PLUS) refsign = *(++ptr);
5182 }
5183
5184 /* We now expect to read a name; any thing else is an error */
5185
5186 if ((cd->ctypes[ptr[1]] & ctype_word) == 0)
5187 {
5188 ptr += 1; /* To get the right offset */
5189 *errorcodeptr = ERR28;
5190 goto FAILED;
5191 }
5192
5193 /* Read the name, but also get it as a number if it's all digits */
5194
5195 recno = 0;
5196 name = ++ptr;
5197 while ((cd->ctypes[*ptr] & ctype_word) != 0)
5198 {
5199 if (recno >= 0)
5200 recno = ((digitab[*ptr] & ctype_digit) != 0)?
5201 recno * 10 + *ptr - CHAR_0 : -1;
5202 ptr++;
5203 }
5204 namelen = (int)(ptr - name);
5205
5206 if ((terminator > 0 && *ptr++ != terminator) ||
5207 *ptr++ != CHAR_RIGHT_PARENTHESIS)
5208 {
5209 ptr--; /* Error offset */
5210 *errorcodeptr = ERR26;
5211 goto FAILED;
5212 }
5213
5214 /* Do no further checking in the pre-compile phase. */
5215
5216 if (lengthptr != NULL) break;
5217
5218 /* In the real compile we do the work of looking for the actual
5219 reference. If the string started with "+" or "-" we require the rest to
5220 be digits, in which case recno will be set. */
5221
5222 if (refsign > 0)
5223 {
5224 if (recno <= 0)
5225 {
5226 *errorcodeptr = ERR58;
5227 goto FAILED;
5228 }
5229 recno = (refsign == CHAR_MINUS)?
5230 cd->bracount - recno + 1 : recno +cd->bracount;
5231 if (recno <= 0 || recno > cd->final_bracount)
5232 {
5233 *errorcodeptr = ERR15;
5234 goto FAILED;
5235 }
5236 PUT2(code, 2+LINK_SIZE, recno);
5237 break;
5238 }
5239
5240 /* Otherwise (did not start with "+" or "-"), start by looking for the
5241 name. If we find a name, add one to the opcode to change OP_CREF or
5242 OP_RREF into OP_NCREF or OP_NRREF. These behave exactly the same,
5243 except they record that the reference was originally to a name. The
5244 information is used to check duplicate names. */
5245
5246 slot = cd->name_table;
5247 for (i = 0; i < cd->names_found; i++)
5248 {
5249 if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
5250 slot += cd->name_entry_size;
5251 }
5252
5253 /* Found a previous named subpattern */
5254
5255 if (i < cd->names_found)
5256 {
5257 recno = GET2(slot, 0);
5258 PUT2(code, 2+LINK_SIZE, recno);
5259 code[1+LINK_SIZE]++;
5260 }
5261
5262 /* Search the pattern for a forward reference */
5263
5264 else if ((i = find_parens(cd, name, namelen,
5265 (options & PCRE_EXTENDED) != 0, utf8)) > 0)
5266 {
5267 PUT2(code, 2+LINK_SIZE, i);
5268 code[1+LINK_SIZE]++;
5269 }
5270
5271 /* If terminator == 0 it means that the name followed directly after
5272 the opening parenthesis [e.g. (?(abc)...] and in this case there are
5273 some further alternatives to try. For the cases where terminator != 0
5274 [things like (?(<name>... or (?('name')... or (?(R&name)... ] we have
5275 now checked all the possibilities, so give an error. */
5276
5277 else if (terminator != 0)
5278 {
5279 *errorcodeptr = ERR15;
5280 goto FAILED;
5281 }
5282
5283 /* Check for (?(R) for recursion. Allow digits after R to specify a
5284 specific group number. */
5285
5286 else if (*name == CHAR_R)
5287 {
5288 recno = 0;
5289 for (i = 1; i < namelen; i++)
5290 {
5291 if ((digitab[name[i]] & ctype_digit) == 0)
5292 {
5293 *errorcodeptr = ERR15;
5294 goto FAILED;
5295 }
5296 recno = recno * 10 + name[i] - CHAR_0;
5297 }
5298 if (recno == 0) recno = RREF_ANY;
5299 code[1+LINK_SIZE] = OP_RREF; /* Change test type */
5300 PUT2(code, 2+LINK_SIZE, recno);
5301 }
5302
5303 /* Similarly, check for the (?(DEFINE) "condition", which is always
5304 false. */
5305
5306 else if (namelen == 6 && strncmp((char *)name, STRING_DEFINE, 6) == 0)
5307 {
5308 code[1+LINK_SIZE] = OP_DEF;
5309 skipbytes = 1;
5310 }
5311
5312 /* Check for the "name" actually being a subpattern number. We are
5313 in the second pass here, so final_bracount is set. */
5314
5315 else if (recno > 0 && recno <= cd->final_bracount)
5316 {
5317 PUT2(code, 2+LINK_SIZE, recno);
5318 }
5319
5320 /* Either an unidentified subpattern, or a reference to (?(0) */
5321
5322 else
5323 {
5324 *errorcodeptr = (recno == 0)? ERR35: ERR15;
5325 goto FAILED;
5326 }
5327 break;
5328
5329
5330 /* ------------------------------------------------------------ */
5331 case CHAR_EQUALS_SIGN: /* Positive lookahead */
5332 bravalue = OP_ASSERT;
5333 cd->assert_depth += 1;
5334 ptr++;
5335 break;
5336
5337
5338 /* ------------------------------------------------------------ */
5339 case CHAR_EXCLAMATION_MARK: /* Negative lookahead */
5340 ptr++;
5341 if (*ptr == CHAR_RIGHT_PARENTHESIS) /* Optimize (?!) */
5342 {
5343 *code++ = OP_FAIL;
5344 previous = NULL;
5345 continue;
5346 }
5347 bravalue = OP_ASSERT_NOT;
5348 cd->assert_depth += 1;
5349 break;
5350
5351
5352 /* ------------------------------------------------------------ */
5353 case CHAR_LESS_THAN_SIGN: /* Lookbehind or named define */
5354 switch (ptr[1])
5355 {
5356 case CHAR_EQUALS_SIGN: /* Positive lookbehind */
5357 bravalue = OP_ASSERTBACK;
5358 cd->assert_depth += 1;
5359 ptr += 2;
5360 break;
5361
5362 case CHAR_EXCLAMATION_MARK: /* Negative lookbehind */
5363 bravalue = OP_ASSERTBACK_NOT;
5364 cd->assert_depth += 1;
5365 ptr += 2;
5366 break;
5367
5368 default: /* Could be name define, else bad */
5369 if ((cd->ctypes[ptr[1]] & ctype_word) != 0) goto DEFINE_NAME;
5370 ptr++; /* Correct offset for error */
5371 *errorcodeptr = ERR24;
5372 goto FAILED;
5373 }
5374 break;
5375
5376
5377 /* ------------------------------------------------------------ */
5378 case CHAR_GREATER_THAN_SIGN: /* One-time brackets */
5379 bravalue = OP_ONCE;
5380 ptr++;
5381 break;
5382
5383
5384 /* ------------------------------------------------------------ */
5385 case CHAR_C: /* Callout - may be followed by digits; */
5386 previous_callout = code; /* Save for later completion */
5387 after_manual_callout = 1; /* Skip one item before completing */
5388 *code++ = OP_CALLOUT;
5389 {
5390 int n = 0;
5391 while ((digitab[*(++ptr)] & ctype_digit) != 0)
5392 n = n * 10 + *ptr - CHAR_0;
5393 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5394 {
5395 *errorcodeptr = ERR39;
5396 goto FAILED;
5397 }
5398 if (n > 255)
5399 {
5400 *errorcodeptr = ERR38;
5401 goto FAILED;
5402 }
5403 *code++ = n;
5404 PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
5405 PUT(code, LINK_SIZE, 0); /* Default length */
5406 code += 2 * LINK_SIZE;
5407 }
5408 previous = NULL;
5409 continue;
5410
5411
5412 /* ------------------------------------------------------------ */
5413 case CHAR_P: /* Python-style named subpattern handling */
5414 if (*(++ptr) == CHAR_EQUALS_SIGN ||
5415 *ptr == CHAR_GREATER_THAN_SIGN) /* Reference or recursion */
5416 {
5417 is_recurse = *ptr == CHAR_GREATER_THAN_SIGN;
5418 terminator = CHAR_RIGHT_PARENTHESIS;
5419 goto NAMED_REF_OR_RECURSE;
5420 }
5421 else if (*ptr != CHAR_LESS_THAN_SIGN) /* Test for Python-style defn */
5422 {
5423 *errorcodeptr = ERR41;
5424 goto FAILED;
5425 }
5426 /* Fall through to handle (?P< as (?< is handled */
5427
5428
5429 /* ------------------------------------------------------------ */
5430 DEFINE_NAME: /* Come here from (?< handling */
5431 case CHAR_APOSTROPHE:
5432 {
5433 terminator = (*ptr == CHAR_LESS_THAN_SIGN)?
5434 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
5435 name = ++ptr;
5436
5437 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5438 namelen = (int)(ptr - name);
5439
5440 /* In the pre-compile phase, just do a syntax check. */
5441
5442 if (lengthptr != NULL)
5443 {
5444 if (*ptr != terminator)
5445 {
5446 *errorcodeptr = ERR42;
5447 goto FAILED;
5448 }
5449 if (cd->names_found >= MAX_NAME_COUNT)
5450 {
5451 *errorcodeptr = ERR49;
5452 goto FAILED;
5453 }
5454 if (namelen + 3 > cd->name_entry_size)
5455 {
5456 cd->name_entry_size = namelen + 3;
5457 if (namelen > MAX_NAME_SIZE)
5458 {
5459 *errorcodeptr = ERR48;
5460 goto FAILED;
5461 }
5462 }
5463 }
5464
5465 /* In the real compile, create the entry in the table, maintaining
5466 alphabetical order. Duplicate names for different numbers are
5467 permitted only if PCRE_DUPNAMES is set. Duplicate names for the same
5468 number are always OK. (An existing number can be re-used if (?|
5469 appears in the pattern.) In either event, a duplicate name results in
5470 a duplicate entry in the table, even if the number is the same. This
5471 is because the number of names, and hence the table size, is computed
5472 in the pre-compile, and it affects various numbers and pointers which
5473 would all have to be modified, and the compiled code moved down, if
5474 duplicates with the same number were omitted from the table. This
5475 doesn't seem worth the hassle. However, *different* names for the
5476 same number are not permitted. */
5477
5478 else
5479 {
5480 BOOL dupname = FALSE;
5481 slot = cd->name_table;
5482
5483 for (i = 0; i < cd->names_found; i++)
5484 {
5485 int crc = memcmp(name, slot+2, namelen);
5486 if (crc == 0)
5487 {
5488 if (slot[2+namelen] == 0)
5489 {
5490 if (GET2(slot, 0) != cd->bracount + 1 &&
5491 (options & PCRE_DUPNAMES) == 0)
5492 {
5493 *errorcodeptr = ERR43;
5494 goto FAILED;
5495 }
5496 else dupname = TRUE;
5497 }
5498 else crc = -1; /* Current name is a substring */
5499 }
5500
5501 /* Make space in the table and break the loop for an earlier
5502 name. For a duplicate or later name, carry on. We do this for
5503 duplicates so that in the simple case (when ?(| is not used) they
5504 are in order of their numbers. */
5505
5506 if (crc < 0)
5507 {
5508 memmove(slot + cd->name_entry_size, slot,
5509 (cd->names_found - i) * cd->name_entry_size);
5510 break;
5511 }
5512
5513 /* Continue the loop for a later or duplicate name */
5514
5515 slot += cd->name_entry_size;
5516 }
5517
5518 /* For non-duplicate names, check for a duplicate number before
5519 adding the new name. */
5520
5521 if (!dupname)
5522 {
5523 uschar *cslot = cd->name_table;
5524 for (i = 0; i < cd->names_found; i++)
5525 {
5526 if (cslot != slot)
5527 {
5528 if (GET2(cslot, 0) == cd->bracount + 1)
5529 {
5530 *errorcodeptr = ERR65;
5531 goto FAILED;
5532 }
5533 }
5534 else i--;
5535 cslot += cd->name_entry_size;
5536 }
5537 }
5538
5539 PUT2(slot, 0, cd->bracount + 1);
5540 memcpy(slot + 2, name, namelen);
5541 slot[2+namelen] = 0;
5542 }
5543 }
5544
5545 /* In both pre-compile and compile, count the number of names we've
5546 encountered. */
5547
5548 cd->names_found++;
5549 ptr++; /* Move past > or ' */
5550 goto NUMBERED_GROUP;
5551
5552
5553 /* ------------------------------------------------------------ */
5554 case CHAR_AMPERSAND: /* Perl recursion/subroutine syntax */
5555 terminator = CHAR_RIGHT_PARENTHESIS;
5556 is_recurse = TRUE;
5557 /* Fall through */
5558
5559 /* We come here from the Python syntax above that handles both
5560 references (?P=name) and recursion (?P>name), as well as falling
5561 through from the Perl recursion syntax (?&name). We also come here from
5562 the Perl \k<name> or \k'name' back reference syntax and the \k{name}
5563 .NET syntax, and the Oniguruma \g<...> and \g'...' subroutine syntax. */
5564
5565 NAMED_REF_OR_RECURSE:
5566 name = ++ptr;
5567 while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
5568 namelen = (int)(ptr - name);
5569
5570 /* In the pre-compile phase, do a syntax check. We used to just set
5571 a dummy reference number, because it was not used in the first pass.
5572 However, with the change of recursive back references to be atomic,
5573 we have to look for the number so that this state can be identified, as
5574 otherwise the incorrect length is computed. If it's not a backwards
5575 reference, the dummy number will do. */
5576
5577 if (lengthptr != NULL)
5578 {
5579 const uschar *temp;
5580
5581 if (namelen == 0)
5582 {
5583 *errorcodeptr = ERR62;
5584 goto FAILED;
5585 }
5586 if (*ptr != terminator)
5587 {
5588 *errorcodeptr = ERR42;
5589 goto FAILED;
5590 }
5591 if (namelen > MAX_NAME_SIZE)
5592 {
5593 *errorcodeptr = ERR48;
5594 goto FAILED;
5595 }
5596
5597 /* The name table does not exist in the first pass, so we cannot
5598 do a simple search as in the code below. Instead, we have to scan the
5599 pattern to find the number. It is important that we scan it only as
5600 far as we have got because the syntax of named subpatterns has not
5601 been checked for the rest of the pattern, and find_parens() assumes
5602 correct syntax. In any case, it's a waste of resources to scan
5603 further. We stop the scan at the current point by temporarily
5604 adjusting the value of cd->endpattern. */
5605
5606 temp = cd->end_pattern;
5607 cd->end_pattern = ptr;
5608 recno = find_parens(cd, name, namelen,
5609 (options & PCRE_EXTENDED) != 0, utf8);
5610 cd->end_pattern = temp;
5611 if (recno < 0) recno = 0; /* Forward ref; set dummy number */
5612 }
5613
5614 /* In the real compile, seek the name in the table. We check the name
5615 first, and then check that we have reached the end of the name in the
5616 table. That way, if the name that is longer than any in the table,
5617 the comparison will fail without reading beyond the table entry. */
5618
5619 else
5620 {
5621 slot = cd->name_table;
5622 for (i = 0; i < cd->names_found; i++)
5623 {
5624 if (strncmp((char *)name, (char *)slot+2, namelen) == 0 &&
5625 slot[2+namelen] == 0)
5626 break;
5627 slot += cd->name_entry_size;
5628 }
5629
5630 if (i < cd->names_found) /* Back reference */
5631 {
5632 recno = GET2(slot, 0);
5633 }
5634 else if ((recno = /* Forward back reference */
5635 find_parens(cd, name, namelen,
5636 (options & PCRE_EXTENDED) != 0, utf8)) <= 0)
5637 {
5638 *errorcodeptr = ERR15;
5639 goto FAILED;
5640 }
5641 }
5642
5643 /* In both phases, we can now go to the code than handles numerical
5644 recursion or backreferences. */
5645
5646 if (is_recurse) goto HANDLE_RECURSION;
5647 else goto HANDLE_REFERENCE;
5648
5649
5650 /* ------------------------------------------------------------ */
5651 case CHAR_R: /* Recursion */
5652 ptr++; /* Same as (?0) */
5653 /* Fall through */
5654
5655
5656 /* ------------------------------------------------------------ */
5657 case CHAR_MINUS: case CHAR_PLUS: /* Recursion or subroutine */
5658 case CHAR_0: case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4:
5659 case CHAR_5: case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
5660 {
5661 const uschar *called;
5662 terminator = CHAR_RIGHT_PARENTHESIS;
5663
5664 /* Come here from the \g<...> and \g'...' code (Oniguruma
5665 compatibility). However, the syntax has been checked to ensure that
5666 the ... are a (signed) number, so that neither ERR63 nor ERR29 will
5667 be called on this path, nor with the jump to OTHER_CHAR_AFTER_QUERY
5668 ever be taken. */
5669
5670 HANDLE_NUMERICAL_RECURSION:
5671
5672 if ((refsign = *ptr) == CHAR_PLUS)
5673 {
5674 ptr++;
5675 if ((digitab[*ptr] & ctype_digit) == 0)
5676 {
5677 *errorcodeptr = ERR63;
5678 goto FAILED;
5679 }
5680 }
5681 else if (refsign == CHAR_MINUS)
5682 {
5683 if ((digitab[ptr[1]] & ctype_digit) == 0)
5684 goto OTHER_CHAR_AFTER_QUERY;
5685 ptr++;
5686 }
5687
5688 recno = 0;
5689 while((digitab[*ptr] & ctype_digit) != 0)
5690 recno = recno * 10 + *ptr++ - CHAR_0;
5691
5692 if (*ptr != terminator)
5693 {
5694 *errorcodeptr = ERR29;
5695 goto FAILED;
5696 }
5697
5698 if (refsign == CHAR_MINUS)
5699 {
5700 if (recno == 0)
5701 {
5702 *errorcodeptr = ERR58;
5703 goto FAILED;
5704 }
5705 recno = cd->bracount - recno + 1;
5706 if (recno <= 0)
5707 {
5708 *errorcodeptr = ERR15;
5709 goto FAILED;
5710 }
5711 }
5712 else if (refsign == CHAR_PLUS)
5713 {
5714 if (recno == 0)
5715 {
5716 *errorcodeptr = ERR58;
5717 goto FAILED;
5718 }
5719 recno += cd->bracount;
5720 }
5721
5722 /* Come here from code above that handles a named recursion */
5723
5724 HANDLE_RECURSION:
5725
5726 previous = code;
5727 called = cd->start_code;
5728
5729 /* When we are actually compiling, find the bracket that is being
5730 referenced. Temporarily end the regex in case it doesn't exist before
5731 this point. If we end up with a forward reference, first check that
5732 the bracket does occur later so we can give the error (and position)
5733 now. Then remember this forward reference in the workspace so it can
5734 be filled in at the end. */
5735
5736 if (lengthptr == NULL)
5737 {
5738 *code = OP_END;
5739 if (recno != 0)
5740 called = _pcre_find_bracket(cd->start_code, utf8, recno);
5741
5742 /* Forward reference */
5743
5744 if (called == NULL)
5745 {
5746 if (find_parens(cd, NULL, recno,
5747 (options & PCRE_EXTENDED) != 0, utf8) < 0)
5748 {
5749 *errorcodeptr = ERR15;
5750 goto FAILED;
5751 }
5752
5753 /* Fudge the value of "called" so that when it is inserted as an
5754 offset below, what it actually inserted is the reference number
5755 of the group. Then remember the forward reference. */
5756
5757 called = cd->start_code + recno;
5758 PUTINC(cd->hwm, 0, (int)(code + 1 - cd->start_code));
5759 }
5760
5761 /* If not a forward reference, and the subpattern is still open,
5762 this is a recursive call. We check to see if this is a left
5763 recursion that could loop for ever, and diagnose that case. We
5764 must not, however, do this check if we are in a conditional
5765 subpattern because the condition might be testing for recursion in
5766 a pattern such as /(?(R)a+|(?R)b)/, which is perfectly valid.
5767 Forever loops are also detected at runtime, so those that occur in
5768 conditional subpatterns will be picked up then. */
5769
5770 else if (GET(called, 1) == 0 && cond_depth <= 0 &&
5771 could_be_empty(called, code, bcptr, utf8, cd))
5772 {
5773 *errorcodeptr = ERR40;
5774 goto FAILED;
5775 }
5776 }
5777
5778 /* Insert the recursion/subroutine item. */
5779
5780 *code = OP_RECURSE;
5781 PUT(code, 1, (int)(called - cd->start_code));
5782 code += 1 + LINK_SIZE;
5783 }
5784
5785 /* Can't determine a first byte now */
5786
5787 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
5788 continue;
5789
5790
5791 /* ------------------------------------------------------------ */
5792 default: /* Other characters: check option setting */
5793 OTHER_CHAR_AFTER_QUERY:
5794 set = unset = 0;
5795 optset = &set;
5796
5797 while (*ptr != CHAR_RIGHT_PARENTHESIS && *ptr != CHAR_COLON)
5798 {
5799 switch (*ptr++)
5800 {
5801 case CHAR_MINUS: optset = &unset; break;
5802
5803 case CHAR_J: /* Record that it changed in the external options */
5804 *optset |= PCRE_DUPNAMES;
5805 cd->external_flags |= PCRE_JCHANGED;
5806 break;
5807
5808 case CHAR_i: *optset |= PCRE_CASELESS; break;
5809 case CHAR_m: *optset |= PCRE_MULTILINE; break;
5810 case CHAR_s: *optset |= PCRE_DOTALL; break;
5811 case CHAR_x: *optset |= PCRE_EXTENDED; break;
5812 case CHAR_U: *optset |= PCRE_UNGREEDY; break;
5813 case CHAR_X: *optset |= PCRE_EXTRA; break;
5814
5815 default: *errorcodeptr = ERR12;
5816 ptr--; /* Correct the offset */
5817 goto FAILED;
5818 }
5819 }
5820
5821 /* Set up the changed option bits, but don't change anything yet. */
5822
5823 newoptions = (options | set) & (~unset);
5824
5825 /* If the options ended with ')' this is not the start of a nested
5826 group with option changes, so the options change at this level. If this
5827 item is right at the start of the pattern, the options can be
5828 abstracted and made external in the pre-compile phase, and ignored in
5829 the compile phase. This can be helpful when matching -- for instance in
5830 caseless checking of required bytes.
5831
5832 If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are
5833 definitely *not* at the start of the pattern because something has been
5834 compiled. In the pre-compile phase, however, the code pointer can have
5835 that value after the start, because it gets reset as code is discarded
5836 during the pre-compile. However, this can happen only at top level - if
5837 we are within parentheses, the starting BRA will still be present. At
5838 any parenthesis level, the length value can be used to test if anything
5839 has been compiled at that level. Thus, a test for both these conditions
5840 is necessary to ensure we correctly detect the start of the pattern in
5841 both phases.
5842
5843 If we are not at the pattern start, reset the greedy defaults and the
5844 case value for firstbyte and reqbyte. */
5845
5846 if (*ptr == CHAR_RIGHT_PARENTHESIS)
5847 {
5848 if (code == cd->start_code + 1 + LINK_SIZE &&
5849 (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
5850 {
5851 cd->external_options = newoptions;
5852 }
5853 else
5854 {
5855 greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
5856 greedy_non_default = greedy_default ^ 1;
5857 req_caseopt = ((newoptions & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
5858 }
5859
5860 /* Change options at this level, and pass them back for use
5861 in subsequent branches. */
5862
5863 *optionsptr = options = newoptions;
5864 previous = NULL; /* This item can't be repeated */
5865 continue; /* It is complete */
5866 }
5867
5868 /* If the options ended with ':' we are heading into a nested group
5869 with possible change of options. Such groups are non-capturing and are
5870 not assertions of any kind. All we need to do is skip over the ':';
5871 the newoptions value is handled below. */
5872
5873 bravalue = OP_BRA;
5874 ptr++;
5875 } /* End of switch for character following (? */
5876 } /* End of (? handling */
5877
5878 /* Opening parenthesis not followed by '*' or '?'. If PCRE_NO_AUTO_CAPTURE
5879 is set, all unadorned brackets become non-capturing and behave like (?:...)
5880 brackets. */
5881
5882 else if ((options & PCRE_NO_AUTO_CAPTURE) != 0)
5883 {
5884 bravalue = OP_BRA;
5885 }
5886
5887 /* Else we have a capturing group. */
5888
5889 else
5890 {
5891 NUMBERED_GROUP:
5892 cd->bracount += 1;
5893 PUT2(code, 1+LINK_SIZE, cd->bracount);
5894 skipbytes = 2;
5895 }
5896
5897 /* Process nested bracketed regex. Assertions used not to be repeatable,
5898 but this was changed for Perl compatibility, so all kinds can now be
5899 repeated. We copy code into a non-register variable (tempcode) in order to
5900 be able to pass its address because some compilers complain otherwise. */
5901
5902 previous = code; /* For handling repetition */
5903 *code = bravalue;
5904 tempcode = code;
5905 tempreqvary = cd->req_varyopt; /* Save value before bracket */
5906 length_prevgroup = 0; /* Initialize for pre-compile phase */
5907
5908 if (!compile_regex(
5909 newoptions, /* The complete new option state */
5910 &tempcode, /* Where to put code (updated) */
5911 &ptr, /* Input pointer (updated) */
5912 errorcodeptr, /* Where to put an error message */
5913 (bravalue == OP_ASSERTBACK ||
5914 bravalue == OP_ASSERTBACK_NOT), /* TRUE if back assert */
5915 reset_bracount, /* True if (?| group */
5916 skipbytes, /* Skip over bracket number */
5917 cond_depth +
5918 ((bravalue == OP_COND)?1:0), /* Depth of condition subpatterns */
5919 &subfirstbyte, /* For possible first char */
5920 &subreqbyte, /* For possible last char */
5921 bcptr, /* Current branch chain */
5922 cd, /* Tables block */
5923 (lengthptr == NULL)? NULL : /* Actual compile phase */
5924 &length_prevgroup /* Pre-compile phase */
5925 ))
5926 goto FAILED;
5927
5928 if (bravalue >= OP_ASSERT && bravalue <= OP_ASSERTBACK_NOT)
5929 cd->assert_depth -= 1;
5930
5931 /* At the end of compiling, code is still pointing to the start of the
5932 group, while tempcode has been updated to point past the end of the group
5933 and any option resetting that may follow it. The pattern pointer (ptr)
5934 is on the bracket. */
5935
5936 /* If this is a conditional bracket, check that there are no more than
5937 two branches in the group, or just one if it's a DEFINE group. We do this
5938 in the real compile phase, not in the pre-pass, where the whole group may
5939 not be available. */
5940
5941 if (bravalue == OP_COND && lengthptr == NULL)
5942 {
5943 uschar *tc = code;
5944 int condcount = 0;
5945
5946 do {
5947 condcount++;
5948 tc += GET(tc,1);
5949 }
5950 while (*tc != OP_KET);
5951
5952 /* A DEFINE group is never obeyed inline (the "condition" is always
5953 false). It must have only one branch. */
5954
5955 if (code[LINK_SIZE+1] == OP_DEF)
5956 {
5957 if (condcount > 1)
5958 {
5959 *errorcodeptr = ERR54;
5960 goto FAILED;
5961 }
5962 bravalue = OP_DEF; /* Just a flag to suppress char handling below */
5963 }
5964
5965 /* A "normal" conditional group. If there is just one branch, we must not
5966 make use of its firstbyte or reqbyte, because this is equivalent to an
5967 empty second branch. */
5968
5969 else
5970 {
5971 if (condcount > 2)
5972 {
5973 *errorcodeptr = ERR27;
5974 goto FAILED;
5975 }
5976 if (condcount == 1) subfirstbyte = subreqbyte = REQ_NONE;
5977 }
5978 }
5979
5980 /* Error if hit end of pattern */
5981
5982 if (*ptr != CHAR_RIGHT_PARENTHESIS)
5983 {
5984 *errorcodeptr = ERR14;
5985 goto FAILED;
5986 }
5987
5988 /* In the pre-compile phase, update the length by the length of the group,
5989 less the brackets at either end. Then reduce the compiled code to just a
5990 set of non-capturing brackets so that it doesn't use much memory if it is
5991 duplicated by a quantifier.*/
5992
5993 if (lengthptr != NULL)
5994 {
5995 if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
5996 {
5997 *errorcodeptr = ERR20;
5998 goto FAILED;
5999 }
6000 *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;
6001 code++; /* This already contains bravalue */
6002 PUTINC(code, 0, 1 + LINK_SIZE);
6003 *code++ = OP_KET;
6004 PUTINC(code, 0, 1 + LINK_SIZE);
6005 break; /* No need to waste time with special character handling */
6006 }
6007
6008 /* Otherwise update the main code pointer to the end of the group. */
6009
6010 code = tempcode;
6011
6012 /* For a DEFINE group, required and first character settings are not
6013 relevant. */
6014
6015 if (bravalue == OP_DEF) break;
6016
6017 /* Handle updating of the required and first characters for other types of
6018 group. Update for normal brackets of all kinds, and conditions with two
6019 branches (see code above). If the bracket is followed by a quantifier with
6020 zero repeat, we have to back off. Hence the definition of zeroreqbyte and
6021 zerofirstbyte outside the main loop so that they can be accessed for the
6022 back off. */
6023
6024 zeroreqbyte = reqbyte;
6025 zerofirstbyte = firstbyte;
6026 groupsetfirstbyte = FALSE;
6027
6028 if (bravalue >= OP_ONCE)
6029 {
6030 /* If we have not yet set a firstbyte in this branch, take it from the
6031 subpattern, remembering that it was set here so that a repeat of more
6032 than one can replicate it as reqbyte if necessary. If the subpattern has
6033 no firstbyte, set "none" for the whole branch. In both cases, a zero
6034 repeat forces firstbyte to "none". */
6035
6036 if (firstbyte == REQ_UNSET)
6037 {
6038 if (subfirstbyte >= 0)
6039 {
6040 firstbyte = subfirstbyte;
6041 groupsetfirstbyte = TRUE;
6042 }
6043 else firstbyte = REQ_NONE;
6044 zerofirstbyte = REQ_NONE;
6045 }
6046
6047 /* If firstbyte was previously set, convert the subpattern's firstbyte
6048 into reqbyte if there wasn't one, using the vary flag that was in
6049 existence beforehand. */
6050
6051 else if (subfirstbyte >= 0 && subreqbyte < 0)
6052 subreqbyte = subfirstbyte | tempreqvary;
6053
6054 /* If the subpattern set a required byte (or set a first byte that isn't
6055 really the first byte - see above), set it. */
6056
6057 if (subreqbyte >= 0) reqbyte = subreqbyte;
6058 }
6059
6060 /* For a forward assertion, we take the reqbyte, if set. This can be
6061 helpful if the pattern that follows the assertion doesn't set a different
6062 char. For example, it's useful for /(?=abcde).+/. We can't set firstbyte
6063 for an assertion, however because it leads to incorrect effect for patterns
6064 such as /(?=a)a.+/ when the "real" "a" would then become a reqbyte instead
6065 of a firstbyte. This is overcome by a scan at the end if there's no
6066 firstbyte, looking for an asserted first char. */
6067
6068 else if (bravalue == OP_ASSERT && subreqbyte >= 0) reqbyte = subreqbyte;
6069 break; /* End of processing '(' */
6070
6071
6072 /* ===================================================================*/
6073 /* Handle metasequences introduced by \. For ones like \d, the ESC_ values
6074 are arranged to be the negation of the corresponding OP_values in the
6075 default case when PCRE_UCP is not set. For the back references, the values
6076 are ESC_REF plus the reference number. Only back references and those types
6077 that consume a character may be repeated. We can test for values between
6078 ESC_b and ESC_Z for the latter; this may have to change if any new ones are
6079 ever created. */
6080
6081 case CHAR_BACKSLASH:
6082 tempptr = ptr;
6083 c = check_escape(&ptr, errorcodeptr, cd->bracount, options, FALSE);
6084 if (*errorcodeptr != 0) goto FAILED;
6085
6086 if (c < 0)
6087 {
6088 if (-c == ESC_Q) /* Handle start of quoted string */
6089 {
6090 if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
6091 ptr += 2; /* avoid empty string */
6092 else inescq = TRUE;
6093 continue;
6094 }
6095
6096 if (-c == ESC_E) continue; /* Perl ignores an orphan \E */
6097
6098 /* For metasequences that actually match a character, we disable the
6099 setting of a first character if it hasn't already been set. */
6100
6101 if (firstbyte == REQ_UNSET && -c > ESC_b && -c < ESC_Z)
6102 firstbyte = REQ_NONE;
6103
6104 /* Set values to reset to if this is followed by a zero repeat. */
6105
6106 zerofirstbyte = firstbyte;
6107 zeroreqbyte = reqbyte;
6108
6109 /* \g<name> or \g'name' is a subroutine call by name and \g<n> or \g'n'
6110 is a subroutine call by number (Oniguruma syntax). In fact, the value
6111 -ESC_g is returned only for these cases. So we don't need to check for <
6112 or ' if the value is -ESC_g. For the Perl syntax \g{n} the value is
6113 -ESC_REF+n, and for the Perl syntax \g{name} the result is -ESC_k (as
6114 that is a synonym for a named back reference). */
6115
6116 if (-c == ESC_g)
6117 {
6118 const uschar *p;
6119 save_hwm = cd->hwm; /* Normally this is set when '(' is read */
6120 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6121 CHAR_GREATER_THAN_SIGN : CHAR_APOSTROPHE;
6122
6123 /* These two statements stop the compiler for warning about possibly
6124 unset variables caused by the jump to HANDLE_NUMERICAL_RECURSION. In
6125 fact, because we actually check for a number below, the paths that
6126 would actually be in error are never taken. */
6127
6128 skipbytes = 0;
6129 reset_bracount = FALSE;
6130
6131 /* Test for a name */
6132
6133 if (ptr[1] != CHAR_PLUS && ptr[1] != CHAR_MINUS)
6134 {
6135 BOOL isnumber = TRUE;
6136 for (p = ptr + 1; *p != 0 && *p != terminator; p++)
6137 {
6138 if ((cd->ctypes[*p] & ctype_digit) == 0) isnumber = FALSE;
6139 if ((cd->ctypes[*p] & ctype_word) == 0) break;
6140 }
6141 if (*p != terminator)
6142 {
6143 *errorcodeptr = ERR57;
6144 break;
6145 }
6146 if (isnumber)
6147 {
6148 ptr++;
6149 goto HANDLE_NUMERICAL_RECURSION;
6150 }
6151 is_recurse = TRUE;
6152 goto NAMED_REF_OR_RECURSE;
6153 }
6154
6155 /* Test a signed number in angle brackets or quotes. */
6156
6157 p = ptr + 2;
6158 while ((digitab[*p] & ctype_digit) != 0) p++;
6159 if (*p != terminator)
6160 {
6161 *errorcodeptr = ERR57;
6162 break;
6163 }
6164 ptr++;
6165 goto HANDLE_NUMERICAL_RECURSION;
6166 }
6167
6168 /* \k<name> or \k'name' is a back reference by name (Perl syntax).
6169 We also support \k{name} (.NET syntax). */
6170
6171 if (-c == ESC_k)
6172 {
6173 if ((ptr[1] != CHAR_LESS_THAN_SIGN &&
6174 ptr[1] != CHAR_APOSTROPHE && ptr[1] != CHAR_LEFT_CURLY_BRACKET))
6175 {
6176 *errorcodeptr = ERR69;
6177 break;
6178 }
6179 is_recurse = FALSE;
6180 terminator = (*(++ptr) == CHAR_LESS_THAN_SIGN)?
6181 CHAR_GREATER_THAN_SIGN : (*ptr == CHAR_APOSTROPHE)?
6182 CHAR_APOSTROPHE : CHAR_RIGHT_CURLY_BRACKET;
6183 goto NAMED_REF_OR_RECURSE;
6184 }
6185
6186 /* Back references are handled specially; must disable firstbyte if
6187 not set to cope with cases like (?=(\w+))\1: which would otherwise set
6188 ':' later. */
6189
6190 if (-c >= ESC_REF)
6191 {
6192 open_capitem *oc;
6193 recno = -c - ESC_REF;
6194
6195 HANDLE_REFERENCE: /* Come here from named backref handling */
6196 if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
6197 previous = code;
6198 *code++ = ((options & PCRE_CASELESS) != 0)? OP_REFI : OP_REF;
6199 PUT2INC(code, 0, recno);
6200 cd->backref_map |= (recno < 32)? (1 << recno) : 1;
6201 if (recno > cd->top_backref) cd->top_backref = recno;
6202
6203 /* Check to see if this back reference is recursive, that it, it
6204 is inside the group that it references. A flag is set so that the
6205 group can be made atomic. */
6206
6207 for (oc = cd->open_caps; oc != NULL; oc = oc->next)
6208 {
6209 if (oc->number == recno)
6210 {
6211 oc->flag = TRUE;
6212 break;
6213 }
6214 }
6215 }
6216
6217 /* So are Unicode property matches, if supported. */
6218
6219 #ifdef SUPPORT_UCP
6220 else if (-c == ESC_P || -c == ESC_p)
6221 {
6222 BOOL negated;
6223 int pdata;
6224 int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
6225 if (ptype < 0) goto FAILED;
6226 previous = code;
6227 *code++ = ((-c == ESC_p) != negated)? OP_PROP : OP_NOTPROP;
6228 *code++ = ptype;
6229 *code++ = pdata;
6230 }
6231 #else
6232
6233 /* If Unicode properties are not supported, \X, \P, and \p are not
6234 allowed. */
6235
6236 else if (-c == ESC_X || -c == ESC_P || -c == ESC_p)
6237 {
6238 *errorcodeptr = ERR45;
6239 goto FAILED;
6240 }
6241 #endif
6242
6243 /* For the rest (including \X when Unicode properties are supported), we
6244 can obtain the OP value by negating the escape value in the default
6245 situation when PCRE_UCP is not set. When it *is* set, we substitute
6246 Unicode property tests. */
6247
6248 else
6249 {
6250 #ifdef SUPPORT_UCP
6251 if (-c >= ESC_DU && -c <= ESC_wu)
6252 {
6253 nestptr = ptr + 1; /* Where to resume */
6254 ptr = substitutes[-c - ESC_DU] - 1; /* Just before substitute */
6255 }
6256 else
6257 #endif
6258 {
6259 previous = (-c > ESC_b && -c < ESC_Z)? code : NULL;
6260 *code++ = -c;
6261 }
6262 }
6263 continue;
6264 }
6265
6266 /* We have a data character whose value is in c. In UTF-8 mode it may have
6267 a value > 127. We set its representation in the length/buffer, and then
6268 handle it as a data character. */
6269
6270 #ifdef SUPPORT_UTF8
6271 if (utf8 && c > 127)
6272 mclength = _pcre_ord2utf8(c, mcbuffer);
6273 else
6274 #endif
6275
6276 {
6277 mcbuffer[0] = c;
6278 mclength = 1;
6279 }
6280 goto ONE_CHAR;
6281
6282
6283 /* ===================================================================*/
6284 /* Handle a literal character. It is guaranteed not to be whitespace or #
6285 when the extended flag is set. If we are in UTF-8 mode, it may be a
6286 multi-byte literal character. */
6287
6288 default:
6289 NORMAL_CHAR:
6290 mclength = 1;
6291 mcbuffer[0] = c;
6292
6293 #ifdef SUPPORT_UTF8
6294 if (utf8 && c >= 0xc0)
6295 {
6296 while ((ptr[1] & 0xc0) == 0x80)
6297 mcbuffer[mclength++] = *(++ptr);
6298 }
6299 #endif
6300
6301 /* At this point we have the character's bytes in mcbuffer, and the length
6302 in mclength. When not in UTF-8 mode, the length is always 1. */
6303
6304 ONE_CHAR:
6305 previous = code;
6306 *code++ = ((options & PCRE_CASELESS) != 0)? OP_CHARI : OP_CHAR;
6307 for (c = 0; c < mclength; c++) *code++ = mcbuffer[c];
6308
6309 /* Remember if \r or \n were seen */
6310
6311 if (mcbuffer[0] == CHAR_CR || mcbuffer[0] == CHAR_NL)
6312 cd->external_flags |= PCRE_HASCRORLF;
6313
6314 /* Set the first and required bytes appropriately. If no previous first
6315 byte, set it from this character, but revert to none on a zero repeat.
6316 Otherwise, leave the firstbyte value alone, and don't change it on a zero
6317 repeat. */
6318
6319 if (firstbyte == REQ_UNSET)
6320 {
6321 zerofirstbyte = REQ_NONE;
6322 zeroreqbyte = reqbyte;
6323
6324 /* If the character is more than one byte long, we can set firstbyte
6325 only if it is not to be matched caselessly. */
6326
6327 if (mclength == 1 || req_caseopt == 0)
6328 {
6329 firstbyte = mcbuffer[0] | req_caseopt;
6330 if (mclength != 1) reqbyte = code[-1] | cd->req_varyopt;
6331 }
6332 else firstbyte = reqbyte = REQ_NONE;
6333 }
6334
6335 /* firstbyte was previously set; we can set reqbyte only the length is
6336 1 or the matching is caseful. */
6337
6338 else
6339 {
6340 zerofirstbyte = firstbyte;
6341 zeroreqbyte = reqbyte;
6342 if (mclength == 1 || req_caseopt == 0)
6343 reqbyte = code[-1] | req_caseopt | cd->req_varyopt;
6344 }
6345
6346 break; /* End of literal character handling */
6347 }
6348 } /* end of big loop */
6349
6350
6351 /* Control never reaches here by falling through, only by a goto for all the
6352 error states. Pass back the position in the pattern so that it can be displayed
6353 to the user for diagnosing the error. */
6354
6355 FAILED:
6356 *ptrptr = ptr;
6357 return FALSE;
6358 }
6359
6360
6361
6362
6363 /*************************************************
6364 * Compile sequence of alternatives *
6365 *************************************************/
6366
6367 /* On entry, ptr is pointing past the bracket character, but on return it
6368 points to the closing bracket, or vertical bar, or end of string. The code
6369 variable is pointing at the byte into which the BRA operator has been stored.
6370 This function is used during the pre-compile phase when we are trying to find
6371 out the amount of memory needed, as well as during the real compile phase. The
6372 value of lengthptr distinguishes the two phases.
6373
6374 Arguments:
6375 options option bits, including any changes for this subpattern
6376 codeptr -> the address of the current code pointer
6377 ptrptr -> the address of the current pattern pointer
6378 errorcodeptr -> pointer to error code variable
6379 lookbehind TRUE if this is a lookbehind assertion
6380 reset_bracount TRUE to reset the count for each branch
6381 skipbytes skip this many bytes at start (for brackets and OP_COND)
6382 cond_depth depth of nesting for conditional subpatterns
6383 firstbyteptr place to put the first required character, or a negative number
6384 reqbyteptr place to put the last required character, or a negative number
6385 bcptr pointer to the chain of currently open branches
6386 cd points to the data block with tables pointers etc.
6387 lengthptr NULL during the real compile phase
6388 points to length accumulator during pre-compile phase
6389
6390 Returns: TRUE on success
6391 */
6392
6393 static BOOL
6394 compile_regex(int options, uschar **codeptr, const uschar **ptrptr,
6395 int *errorcodeptr, BOOL lookbehind, BOOL reset_bracount, int skipbytes,
6396 int cond_depth, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
6397 compile_data *cd, int *lengthptr)
6398 {
6399 const uschar *ptr = *ptrptr;
6400 uschar *code = *codeptr;
6401 uschar *last_branch = code;
6402 uschar *start_bracket = code;
6403 uschar *reverse_count = NULL;
6404 open_capitem capitem;
6405 int capnumber = 0;
6406 int firstbyte, reqbyte;
6407 int branchfirstbyte, branchreqbyte;
6408 int length;
6409 int orig_bracount;
6410 int max_bracount;
6411 branch_chain bc;
6412
6413 bc.outer = bcptr;
6414 bc.current_branch = code;
6415
6416 firstbyte = reqbyte = REQ_UNSET;
6417
6418 /* Accumulate the length for use in the pre-compile phase. Start with the
6419 length of the BRA and KET and any extra bytes that are required at the
6420 beginning. We accumulate in a local variable to save frequent testing of
6421 lenthptr for NULL. We cannot do this by looking at the value of code at the
6422 start and end of each alternative, because compiled items are discarded during
6423 the pre-compile phase so that the work space is not exceeded. */
6424
6425 length = 2 + 2*LINK_SIZE + skipbytes;
6426
6427 /* WARNING: If the above line is changed for any reason, you must also change
6428 the code that abstracts option settings at the start of the pattern and makes
6429 them global. It tests the value of length for (2 + 2*LINK_SIZE) in the
6430 pre-compile phase to find out whether anything has yet been compiled or not. */
6431
6432 /* If this is a capturing subpattern, add to the chain of open capturing items
6433 so that we can detect them if (*ACCEPT) is encountered. This is also used to
6434 detect groups that contain recursive back references to themselves. Note that
6435 only OP_CBRA need be tested here; changing this opcode to one of its variants,
6436 e.g. OP_SCBRAPOS, happens later, after the group has been compiled. */
6437
6438 if (*code == OP_CBRA)
6439 {
6440 capnumber = GET2(code, 1 + LINK_SIZE);
6441 capitem.number = capnumber;
6442 capitem.next = cd->open_caps;
6443 capitem.flag = FALSE;
6444 cd->open_caps = &capitem;
6445 }
6446
6447 /* Offset is set zero to mark that this bracket is still open */
6448
6449 PUT(code, 1, 0);
6450 code += 1 + LINK_SIZE + skipbytes;
6451
6452 /* Loop for each alternative branch */
6453
6454 orig_bracount = max_bracount = cd->bracount;
6455 for (;;)
6456 {
6457 /* For a (?| group, reset the capturing bracket count so that each branch
6458 uses the same numbers. */
6459
6460 if (reset_bracount) cd->bracount = orig_bracount;
6461
6462 /* Set up dummy OP_REVERSE if lookbehind assertion */
6463
6464 if (lookbehind)
6465 {
6466 *code++ = OP_REVERSE;
6467 reverse_count = code;
6468 PUTINC(code, 0, 0);
6469 length += 1 + LINK_SIZE;
6470 }
6471
6472 /* Now compile the branch; in the pre-compile phase its length gets added
6473 into the length. */
6474
6475 if (!compile_branch(&options, &code, &ptr, errorcodeptr, &branchfirstbyte,
6476 &branchreqbyte, &bc, cond_depth, cd,
6477 (lengthptr == NULL)? NULL : &length))
6478 {
6479 *ptrptr = ptr;
6480 return FALSE;
6481 }
6482
6483 /* Keep the highest bracket count in case (?| was used and some branch
6484 has fewer than the rest. */
6485
6486 if (cd->bracount > max_bracount) max_bracount = cd->bracount;
6487
6488 /* In the real compile phase, there is some post-processing to be done. */
6489
6490 if (lengthptr == NULL)
6491 {
6492 /* If this is the first branch, the firstbyte and reqbyte values for the
6493 branch become the values for the regex. */
6494
6495 if (*last_branch != OP_ALT)
6496 {
6497 firstbyte = branchfirstbyte;
6498 reqbyte = branchreqbyte;
6499 }
6500
6501 /* If this is not the first branch, the first char and reqbyte have to
6502 match the values from all the previous branches, except that if the
6503 previous value for reqbyte didn't have REQ_VARY set, it can still match,
6504 and we set REQ_VARY for the regex. */
6505
6506 else
6507 {
6508 /* If we previously had a firstbyte, but it doesn't match the new branch,
6509 we have to abandon the firstbyte for the regex, but if there was
6510 previously no reqbyte, it takes on the value of the old firstbyte. */
6511
6512 if (firstbyte >= 0 && firstbyte != branchfirstbyte)
6513 {
6514 if (reqbyte < 0) reqbyte = firstbyte;
6515 firstbyte = REQ_NONE;
6516 }
6517
6518 /* If we (now or from before) have no firstbyte, a firstbyte from the
6519 branch becomes a reqbyte if there isn't a branch reqbyte. */
6520
6521 if (firstbyte < 0 && branchfirstbyte >= 0 && branchreqbyte < 0)
6522 branchreqbyte = branchfirstbyte;
6523
6524 /* Now ensure that the reqbytes match */
6525
6526 if ((reqbyte & ~REQ_VARY) != (branchreqbyte & ~REQ_VARY))
6527 reqbyte = REQ_NONE;
6528 else reqbyte |= branchreqbyte; /* To "or" REQ_VARY */
6529 }
6530
6531 /* If lookbehind, check that this branch matches a fixed-length string, and
6532 put the length into the OP_REVERSE item. Temporarily mark the end of the
6533 branch with OP_END. If the branch contains OP_RECURSE, the result is -3
6534 because there may be forward references that we can't check here. Set a
6535 flag to cause another lookbehind check at the end. Why not do it all at the
6536 end? Because common, erroneous checks are picked up here and the offset of
6537 the problem can be shown. */
6538
6539 if (lookbehind)
6540 {
6541 int fixed_length;
6542 *code = OP_END;
6543 fixed_length = find_fixedlength(last_branch, (options & PCRE_UTF8) != 0,
6544 FALSE, cd);
6545 DPRINTF(("fixed length = %d\n", fixed_length));
6546 if (fixed_length == -3)
6547 {
6548 cd->check_lookbehind = TRUE;
6549 }
6550 else if (fixed_length < 0)
6551 {
6552 *errorcodeptr = (fixed_length == -2)? ERR36 : ERR25;
6553 *ptrptr = ptr;
6554 return FALSE;
6555 }
6556 else { PUT(reverse_count, 0, fixed_length); }
6557 }
6558 }
6559
6560 /* Reached end of expression, either ')' or end of pattern. In the real
6561 compile phase, go back through the alternative branches and reverse the chain
6562 of offsets, with the field in the BRA item now becoming an offset to the
6563 first alternative. If there are no alternatives, it points to the end of the
6564 group. The length in the terminating ket is always the length of the whole
6565 bracketed item. Return leaving the pointer at the terminating char. */
6566
6567 if (*ptr != CHAR_VERTICAL_LINE)
6568 {
6569 if (lengthptr == NULL)
6570 {
6571 int branch_length = (int)(code - last_branch);
6572 do
6573 {
6574 int prev_length = GET(last_branch, 1);
6575 PUT(last_branch, 1, branch_length);
6576 branch_length = prev_length;
6577 last_branch -= branch_length;
6578 }
6579 while (branch_length > 0);
6580 }
6581
6582 /* Fill in the ket */
6583
6584 *code = OP_KET;
6585 PUT(code, 1, (int)(code - start_bracket));
6586 code += 1 + LINK_SIZE;
6587
6588 /* If it was a capturing subpattern, check to see if it contained any
6589 recursive back references. If so, we must wrap it in atomic brackets.
6590 In any event, remove the block from the chain. */
6591
6592 if (capnumber > 0)
6593 {
6594 if (cd->open_caps->flag)
6595 {
6596 memmove(start_bracket + 1 + LINK_SIZE, start_bracket,
6597 code - start_bracket);
6598 *start_bracket = OP_ONCE;
6599 code += 1 + LINK_SIZE;
6600 PUT(start_bracket, 1, (int)(code - start_bracket));
6601 *code = OP_KET;
6602 PUT(code, 1, (int)(code - start_bracket));
6603 code += 1 + LINK_SIZE;
6604 length += 2 + 2*LINK_SIZE;
6605 }
6606 cd->open_caps = cd->open_caps->next;
6607 }
6608
6609 /* Retain the highest bracket number, in case resetting was used. */
6610
6611 cd->bracount = max_bracount;
6612
6613 /* Set values to pass back */
6614
6615 *codeptr = code;
6616 *ptrptr = ptr;
6617 *firstbyteptr = firstbyte;
6618 *reqbyteptr = reqbyte;
6619 if (lengthptr != NULL)
6620 {
6621 if (OFLOW_MAX - *lengthptr < length)
6622 {
6623 *errorcodeptr = ERR20;
6624 return FALSE;
6625 }
6626 *lengthptr += length;
6627 }
6628 return TRUE;
6629 }
6630
6631 /* Another branch follows. In the pre-compile phase, we can move the code
6632 pointer back to where it was for the start of the first branch. (That is,
6633 pretend that each branch is the only one.)
6634
6635 In the real compile phase, insert an ALT node. Its length field points back
6636 to the previous branch while the bracket remains open. At the end the chain
6637 is reversed. It's done like this so that the start of the bracket has a
6638 zero offset until it is closed, making it possible to detect recursion. */
6639
6640 if (lengthptr != NULL)
6641 {
6642 code = *codeptr + 1 + LINK_SIZE + skipbytes;
6643 length += 1 + LINK_SIZE;
6644 }