/[pcre]/code/trunk/pcre_compile.c

Diff of /code/trunk/pcre_compile.c

Parent Directory | Revision Log | View Patch Patch

-revision 111 by ph10,
Thu Mar  8 16:53:09 2007 UTC
+revision 598 by ph10,
Sat May  7 15:37:31 2011 UTC
 Line 6
  and semantics are as close as possible to those of the Perl 5 language.
                         Written by Philip Hazel
-            Copyright (c) 1997-2006 University of Cambridge
+            Copyright (c) 1997-2011 University of Cambridge
  -----------------------------------------------------------------------------
  Redistribution and use in source and binary forms, with or without
 Line 42 
 POSSIBILITY OF SUCH DAMAGE.
  supporting internal functions that are not used by other modules. */
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+ #endif
  #define NLBLOCK cd             /* Block containing newline information */
  #define PSSTART start_pattern  /* Field containing processed string start */
  #define PSEND   end_pattern    /* Field containing processed string end */
  #include "pcre_internal.h"
- /* When DEBUG is defined, we need the pcre_printint() function, which is also
+ /* When PCRE_DEBUG is defined, we need the pcre_printint() function, which is
- used by pcretest. DEBUG is not defined when building a production library. */
+ also used by pcretest. PCRE_DEBUG is not defined when building a production
+ library. */
- #ifdef DEBUG
+ #ifdef PCRE_DEBUG
  #include "pcre_printint.src"
  #endif
+ /* Macro for setting individual bits in class bitmaps. */
+ #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
+ /* Maximum length value to check against when making sure that the integer that
+ holds the compiled pattern length does not overflow. We make it a bit less than
+ INT_MAX to allow for adding in group terminating bytes, so that we don't have
+ to check them every time. */
+ #define OFLOW_MAX (INT_MAX - 20)
  /*************************************************
  *      Code parameters and static tables         *
  *************************************************/
-Line 76 
 is 4 there is plenty of room. */
+Line 92 
 is 4 there is plenty of room. */
  #define COMPILE_WORK_SIZE (4096)
+ /* The overrun tests check for a slightly smaller size so that they detect the
+ overrun before it actually does run off the end of the data block. */
+ #define WORK_SIZE_CHECK (COMPILE_WORK_SIZE - 100)
  /* Table for handling escaped characters in the range '0'-'z'. Positive returns
  are simple data values; negative values are for special things like \d and so
  on. Zero means further processing is needed (for things like \x), or the escape
  is invalid. */
- #ifndef EBCDIC  /* This is the "normal" table for ASCII systems */
+ #ifndef EBCDIC
+ /* This is the "normal" table for ASCII systems or for EBCDIC systems running
+ in UTF-8 mode. */
  static const short int escapes[] = {
-,      0,      0,      0,      0,      0,      0,      0,   /* 0 - 7 */
+,                       0,
-,      0,    ':',    ';',    '<',    '=',    '>',    '?',   /* 8 - ? */
+,                       0,
-    '@', -ESC_A, -ESC_B, -ESC_C, -ESC_D, -ESC_E,      0, -ESC_G,   /* @ - G */
+,                       0,
-,      0,      0,      0,      0,      0,      0,      0,   /* H - O */
+,                       0,
- -ESC_P, -ESC_Q, -ESC_R, -ESC_S,      0,      0,      0, -ESC_W,   /* P - W */
+,                       0,
- -ESC_X,      0, -ESC_Z,    '[',   '\\',    ']',    '^',    '_',   /* X - _ */
+      CHAR_COLON,              CHAR_SEMICOLON,
-    '`',      7, -ESC_b,      0, -ESC_d,  ESC_e,  ESC_f,      0,   /* ` - g */
+      CHAR_LESS_THAN_SIGN,     CHAR_EQUALS_SIGN,
-,      0,      0, -ESC_k,      0,      0,  ESC_n,      0,   /* h - o */
+      CHAR_GREATER_THAN_SIGN,  CHAR_QUESTION_MARK,
- -ESC_p,      0,  ESC_r, -ESC_s,  ESC_tee,    0,      0, -ESC_w,   /* p - w */
+      CHAR_COMMERCIAL_AT,      -ESC_A,
-,      0, -ESC_z                                            /* x - z */
+      -ESC_B,                  -ESC_C,
+      -ESC_D,                  -ESC_E,
+,                       -ESC_G,
+      -ESC_H,                  0,
+,                       -ESC_K,
+,                       0,
+      -ESC_N,                  0,
+      -ESC_P,                  -ESC_Q,
+      -ESC_R,                  -ESC_S,
+,                       0,
+      -ESC_V,                  -ESC_W,
+      -ESC_X,                  0,
+      -ESC_Z,                  CHAR_LEFT_SQUARE_BRACKET,
+      CHAR_BACKSLASH,          CHAR_RIGHT_SQUARE_BRACKET,
+      CHAR_CIRCUMFLEX_ACCENT,  CHAR_UNDERSCORE,
+      CHAR_GRAVE_ACCENT,       7,
+      -ESC_b,                  0,
+      -ESC_d,                  ESC_e,
+      ESC_f,                   0,
+      -ESC_h,                  0,
+,                       -ESC_k,
+,                       0,
+      ESC_n,                   0,
+      -ESC_p,                  0,
+      ESC_r,                   -ESC_s,
+      ESC_tee,                 0,
+      -ESC_v,                  -ESC_w,
+,                       0,
+      -ESC_z
  };
- #else           /* This is the "abnormal" table for EBCDIC systems */
+ #else
+ /* This is the "abnormal" table for EBCDIC systems without UTF-8 support. */
  static const short int escapes[] = {
  /*  48 */     0,     0,      0,     '.',    '<',   '(',    '+',    '|',
  /*  50 */   '&',     0,      0,       0,      0,     0,      0,      0,
-Line 106 
 static const short int escapes[] = {
+Line 162 
 static const short int escapes[] = {
  /*  70 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  78 */     0,   '`',    ':',     '#',    '@',  '\'',    '=',    '"',
  /*  80 */     0,     7, -ESC_b,       0, -ESC_d, ESC_e,  ESC_f,      0,
- /*  88 */     0,     0,      0,     '{',      0,     0,      0,      0,
+ /*  88 */-ESC_h,     0,      0,     '{',      0,     0,      0,      0,
  /*  90 */     0,     0, -ESC_k,     'l',      0, ESC_n,      0, -ESC_p,
  /*  98 */     0, ESC_r,      0,     '}',      0,     0,      0,      0,
- /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,     0, -ESC_w,      0,
+ /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,-ESC_v, -ESC_w,      0,
  /*  A8 */     0,-ESC_z,      0,       0,      0,   '[',      0,      0,
  /*  B0 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  B8 */     0,     0,      0,       0,      0,   ']',    '=',    '-',
  /*  C0 */   '{',-ESC_A, -ESC_B,  -ESC_C, -ESC_D,-ESC_E,      0, -ESC_G,
- /*  C8 */     0,     0,      0,       0,      0,     0,      0,      0,
+ /*  C8 */-ESC_H,     0,      0,       0,      0,     0,      0,      0,
- /*  D0 */   '}',     0,      0,       0,      0,     0,      0, -ESC_P,
+ /*  D0 */   '}',     0, -ESC_K,       0,      0,-ESC_N,      0, -ESC_P,
  /*  D8 */-ESC_Q,-ESC_R,      0,       0,      0,     0,      0,      0,
- /*  E0 */  '\\',     0, -ESC_S,       0,      0,     0, -ESC_W, -ESC_X,
+ /*  E0 */  '\\',     0, -ESC_S,       0,      0,-ESC_V, -ESC_W, -ESC_X,
  /*  E8 */     0,-ESC_Z,      0,       0,      0,     0,      0,      0,
  /*  F0 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  F8 */     0,     0,      0,       0,      0,     0,      0,      0
-Line 125 
 static const short int escapes[] = {
+Line 181 
 static const short int escapes[] = {
  #endif
- /* Tables of names of POSIX character classes and their lengths. The list is
+ /* Table of special "verbs" like (*PRUNE). This is a short table, so it is
- terminated by a zero length entry. The first three must be alpha, lower, upper,
+ searched linearly. Put all the names into a single string, in order to reduce
- as this is assumed for handling case independence. */
+ the number of relocations when a shared library is dynamically linked. The
+ string is built from string macros so that it works in UTF-8 mode on EBCDIC
- static const char *const posix_names[] = {
+ platforms. */
-   "alpha", "lower", "upper",
-   "alnum", "ascii", "blank", "cntrl", "digit", "graph",
+ typedef struct verbitem {
-   "print", "punct", "space", "word",  "xdigit" };
+   int   len;                 /* Length of verb name */
+   int   op;                  /* Op when no arg, or -1 if arg mandatory */
+   int   op_arg;              /* Op when arg present, or -1 if not allowed */
+ } verbitem;
+ static const char verbnames[] =
+   "\0"                       /* Empty name is a shorthand for MARK */
+   STRING_MARK0
+   STRING_ACCEPT0
+   STRING_COMMIT0
+   STRING_F0
+   STRING_FAIL0
+   STRING_PRUNE0
+   STRING_SKIP0
+   STRING_THEN;
+ static const verbitem verbs[] = {
+   { 0, -1,        OP_MARK },
+   { 4, -1,        OP_MARK },
+   { 6, OP_ACCEPT, -1 },
+   { 6, OP_COMMIT, -1 },
+   { 1, OP_FAIL,   -1 },
+   { 4, OP_FAIL,   -1 },
+   { 5, OP_PRUNE,  OP_PRUNE_ARG },
+   { 4, OP_SKIP,   OP_SKIP_ARG  },
+   { 4, OP_THEN,   OP_THEN_ARG  }
+ };
+ static const int verbcount = sizeof(verbs)/sizeof(verbitem);
+ /* Tables of names of POSIX character classes and their lengths. The names are
+ now all in a single string, to reduce the number of relocations when a shared
+ library is dynamically loaded. The list of lengths is terminated by a zero
+ length entry. The first three must be alpha, lower, upper, as this is assumed
+ for handling case independence. */
+ static const char posix_names[] =
+   STRING_alpha0 STRING_lower0 STRING_upper0 STRING_alnum0
+   STRING_ascii0 STRING_blank0 STRING_cntrl0 STRING_digit0
+   STRING_graph0 STRING_print0 STRING_punct0 STRING_space0
+   STRING_word0  STRING_xdigit;
  static const uschar posix_name_lengths[] = {
 , 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 4, 6, 0 };
-Line 164 
 static const int posix_class_maps[] = {
+Line 261 
 static const int posix_class_maps[] = {
    cbit_xdigit,-1,          0              /* xdigit */
  };
+ /* Table of substitutes for \d etc when PCRE_UCP is set. The POSIX class
+ substitutes must be in the order of the names, defined above, and there are
+ both positive and negative cases. NULL means no substitute. */
+ #ifdef SUPPORT_UCP
+ static const uschar *substitutes[] = {
+   (uschar *)"\\P{Nd}",    /* \D */
+   (uschar *)"\\p{Nd}",    /* \d */
+   (uschar *)"\\P{Xsp}",   /* \S */       /* NOTE: Xsp is Perl space */
+   (uschar *)"\\p{Xsp}",   /* \s */
+   (uschar *)"\\P{Xwd}",   /* \W */
+   (uschar *)"\\p{Xwd}"    /* \w */
+ };
+ static const uschar *posix_substitutes[] = {
+   (uschar *)"\\p{L}",     /* alpha */
+   (uschar *)"\\p{Ll}",    /* lower */
+   (uschar *)"\\p{Lu}",    /* upper */
+   (uschar *)"\\p{Xan}",   /* alnum */
+   NULL,                   /* ascii */
+   (uschar *)"\\h",        /* blank */
+   NULL,                   /* cntrl */
+   (uschar *)"\\p{Nd}",    /* digit */
+   NULL,                   /* graph */
+   NULL,                   /* print */
+   NULL,                   /* punct */
+   (uschar *)"\\p{Xps}",   /* space */    /* NOTE: Xps is POSIX space */
+   (uschar *)"\\p{Xwd}",   /* word */
+   NULL,                   /* xdigit */
+   /* Negated cases */
+   (uschar *)"\\P{L}",     /* ^alpha */
+   (uschar *)"\\P{Ll}",    /* ^lower */
+   (uschar *)"\\P{Lu}",    /* ^upper */
+   (uschar *)"\\P{Xan}",   /* ^alnum */
+   NULL,                   /* ^ascii */
+   (uschar *)"\\H",        /* ^blank */
+   NULL,                   /* ^cntrl */
+   (uschar *)"\\P{Nd}",    /* ^digit */
+   NULL,                   /* ^graph */
+   NULL,                   /* ^print */
+   NULL,                   /* ^punct */
+   (uschar *)"\\P{Xps}",   /* ^space */   /* NOTE: Xps is POSIX space */
+   (uschar *)"\\P{Xwd}",   /* ^word */
+   NULL                    /* ^xdigit */
+ };
+ #define POSIX_SUBSIZE (sizeof(posix_substitutes)/sizeof(uschar *))
+ #endif
  #define STRING(a)  # a
  #define XSTRING(s) STRING(s)
-Line 171 
 static const int posix_class_maps[] = {
+Line 315 
 static const int posix_class_maps[] = {
  /* The texts of compile-time error messages. These are "char *" because they
  are passed to the outside world. Do not ever re-use any error number, because
  they are documented. Always add a new error instead. Messages marked DEAD below
- are no longer used. */
+ are no longer used. This used to be a table of strings, but in order to reduce
+ the number of relocations needed when a shared library is loaded dynamically,
- static const char *error_texts[] = {
+ it is now one long string. We cannot use a table of offsets, because the
-   "no error",
+ lengths of inserts such as XSTRING(MAX_NAME_SIZE) are not known. Instead, we
-   "\\ at end of pattern",
+ simply count through to the one we want - this isn't a performance issue
-   "\\c at end of pattern",
+ because these strings are used only when there is a compilation error.
-   "unrecognized character follows \\",
-   "numbers out of order in {} quantifier",
+ Each substring ends with \0 to insert a null character. This includes the final
+ substring, so that the whole string ends with \0\0, which can be detected when
+ counting through. */
+ static const char error_texts[] =
+   "no error\0"
+   "\\ at end of pattern\0"
+   "\\c at end of pattern\0"
+   "unrecognized character follows \\\0"
+   "numbers out of order in {} quantifier\0"
    /* 5 */
-   "number too big in {} quantifier",
+   "number too big in {} quantifier\0"
-   "missing terminating ] for character class",
+   "missing terminating ] for character class\0"
-   "invalid escape sequence in character class",
+   "invalid escape sequence in character class\0"
-   "range out of order in character class",
+   "range out of order in character class\0"
-   "nothing to repeat",
+   "nothing to repeat\0"
    /* 10 */
-   "operand of unlimited repeat could match the empty string",  /** DEAD **/
+   "operand of unlimited repeat could match the empty string\0"  /** DEAD **/
-   "internal error: unexpected repeat",
+   "internal error: unexpected repeat\0"
-   "unrecognized character after (?",
+   "unrecognized character after (? or (?-\0"
-   "POSIX named classes are supported only within a class",
+   "POSIX named classes are supported only within a class\0"
-   "missing )",
+   "missing )\0"
    /* 15 */
-   "reference to non-existent subpattern",
+   "reference to non-existent subpattern\0"
-   "erroffset passed as NULL",
+   "erroffset passed as NULL\0"
-   "unknown option bit(s) set",
+   "unknown option bit(s) set\0"
-   "missing ) after comment",
+   "missing ) after comment\0"
-   "parentheses nested too deeply",  /** DEAD **/
+   "parentheses nested too deeply\0"  /** DEAD **/
    /* 20 */
-   "regular expression too large",
+   "regular expression is too large\0"
-   "failed to get memory",
+   "failed to get memory\0"
-   "unmatched parentheses",
+   "unmatched parentheses\0"
-   "internal error: code overflow",
+   "internal error: code overflow\0"
-   "unrecognized character after (?<",
+   "unrecognized character after (?<\0"
    /* 25 */
-   "lookbehind assertion is not fixed length",
+   "lookbehind assertion is not fixed length\0"
-   "malformed number or name after (?(",
+   "malformed number or name after (?(\0"
-   "conditional group contains more than two branches",
+   "conditional group contains more than two branches\0"
-   "assertion expected after (?(",
+   "assertion expected after (?(\0"
-   "(?R or (?digits must be followed by )",
+   "(?R or (?[+-]digits must be followed by )\0"
    /* 30 */
-   "unknown POSIX class name",
+   "unknown POSIX class name\0"
-   "POSIX collating elements are not supported",
+   "POSIX collating elements are not supported\0"
-   "this version of PCRE is not compiled with PCRE_UTF8 support",
+   "this version of PCRE is not compiled with PCRE_UTF8 support\0"
-   "spare error",  /** DEAD **/
+   "spare error\0"  /** DEAD **/
-   "character value in \\x{...} sequence is too large",
+   "character value in \\x{...} sequence is too large\0"
    /* 35 */
-   "invalid condition (?(0)",
+   "invalid condition (?(0)\0"
-   "\\C not allowed in lookbehind assertion",
+   "\\C not allowed in lookbehind assertion\0"
-   "PCRE does not support \\L, \\l, \\N, \\U, or \\u",
+   "PCRE does not support \\L, \\l, \\N{name}, \\U, or \\u\0"
-   "number after (?C is > 255",
+   "number after (?C is > 255\0"
-   "closing ) for (?C expected",
+   "closing ) for (?C expected\0"
    /* 40 */
-   "recursive call could loop indefinitely",
+   "recursive call could loop indefinitely\0"
-   "unrecognized character after (?P",
+   "unrecognized character after (?P\0"
-   "syntax error in subpattern name (missing terminator)",
+   "syntax error in subpattern name (missing terminator)\0"
-   "two named subpatterns have the same name",
+   "two named subpatterns have the same name\0"
-   "invalid UTF-8 string",
+   "invalid UTF-8 string\0"
    /* 45 */
-   "support for \\P, \\p, and \\X has not been compiled",
+   "support for \\P, \\p, and \\X has not been compiled\0"
-   "malformed \\P or \\p sequence",
+   "malformed \\P or \\p sequence\0"
-   "unknown property name after \\P or \\p",
+   "unknown property name after \\P or \\p\0"
-   "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)",
+   "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)\0"
-   "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")",
+   "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")\0"
    /* 50 */
-   "repeated subpattern is too long",
+   "repeated subpattern is too long\0"    /** DEAD **/
-   "octal value is greater than \\377 (not in UTF-8 mode)",
+   "octal value is greater than \\377 (not in UTF-8 mode)\0"
-   "internal error: overran compiling workspace",
+   "internal error: overran compiling workspace\0"
-   "internal error: previously-checked referenced subpattern not found",
+   "internal error: previously-checked referenced subpattern not found\0"
-   "DEFINE group contains more than one branch",
+   "DEFINE group contains more than one branch\0"
    /* 55 */
-   "repeating a DEFINE group is not allowed",
+   "repeating a DEFINE group is not allowed\0"
-   "inconsistent NEWLINE options",
+   "inconsistent NEWLINE options\0"
-   "\\g is not followed by an (optionally braced) non-zero number"
+   "\\g is not followed by a braced, angle-bracketed, or quoted name/number or by a plain number\0"
- };
+   "a numbered reference must not be zero\0"
+   "an argument is not allowed for (*ACCEPT), (*FAIL), or (*COMMIT)\0"
+   /* 60 */
+   "(*VERB) not recognized\0"
+   "number is too big\0"
+   "subpattern name expected\0"
+   "digit expected after (?+\0"
+   "] is an invalid data character in JavaScript compatibility mode\0"
+   /* 65 */
+   "different names for subpatterns of the same number are not allowed\0"
+   "(*MARK) must have an argument\0"
+   "this version of PCRE is not compiled with PCRE_UCP support\0"
+   "\\c must be followed by an ASCII character\0"
+   ;
  /* Table to identify digits and hex digits. This is used when compiling
  patterns. Note that the tables in chartables are dependent on the locale, and
-Line 262 
 For convenience, we use the same bit def
+Line 427 
 For convenience, we use the same bit def
  Then we can use ctype_digit and ctype_xdigit in the code. */
- #ifndef EBCDIC  /* This is the "normal" case, for ASCII systems */
+ #ifndef EBCDIC
+ /* This is the "normal" case, for ASCII systems, and EBCDIC systems running in
+ UTF-8 mode. */
  static const unsigned char digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7 */
-Line 298 
 static const unsigned char digitab[] =
+Line 467 
 static const unsigned char digitab[] =
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
- #else           /* This is the "abnormal" case, for EBCDIC systems */
+ #else
+ /* This is the "abnormal" case, for EBCDIC systems not running in UTF-8 mode. */
  static const unsigned char digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7  0 */
-Line 373 
 static const unsigned char ebcdic_charta
+Line 545 
 static const unsigned char ebcdic_charta
  /* Definition to allow mutual recursion */
  static BOOL
-   compile_regex(int, int, uschar **, const uschar **, int *, BOOL, int, int *,
+   compile_regex(int, int, uschar **, const uschar **, int *, BOOL, BOOL, int,
-     int *, branch_chain *, compile_data *, int *);
+     int *, int *, branch_chain *, compile_data *, int *);
+ /*************************************************
+ *            Find an error text                  *
+ *************************************************/
+ /* The error texts are now all in one long string, to save on relocations. As
+ some of the text is of unknown length, we can't use a table of offsets.
+ Instead, just count through the strings. This is not a performance issue
+ because it happens only when there has been a compilation error.
+ Argument:   the error number
+ Returns:    pointer to the error string
+ */
+ static const char *
+ find_error_text(int n)
+ {
+ const char *s = error_texts;
+ for (; n > 0; n--)
+   {
+   while (*s++ != 0) {};
+   if (*s == 0) return "Error text not found (please report)";
+   }
+ return s;
+ }
  /*************************************************
-Line 399 
 Arguments:
+Line 597 
 Arguments:
  Returns:         zero or positive => a data character
                   negative => a special escape sequence
-                  on error, errorptr is set
+                  on error, errorcodeptr is set
  */
  static int
-Line 417 
 ptr--;                            /* Set
+Line 615 
 ptr--;                            /* Set
  if (c == 0) *errorcodeptr = ERR1;
- /* Non-alphamerics are literals. For digits or letters, do an initial lookup in
+ /* Non-alphanumerics are literals. For digits or letters, do an initial lookup
- a table. A non-zero result is something that can be returned immediately.
+ in a table. A non-zero result is something that can be returned immediately.
  Otherwise further processing may be required. */
- #ifndef EBCDIC  /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII/UTF-8 coding */
- else if (c < '0' || c > 'z') {}                           /* Not alphameric */
+ else if (c < CHAR_0 || c > CHAR_z) {}                     /* Not alphanumeric */
- else if ((i = escapes[c - '0']) != 0) c = i;
+ else if ((i = escapes[c - CHAR_0]) != 0) c = i;
  #else           /* EBCDIC coding */
- else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphameric */
+ else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphanumeric */
  else if ((i = escapes[c - 0x48]) != 0)  c = i;
  #endif
-Line 442 
 else
+Line 640 
 else
      /* A number of Perl escapes are not handled by PCRE. We give an explicit
      error. */
-     case 'l':
+     case CHAR_l:
-     case 'L':
+     case CHAR_L:
-     case 'N':
+     case CHAR_u:
-     case 'u':
+     case CHAR_U:
-     case 'U':
      *errorcodeptr = ERR37;
      break;
-     /* \g must be followed by a number, either plain or braced. If positive, it
+     /* \g must be followed by one of a number of specific things:
-     is an absolute backreference. If negative, it is a relative backreference.
-     This is a Perl 5.10 feature. */
+     (1) A number, either plain or braced. If positive, it is an absolute
+     backreference. If negative, it is a relative backreference. This is a Perl
+.10 feature.
+     (2) Perl 5.10 also supports \g{name} as a reference to a named group. This
+     is part of Perl's movement towards a unified syntax for back references. As
+     this is synonymous with \k{name}, we fudge it up by pretending it really
+     was \k.
+     (3) For Oniguruma compatibility we also support \g followed by a name or a
+     number either in angle brackets or in single quotes. However, these are
+     (possibly recursive) subroutine calls, _not_ backreferences. Just return
+     the -ESC_g code (cf \k). */
-     case 'g':
+     case CHAR_g:
-     if (ptr[1] == '{')
+     if (ptr[1] == CHAR_LESS_THAN_SIGN || ptr[1] == CHAR_APOSTROPHE)
        {
+       c = -ESC_g;
+       break;
+       }
+     /* Handle the Perl-compatible cases */
+     if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
+       {
+       const uschar *p;
+       for (p = ptr+2; *p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET; p++)
+         if (*p != CHAR_MINUS && (digitab[*p] & ctype_digit) == 0) break;
+       if (*p != 0 && *p != CHAR_RIGHT_CURLY_BRACKET)
+         {
+         c = -ESC_k;
+         break;
+         }
        braced = TRUE;
        ptr++;
        }
      else braced = FALSE;
-     if (ptr[1] == '-')
+     if (ptr[1] == CHAR_MINUS)
        {
        negated = TRUE;
        ptr++;
-Line 471 
 else
+Line 696 
 else
      c = 0;
      while ((digitab[ptr[1]] & ctype_digit) != 0)
-       c = c * 10 + *(++ptr) - '0';
+       c = c * 10 + *(++ptr) - CHAR_0;
+     if (c < 0)   /* Integer overflow */
+       {
+       *errorcodeptr = ERR61;
+       break;
+       }
-     if (c == 0 || (braced && *(++ptr) != '}'))
+     if (braced && *(++ptr) != CHAR_RIGHT_CURLY_BRACKET)
        {
        *errorcodeptr = ERR57;
-       return 0;
+       break;
+       }
+     if (c == 0)
+       {
+       *errorcodeptr = ERR58;
+       break;
        }
      if (negated)
-Line 484 
 else
+Line 721 
 else
        if (c > bracount)
          {
          *errorcodeptr = ERR15;
-         return 0;
+         break;
          }
        c = bracount - (c - 1);
        }
-Line 504 
 else
+Line 741 
 else
      value is greater than 377, the least significant 8 bits are taken. Inside a
      character class, \ followed by a digit is always an octal number. */
-     case '1': case '2': case '3': case '4': case '5':
+     case CHAR_1: case CHAR_2: case CHAR_3: case CHAR_4: case CHAR_5:
-     case '6': case '7': case '8': case '9':
+     case CHAR_6: case CHAR_7: case CHAR_8: case CHAR_9:
      if (!isclass)
        {
        oldptr = ptr;
-       c -= '0';
+       c -= CHAR_0;
        while ((digitab[ptr[1]] & ctype_digit) != 0)
-         c = c * 10 + *(++ptr) - '0';
+         c = c * 10 + *(++ptr) - CHAR_0;
+       if (c < 0)    /* Integer overflow */
+         {
+         *errorcodeptr = ERR61;
+         break;
+         }
        if (c < 10 || c <= bracount)
          {
          c = -(ESC_REF + c);
-Line 525 
 else
+Line 767 
 else
      generates a binary zero byte and treats the digit as a following literal.
      Thus we have to pull back the pointer by one. */
-     if ((c = *ptr) >= '8')
+     if ((c = *ptr) >= CHAR_8)
        {
        ptr--;
        c = 0;
-Line 538 
 else
+Line 780 
 else
      to do). Nowadays we allow for larger numbers in UTF-8 mode, but no more
      than 3 octal digits. */
-     case '0':
+     case CHAR_0:
-     c -= '0';
+     c -= CHAR_0;
-     while(i++ < 2 && ptr[1] >= '0' && ptr[1] <= '7')
+     while(i++ < 2 && ptr[1] >= CHAR_0 && ptr[1] <= CHAR_7)
-         c = c * 8 + *(++ptr) - '0';
+         c = c * 8 + *(++ptr) - CHAR_0;
      if (!utf8 && c > 255) *errorcodeptr = ERR51;
      break;
-Line 549 
 else
+Line 791 
 else
      than 0xff in utf8 mode, but only if the ddd are hex digits. If not, { is
      treated as a data character. */
-     case 'x':
+     case CHAR_x:
-     if (ptr[1] == '{')
+     if (ptr[1] == CHAR_LEFT_CURLY_BRACKET)
        {
        const uschar *pt = ptr + 2;
        int count = 0;
-Line 559 
 else
+Line 801 
 else
        while ((digitab[*pt] & ctype_xdigit) != 0)
          {
          register int cc = *pt++;
-         if (c == 0 && cc == '0') continue;     /* Leading zeroes */
+         if (c == 0 && cc == CHAR_0) continue;     /* Leading zeroes */
          count++;
- #ifndef EBCDIC  /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII/UTF-8 coding */
-         if (cc >= 'a') cc -= 32;               /* Convert to upper case */
+         if (cc >= CHAR_a) cc -= 32;               /* Convert to upper case */
-         c = (c << 4) + cc - ((cc < 'A')? '0' : ('A' - 10));
+         c = (c << 4) + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
  #else           /* EBCDIC coding */
-         if (cc >= 'a' && cc <= 'z') cc += 64;  /* Convert to upper case */
+         if (cc >= CHAR_a && cc <= CHAR_z) cc += 64;  /* Convert to upper case */
-         c = (c << 4) + cc - ((cc >= '0')? '0' : ('A' - 10));
+         c = (c << 4) + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
  #endif
          }
-       if (*pt == '}')
+       if (*pt == CHAR_RIGHT_CURLY_BRACKET)
          {
          if (c < 0 || count > (utf8? 8 : 2)) *errorcodeptr = ERR34;
          ptr = pt;
-Line 587 
 else
+Line 829 
 else
      c = 0;
      while (i++ < 2 && (digitab[ptr[1]] & ctype_xdigit) != 0)
        {
-       int cc;                               /* Some compilers don't like ++ */
+       int cc;                                  /* Some compilers don't like */
-       cc = *(++ptr);                        /* in initializers */
+       cc = *(++ptr);                           /* ++ in initializers */
- #ifndef EBCDIC  /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII/UTF-8 coding */
-       if (cc >= 'a') cc -= 32;              /* Convert to upper case */
+       if (cc >= CHAR_a) cc -= 32;              /* Convert to upper case */
-       c = c * 16 + cc - ((cc < 'A')? '0' : ('A' - 10));
+       c = c * 16 + cc - ((cc < CHAR_A)? CHAR_0 : (CHAR_A - 10));
  #else           /* EBCDIC coding */
-       if (cc <= 'z') cc += 64;              /* Convert to upper case */
+       if (cc <= CHAR_z) cc += 64;              /* Convert to upper case */
-       c = c * 16 + cc - ((cc >= '0')? '0' : ('A' - 10));
+       c = c * 16 + cc - ((cc >= CHAR_0)? CHAR_0 : (CHAR_A - 10));
  #endif
        }
      break;
      /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
-     This coding is ASCII-specific, but then the whole concept of \cx is
+     An error is given if the byte following \c is not an ASCII character. This
+     coding is ASCII-specific, but then the whole concept of \cx is
      ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
-     case 'c':
+     case CHAR_c:
      c = *(++ptr);
      if (c == 0)
        {
        *errorcodeptr = ERR2;
-       return 0;
+       break;
        }
+ #ifndef EBCDIC    /* ASCII/UTF-8 coding */
- #ifndef EBCDIC  /* ASCII coding */
+     if (c > 127)  /* Excludes all non-ASCII in either mode */
-     if (c >= 'a' && c <= 'z') c -= 32;
+       {
+       *errorcodeptr = ERR68;
+       break;
+       }
+     if (c >= CHAR_a && c <= CHAR_z) c -= 32;
      c ^= 0x40;
- #else           /* EBCDIC coding */
+ #else             /* EBCDIC coding */
-     if (c >= 'a' && c <= 'z') c += 64;
+     if (c >= CHAR_a && c <= CHAR_z) c += 64;
      c ^= 0xC0;
  #endif
      break;
      /* PCRE_EXTRA enables extensions to Perl in the matter of escapes. Any
-     other alphameric following \ is an error if PCRE_EXTRA was set; otherwise,
+     other alphanumeric following \ is an error if PCRE_EXTRA was set;
-     for Perl compatibility, it is a literal. This code looks a bit odd, but
+     otherwise, for Perl compatibility, it is a literal. This code looks a bit
-     there used to be some cases other than the default, and there may be again
+     odd, but there used to be some cases other than the default, and there may
-     in future, so I haven't "optimized" it. */
+     be again in future, so I haven't "optimized" it. */
      default:
      if ((options & PCRE_EXTRA) != 0) switch(c)
-Line 637 
 else
+Line 884 
 else
      }
    }
+ /* Perl supports \N{name} for character names, as well as plain \N for "not
+ newline". PCRE does not support \N{name}. */
+ if (c == -ESC_N && ptr[1] == CHAR_LEFT_CURLY_BRACKET)
+   *errorcodeptr = ERR37;
+ /* If PCRE_UCP is set, we change the values for \d etc. */
+ if ((options & PCRE_UCP) != 0 && c <= -ESC_D && c >= -ESC_w)
+   c -= (ESC_DU - ESC_D);
+ /* Set the pointer to the final character before returning. */
  *ptrptr = ptr;
  return c;
  }
-Line 677 
 if (c == 0) goto ERROR_RETURN;
+Line 937 
 if (c == 0) goto ERROR_RETURN;
  /* \P or \p can be followed by a name in {}, optionally preceded by ^ for
  negation. */
- if (c == '{')
+ if (c == CHAR_LEFT_CURLY_BRACKET)
    {
-   if (ptr[1] == '^')
+   if (ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
      {
      *negptr = TRUE;
      ptr++;
      }
-   for (i = 0; i < sizeof(name) - 1; i++)
+   for (i = 0; i < (int)sizeof(name) - 1; i++)
      {
      c = *(++ptr);
      if (c == 0) goto ERROR_RETURN;
-     if (c == '}') break;
+     if (c == CHAR_RIGHT_CURLY_BRACKET) break;
      name[i] = c;
      }
-   if (c !='}') goto ERROR_RETURN;
+   if (c != CHAR_RIGHT_CURLY_BRACKET) goto ERROR_RETURN;
    name[i] = 0;
    }
-Line 713 
 top = _pcre_utt_size;
+Line 973 
 top = _pcre_utt_size;
  while (bot < top)
    {
    i = (bot + top) >> 1;
-   c = strcmp(name, _pcre_utt[i].name);
+   c = strcmp(name, _pcre_utt_names + _pcre_utt[i].name_offset);
    if (c == 0)
      {
      *dptr = _pcre_utt[i].value;
-Line 756 
 is_counted_repeat(const uschar *p)
+Line 1016 
 is_counted_repeat(const uschar *p)
  {
  if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
  while ((digitab[*p] & ctype_digit) != 0) p++;
- if (*p == '}') return TRUE;
+ if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
- if (*p++ != ',') return FALSE;
+ if (*p++ != CHAR_COMMA) return FALSE;
- if (*p == '}') return TRUE;
+ if (*p == CHAR_RIGHT_CURLY_BRACKET) return TRUE;
  if ((digitab[*p++] & ctype_digit) == 0) return FALSE;
  while ((digitab[*p] & ctype_digit) != 0) p++;
- return (*p == '}');
+ return (*p == CHAR_RIGHT_CURLY_BRACKET);
  }
-Line 797 
 int max = -1;
+Line 1057 
 int max = -1;
  /* Read the minimum value and do a paranoid check: a negative value indicates
  an integer overflow. */
- while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+ while ((digitab[*p] & ctype_digit) != 0) min = min * 10 + *p++ - CHAR_0;
  if (min < 0 || min > 65535)
    {
    *errorcodeptr = ERR5;
-Line 807 
 if (min < 0 || min > 65535)
+Line 1067 
 if (min < 0 || min > 65535)
  /* Read the maximum value if there is one, and again do a paranoid on its size.
  Also, max must not be less than min. */
- if (*p == '}') max = min; else
+ if (*p == CHAR_RIGHT_CURLY_BRACKET) max = min; else
    {
-   if (*(++p) != '}')
+   if (*(++p) != CHAR_RIGHT_CURLY_BRACKET)
      {
      max = 0;
-     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+     while((digitab[*p] & ctype_digit) != 0) max = max * 10 + *p++ - CHAR_0;
      if (max < 0 || max > 65535)
        {
        *errorcodeptr = ERR5;
-Line 837 
 return p;
+Line 1097 
 return p;
  /*************************************************
- *       Find forward referenced subpattern       *
+ *  Subroutine for finding forward reference      *
  *************************************************/
- /* This function scans along a pattern's text looking for capturing
+ /* This recursive function is called only from find_parens() below. The
+ top-level call starts at the beginning of the pattern. All other calls must
+ start at a parenthesis. It scans along a pattern's text looking for capturing
  subpatterns, and counting them. If it finds a named pattern that matches the
  name it is given, it returns its number. Alternatively, if the name is NULL, it
- returns when it reaches a given numbered subpattern. This is used for forward
+ returns when it reaches a given numbered subpattern. Recursion is used to keep
- references to subpatterns. We know that if (?P< is encountered, the name will
+ track of subpatterns that reset the capturing group numbers - the (?| feature.
- be terminated by '>' because that is checked in the first pass.
+ This function was originally called only from the second pass, in which we know
+ that if (?< or (?' or (?P< is encountered, the name will be correctly
+ terminated because that is checked in the first pass. There is now one call to
+ this function in the first pass, to check for a recursive back reference by
+ name (so that we can make the whole group atomic). In this case, we need check
+ only up to the current position in the pattern, and that is still OK because
+ and previous occurrences will have been checked. To make this work, the test
+ for "end of pattern" is a check against cd->end_pattern in the main loop,
+ instead of looking for a binary zero. This means that the special first-pass
+ call can adjust cd->end_pattern temporarily. (Checks for binary zero while
+ processing items within the loop are OK, because afterwards the main loop will
+ terminate.)
  Arguments:
-   ptr          current position in the pattern
+   ptrptr       address of the current character pointer (updated)
-   count        current count of capturing parens so far encountered
+   cd           compile background data
    name         name to seek, or NULL if seeking a numbered subpattern
    lorn         name length, or subpattern number if name is NULL
    xmode        TRUE if we are in /x mode
+   utf8         TRUE if we are in UTF-8 mode
+   count        pointer to the current capturing subpattern number (updated)
  Returns:       the number of the named subpattern, or -1 if not found
  */
  static int
- find_parens(const uschar *ptr, int count, const uschar *name, int lorn,
+ find_parens_sub(uschar **ptrptr, compile_data *cd, const uschar *name, int lorn,
-   BOOL xmode)
+   BOOL xmode, BOOL utf8, int *count)
  {
- const uschar *thisname;
+ uschar *ptr = *ptrptr;
+ int start_count = *count;
+ int hwm_count = start_count;
+ BOOL dup_parens = FALSE;
+ /* If the first character is a parenthesis, check on the type of group we are
+ dealing with. The very first call may not start with a parenthesis. */
- for (; *ptr != 0; ptr++)
+ if (ptr[0] == CHAR_LEFT_PARENTHESIS)
    {
-   int term;
+   /* Handle specials such as (*SKIP) or (*UTF8) etc. */
+   if (ptr[1] == CHAR_ASTERISK) ptr += 2;
+   /* Handle a normal, unnamed capturing parenthesis. */
+   else if (ptr[1] != CHAR_QUESTION_MARK)
+     {
+     *count += 1;
+     if (name == NULL && *count == lorn) return *count;
+     ptr++;
+     }
+   /* All cases now have (? at the start. Remember when we are in a group
+   where the parenthesis numbers are duplicated. */
+   else if (ptr[2] == CHAR_VERTICAL_LINE)
+     {
+     ptr += 3;
+     dup_parens = TRUE;
+     }
+   /* Handle comments; all characters are allowed until a ket is reached. */
+   else if (ptr[2] == CHAR_NUMBER_SIGN)
+     {
+     for (ptr += 3; *ptr != 0; ptr++) if (*ptr == CHAR_RIGHT_PARENTHESIS) break;
+     goto FAIL_EXIT;
+     }
+   /* Handle a condition. If it is an assertion, just carry on so that it
+   is processed as normal. If not, skip to the closing parenthesis of the
+   condition (there can't be any nested parens). */
+   else if (ptr[2] == CHAR_LEFT_PARENTHESIS)
+     {
+     ptr += 2;
+     if (ptr[1] != CHAR_QUESTION_MARK)
+       {
+       while (*ptr != 0 && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
+       if (*ptr != 0) ptr++;
+       }
+     }
+   /* Start with (? but not a condition. */
+   else
+     {
+     ptr += 2;
+     if (*ptr == CHAR_P) ptr++;                      /* Allow optional P */
+     /* We have to disambiguate (?<! and (?<= from (?<name> for named groups */
+     if ((*ptr == CHAR_LESS_THAN_SIGN && ptr[1] != CHAR_EXCLAMATION_MARK &&
+         ptr[1] != CHAR_EQUALS_SIGN) || *ptr == CHAR_APOSTROPHE)
+       {
+       int term;
+       const uschar *thisname;
+       *count += 1;
+       if (name == NULL && *count == lorn) return *count;
+       term = *ptr++;
+       if (term == CHAR_LESS_THAN_SIGN) term = CHAR_GREATER_THAN_SIGN;
+       thisname = ptr;
+       while (*ptr != term) ptr++;
+       if (name != NULL && lorn == ptr - thisname &&
+           strncmp((const char *)name, (const char *)thisname, lorn) == 0)
+         return *count;
+       term++;
+       }
+     }
+   }
+ /* Past any initial parenthesis handling, scan for parentheses or vertical
+ bars. Stop if we get to cd->end_pattern. Note that this is important for the
+ first-pass call when this value is temporarily adjusted to stop at the current
+ position. So DO NOT change this to a test for binary zero. */
+ for (; ptr < cd->end_pattern; ptr++)
+   {
    /* Skip over backslashed characters and also entire \Q...\E */
-   if (*ptr == '\\')
+   if (*ptr == CHAR_BACKSLASH)
      {
-     if (*(++ptr) == 0) return -1;
+     if (*(++ptr) == 0) goto FAIL_EXIT;
-     if (*ptr == 'Q') for (;;)
+     if (*ptr == CHAR_Q) for (;;)
        {
-       while (*(++ptr) != 0 && *ptr != '\\');
+       while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
-       if (*ptr == 0) return -1;
+       if (*ptr == 0) goto FAIL_EXIT;
-       if (*(++ptr) == 'E') break;
+       if (*(++ptr) == CHAR_E) break;
        }
      continue;
      }
-   /* Skip over character classes */
+   /* Skip over character classes; this logic must be similar to the way they
+   are handled for real. If the first character is '^', skip it. Also, if the
+   first few characters (either before or after ^) are \Q\E or \E we skip them
+   too. This makes for compatibility with Perl. Note the use of STR macros to
+   encode "Q\\E" so that it works in UTF-8 on EBCDIC platforms. */
-   if (*ptr == '[')
+   if (*ptr == CHAR_LEFT_SQUARE_BRACKET)
      {
-     while (*(++ptr) != ']')
+     BOOL negate_class = FALSE;
+     for (;;)
        {
-       if (*ptr == '\\')
+       if (ptr[1] == CHAR_BACKSLASH)
          {
-         if (*(++ptr) == 0) return -1;
+         if (ptr[2] == CHAR_E)
-         if (*ptr == 'Q') for (;;)
+           ptr+= 2;
+         else if (strncmp((const char *)ptr+2,
+                  STR_Q STR_BACKSLASH STR_E, 3) == 0)
+           ptr += 4;
+         else
+           break;
+         }
+       else if (!negate_class && ptr[1] == CHAR_CIRCUMFLEX_ACCENT)
+         {
+         negate_class = TRUE;
+         ptr++;
+         }
+       else break;
+       }
+     /* If the next character is ']', it is a data character that must be
+     skipped, except in JavaScript compatibility mode. */
+     if (ptr[1] == CHAR_RIGHT_SQUARE_BRACKET &&
+         (cd->external_options & PCRE_JAVASCRIPT_COMPAT) == 0)
+       ptr++;
+     while (*(++ptr) != CHAR_RIGHT_SQUARE_BRACKET)
+       {
+       if (*ptr == 0) return -1;
+       if (*ptr == CHAR_BACKSLASH)
+         {
+         if (*(++ptr) == 0) goto FAIL_EXIT;
+         if (*ptr == CHAR_Q) for (;;)
            {
-           while (*(++ptr) != 0 && *ptr != '\\');
+           while (*(++ptr) != 0 && *ptr != CHAR_BACKSLASH) {};
-           if (*ptr == 0) return -1;
+           if (*ptr == 0) goto FAIL_EXIT;
-           if (*(++ptr) == 'E') break;
+           if (*(++ptr) == CHAR_E) break;
            }
          continue;
          }
-Line 904 
 for (; *ptr != 0; ptr++)
+Line 1296 
 for (; *ptr != 0; ptr++)
    /* Skip comments in /x mode */
-   if (xmode && *ptr == '#')
+   if (xmode && *ptr == CHAR_NUMBER_SIGN)
      {
-     while (*(++ptr) != 0 && *ptr != '\n');
+     ptr++;
-     if (*ptr == 0) return -1;
+     while (*ptr != 0)
+       {
+       if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
+       ptr++;
+ #ifdef SUPPORT_UTF8
+       if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
+ #endif
+       }
+     if (*ptr == 0) goto FAIL_EXIT;
      continue;
      }
-   /* An opening parens must now be a real metacharacter */
+   /* Check for the special metacharacters */
-   if (*ptr != '(') continue;
+   if (*ptr == CHAR_LEFT_PARENTHESIS)
-   if (ptr[1] != '?')
      {
-     count++;
+     int rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, count);
-     if (name == NULL && count == lorn) return count;
+     if (rc > 0) return rc;
-     continue;
+     if (*ptr == 0) goto FAIL_EXIT;
      }
-   ptr += 2;
+   else if (*ptr == CHAR_RIGHT_PARENTHESIS)
-   if (*ptr == 'P') ptr++;                      /* Allow optional P */
+     {
+     if (dup_parens && *count < hwm_count) *count = hwm_count;
+     goto FAIL_EXIT;
+     }
+   else if (*ptr == CHAR_VERTICAL_LINE && dup_parens)
+     {
+     if (*count > hwm_count) hwm_count = *count;
+     *count = start_count;
+     }
+   }
+ FAIL_EXIT:
+ *ptrptr = ptr;
+ return -1;
+ }
-   /* We have to disambiguate (?<! and (?<= from (?<name> */
-   if ((*ptr != '<' || ptr[1] == '!' || ptr[1] == '=') &&
-        *ptr != '\'')
-     continue;
-   count++;
-   if (name == NULL && count == lorn) return count;
+ /*************************************************
-   term = *ptr++;
+ *       Find forward referenced subpattern       *
-   if (term == '<') term = '>';
+ *************************************************/
-   thisname = ptr;
-   while (*ptr != term) ptr++;
+ /* This function scans along a pattern's text looking for capturing
-   if (name != NULL && lorn == ptr - thisname &&
+ subpatterns, and counting them. If it finds a named pattern that matches the
-       strncmp((const char *)name, (const char *)thisname, lorn) == 0)
+ name it is given, it returns its number. Alternatively, if the name is NULL, it
-     return count;
+ returns when it reaches a given numbered subpattern. This is used for forward
+ references to subpatterns. We used to be able to start this scan from the
+ current compiling point, using the current count value from cd->bracount, and
+ do it all in a single loop, but the addition of the possibility of duplicate
+ subpattern numbers means that we have to scan from the very start, in order to
+ take account of such duplicates, and to use a recursive function to keep track
+ of the different types of group.
+ Arguments:
+   cd           compile background data
+   name         name to seek, or NULL if seeking a numbered subpattern
+   lorn         name length, or subpattern number if name is NULL
+   xmode        TRUE if we are in /x mode
+   utf8         TRUE if we are in UTF-8 mode
+ Returns:       the number of the found subpattern, or -1 if not found
+ */
+ static int
+ find_parens(compile_data *cd, const uschar *name, int lorn, BOOL xmode,
+   BOOL utf8)
+ {
+ uschar *ptr = (uschar *)cd->start_pattern;
+ int count = 0;
+ int rc;
+ /* If the pattern does not start with an opening parenthesis, the first call
+ to find_parens_sub() will scan right to the end (if necessary). However, if it
+ does start with a parenthesis, find_parens_sub() will return when it hits the
+ matching closing parens. That is why we have to have a loop. */
+ for (;;)
+   {
+   rc = find_parens_sub(&ptr, cd, name, lorn, xmode, utf8, &count);
+   if (rc > 0 || *ptr++ == 0) break;
    }
- return -1;
+ return rc;
  }
  /*************************************************
  *      Find first significant op code            *
  *************************************************/
-Line 996 
 for (;;)
+Line 1440 
 for (;;)
      case OP_CALLOUT:
      case OP_CREF:
+     case OP_NCREF:
      case OP_RREF:
+     case OP_NRREF:
      case OP_DEF:
      code += _pcre_OP_lengths[*code];
      break;
-Line 1012 
 for (;;)
+Line 1458 
 for (;;)
  /*************************************************
- *        Find the fixed length of a pattern      *
+ *        Find the fixed length of a branch       *
  *************************************************/
- /* Scan a pattern and compute the fixed length of subject that will match it,
+ /* Scan a branch and compute the fixed length of subject that will match it,
  if the length is fixed. This is needed for dealing with backward assertions.
- In UTF8 mode, the result is in characters rather than bytes.
+ In UTF8 mode, the result is in characters rather than bytes. The branch is
+ temporarily terminated with OP_END when this function is called.
+ This function is called when a backward assertion is encountered, so that if it
+ fails, the error message can point to the correct place in the pattern.
+ However, we cannot do this when the assertion contains subroutine calls,
+ because they can be forward references. We solve this by remembering this case
+ and doing the check at the end; a flag specifies which mode we are running in.
  Arguments:
    code     points to the start of the pattern (the bracket)
    options  the compiling options
+   atend    TRUE if called when the pattern is complete
+   cd       the "compile data" structure
- Returns:   the fixed length, or -1 if there is no fixed length,
+ Returns:   the fixed length,
+              or -1 if there is no fixed length,
               or -2 if \C was encountered
+              or -3 if an OP_RECURSE item was encountered and atend is FALSE
  */
  static int
- find_fixedlength(uschar *code, int options)
+ find_fixedlength(uschar *code, int options, BOOL atend, compile_data *cd)
  {
  int length = -1;
-Line 1041 
 branch, check the length against that of
+Line 1498 
 branch, check the length against that of
  for (;;)
    {
    int d;
+   uschar *ce, *cs;
    register int op = *cc;
    switch (op)
      {
      case OP_CBRA:
      case OP_BRA:
      case OP_ONCE:
      case OP_COND:
-     d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), options);
+     d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), options, atend, cd);
      if (d < 0) return d;
      branchlength += d;
      do cc += GET(cc, 1); while (*cc == OP_ALT);
-Line 1072 
 for (;;)
+Line 1529 
 for (;;)
      branchlength = 0;
      break;
+     /* A true recursion implies not fixed length, but a subroutine call may
+     be OK. If the subroutine is a forward reference, we can't deal with
+     it until the end of the pattern, so return -3. */
+     case OP_RECURSE:
+     if (!atend) return -3;
+     cs = ce = (uschar *)cd->start_code + GET(cc, 1);  /* Start subpattern */
+     do ce += GET(ce, 1); while (*ce == OP_ALT);       /* End subpattern */
+     if (cc > cs && cc < ce) return -1;                /* Recursion */
+     d = find_fixedlength(cs + 2, options, atend, cd);
+     if (d < 0) return d;
+     branchlength += d;
+     cc += 1 + LINK_SIZE;
+     break;
      /* Skip over assertive subpatterns */
      case OP_ASSERT:
-Line 1085 
 for (;;)
+Line 1557 
 for (;;)
      case OP_REVERSE:
      case OP_CREF:
+     case OP_NCREF:
      case OP_RREF:
+     case OP_NRREF:
      case OP_DEF:
      case OP_OPT:
      case OP_CALLOUT:
      case OP_SOD:
      case OP_SOM:
+     case OP_SET_SOM:
      case OP_EOD:
      case OP_EODN:
      case OP_CIRC:
-Line 1108 
 for (;;)
+Line 1583 
 for (;;)
      branchlength++;
      cc += 2;
  #ifdef SUPPORT_UTF8
-     if ((options & PCRE_UTF8) != 0)
+     if ((options & PCRE_UTF8) != 0 && cc[-1] >= 0xc0)
-       {
+       cc += _pcre_utf8_table4[cc[-1] & 0x3f];
-       while ((*cc & 0xc0) == 0x80) cc++;
-       }
  #endif
      break;
-Line 1122 
 for (;;)
+Line 1595 
 for (;;)
      branchlength += GET2(cc,1);
      cc += 4;
  #ifdef SUPPORT_UTF8
-     if ((options & PCRE_UTF8) != 0)
+     if ((options & PCRE_UTF8) != 0 && cc[-1] >= 0xc0)
-       {
+       cc += _pcre_utf8_table4[cc[-1] & 0x3f];
-       while((*cc & 0x80) == 0x80) cc++;
-       }
  #endif
      break;
      case OP_TYPEEXACT:
      branchlength += GET2(cc,1);
+     if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
      cc += 4;
      break;
-Line 1148 
 for (;;)
+Line 1620 
 for (;;)
      case OP_NOT_WORDCHAR:
      case OP_WORDCHAR:
      case OP_ANY:
+     case OP_ALLANY:
      branchlength++;
      cc++;
      break;
-Line 1202 
 for (;;)
+Line 1675 
 for (;;)
  /*************************************************
- *    Scan compiled regex for numbered bracket    *
+ *    Scan compiled regex for specific bracket    *
  *************************************************/
  /* This little function scans through a compiled pattern until it finds a
- capturing bracket with the given number.
+ capturing bracket with the given number, or, if the number is negative, an
+ instance of OP_REVERSE for a lookbehind. The function is global in the C sense
+ so that it can be called from pcre_study() when finding the minimum matching
+ length.
  Arguments:
    code        points to start of expression
    utf8        TRUE in UTF-8 mode
-   number      the required bracket number
+   number      the required bracket number or negative to find a lookbehind
  Returns:      pointer to the opcode for the bracket, or NULL if not found
  */
- static const uschar *
+ const uschar *
- find_bracket(const uschar *code, BOOL utf8, int number)
+ _pcre_find_bracket(const uschar *code, BOOL utf8, int number)
  {
  for (;;)
    {
-Line 1230 
 for (;;)
+Line 1706 
 for (;;)
    if (c == OP_XCLASS) code += GET(code, 1);
+   /* Handle recursion */
+   else if (c == OP_REVERSE)
+     {
+     if (number < 0) return (uschar *)code;
+     code += _pcre_OP_lengths[c];
+     }
    /* Handle capturing bracket */
    else if (c == OP_CBRA)
-Line 1239 
 for (;;)
+Line 1723 
 for (;;)
      code += _pcre_OP_lengths[c];
      }
-   /* In UTF-8 mode, opcodes that are followed by a character may be followed by
+   /* Otherwise, we can get the item's length from the table, except that for
-   a multi-byte character. The length in the table is a minimum, so we have to
+   repeated character types, we have to test for \p and \P, which have an extra
-   arrange to skip the extra bytes. */
+   two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
+   must add in its length. */
    else
      {
+     switch(c)
+       {
+       case OP_TYPESTAR:
+       case OP_TYPEMINSTAR:
+       case OP_TYPEPLUS:
+       case OP_TYPEMINPLUS:
+       case OP_TYPEQUERY:
+       case OP_TYPEMINQUERY:
+       case OP_TYPEPOSSTAR:
+       case OP_TYPEPOSPLUS:
+       case OP_TYPEPOSQUERY:
+       if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+       break;
+       case OP_TYPEUPTO:
+       case OP_TYPEMINUPTO:
+       case OP_TYPEEXACT:
+       case OP_TYPEPOSUPTO:
+       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       break;
+       case OP_MARK:
+       case OP_PRUNE_ARG:
+       case OP_SKIP_ARG:
+       code += code[1];
+       break;
+       case OP_THEN_ARG:
+       code += code[1+LINK_SIZE];
+       break;
+       }
+     /* Add in the fixed length from the table */
      code += _pcre_OP_lengths[c];
+   /* In UTF-8 mode, opcodes that are followed by a character may be followed by
+   a multi-byte character. The length in the table is a minimum, so we have to
+   arrange to skip the extra bytes. */
  #ifdef SUPPORT_UTF8
      if (utf8) switch(c)
        {
-Line 1267 
 for (;;)
+Line 1791 
 for (;;)
        if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
        break;
        }
+ #else
+     (void)(utf8);  /* Keep compiler happy by referencing function argument */
  #endif
      }
    }
-Line 1303 
 for (;;)
+Line 1829 
 for (;;)
    if (c == OP_XCLASS) code += GET(code, 1);
-   /* Otherwise, we get the item's length from the table. In UTF-8 mode, opcodes
+   /* Otherwise, we can get the item's length from the table, except that for
-   that are followed by a character may be followed by a multi-byte character.
+   repeated character types, we have to test for \p and \P, which have an extra
-   The length in the table is a minimum, so we have to arrange to skip the extra
+   two bytes of parameters, and for MARK/PRUNE/SKIP/THEN with an argument, we
-   bytes. */
+   must add in its length. */
    else
      {
+     switch(c)
+       {
+       case OP_TYPESTAR:
+       case OP_TYPEMINSTAR:
+       case OP_TYPEPLUS:
+       case OP_TYPEMINPLUS:
+       case OP_TYPEQUERY:
+       case OP_TYPEMINQUERY:
+       case OP_TYPEPOSSTAR:
+       case OP_TYPEPOSPLUS:
+       case OP_TYPEPOSQUERY:
+       if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+       break;
+       case OP_TYPEPOSUPTO:
+       case OP_TYPEUPTO:
+       case OP_TYPEMINUPTO:
+       case OP_TYPEEXACT:
+       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       break;
+       case OP_MARK:
+       case OP_PRUNE_ARG:
+       case OP_SKIP_ARG:
+       code += code[1];
+       break;
+       case OP_THEN_ARG:
+       code += code[1+LINK_SIZE];
+       break;
+       }
+     /* Add in the fixed length from the table */
      code += _pcre_OP_lengths[c];
+     /* In UTF-8 mode, opcodes that are followed by a character may be followed
+     by a multi-byte character. The length in the table is a minimum, so we have
+     to arrange to skip the extra bytes. */
  #ifdef SUPPORT_UTF8
      if (utf8) switch(c)
        {
-Line 1332 
 for (;;)
+Line 1897 
 for (;;)
        if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
        break;
        }
+ #else
+     (void)(utf8);  /* Keep compiler happy by referencing function argument */
  #endif
      }
    }
-Line 1347 
 for (;;)
+Line 1914 
 for (;;)
  can match the empty string or not. It is called from could_be_empty()
  below and from compile_branch() when checking for an unlimited repeat of a
  group that can match nothing. Note that first_significant_code() skips over
- assertions. If we hit an unclosed bracket, we return "empty" - this means we've
+ backward and negative forward assertions when its final argument is TRUE. If we
- struck an inner bracket whose current branch will already have been scanned.
+ hit an unclosed bracket, we return "empty" - this means we've struck an inner
+ bracket whose current branch will already have been scanned.
  Arguments:
    code        points to start of search
    endcode     points to where to stop
    utf8        TRUE if in UTF8 mode
+   cd          contains pointers to tables etc.
  Returns:      TRUE if what is matched could be empty
  */
  static BOOL
- could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8)
+ could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8,
+   compile_data *cd)
  {
  register int c;
  for (code = first_significant_code(code + _pcre_OP_lengths[*code], NULL, 0, TRUE);
-Line 1370 
 for (code = first_significant_code(code
+Line 1940 
 for (code = first_significant_code(code
    c = *code;
-   if (c == OP_BRA || c == OP_CBRA || c == OP_ONCE)
+   /* Skip over forward assertions; the other assertions are skipped by
+   first_significant_code() with a TRUE final argument. */
+   if (c == OP_ASSERT)
      {
-     BOOL empty_branch;
+     do code += GET(code, 1); while (*code == OP_ALT);
-     if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */
+     c = *code;
+     continue;
+     }
+   /* Groups with zero repeats can of course be empty; skip them. */
+   if (c == OP_BRAZERO || c == OP_BRAMINZERO || c == OP_SKIPZERO)
+     {
+     code += _pcre_OP_lengths[c];
+     do code += GET(code, 1); while (*code == OP_ALT);
+     c = *code;
+     continue;
+     }
-     /* Scan a closed bracket */
+   /* For a recursion/subroutine call, if its end has been reached, which
+   implies a subroutine call, we can scan it. */
-     empty_branch = FALSE;
+   if (c == OP_RECURSE)
+     {
+     BOOL empty_branch = FALSE;
+     const uschar *scode = cd->start_code + GET(code, 1);
+     if (GET(scode, 1) == 0) return TRUE;    /* Unclosed */
      do
        {
-       if (!empty_branch && could_be_empty_branch(code, endcode, utf8))
+       if (could_be_empty_branch(scode, endcode, utf8, cd))
+         {
          empty_branch = TRUE;
-       code += GET(code, 1);
+         break;
+         }
+       scode += GET(scode, 1);
        }
-     while (*code == OP_ALT);
+     while (*scode == OP_ALT);
-     if (!empty_branch) return FALSE;   /* All branches are non-empty */
+     if (!empty_branch) return FALSE;  /* All branches are non-empty */
+     continue;
+     }
-     /* Move past the KET and fudge things so that the increment in the "for"
+   /* For other groups, scan the branches. */
-     above has no effect. */
-     c = OP_END;
+   if (c == OP_BRA || c == OP_CBRA || c == OP_ONCE || c == OP_COND)
-     code += 1 + LINK_SIZE - _pcre_OP_lengths[c];
+     {
+     BOOL empty_branch;
+     if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */
+     /* If a conditional group has only one branch, there is a second, implied,
+     empty branch, so just skip over the conditional, because it could be empty.
+     Otherwise, scan the individual branches of the group. */
+     if (c == OP_COND && code[GET(code, 1)] != OP_ALT)
+       code += GET(code, 1);
+     else
+       {
+       empty_branch = FALSE;
+       do
+         {
+         if (!empty_branch && could_be_empty_branch(code, endcode, utf8, cd))
+           empty_branch = TRUE;
+         code += GET(code, 1);
+         }
+       while (*code == OP_ALT);
+       if (!empty_branch) return FALSE;   /* All branches are non-empty */
+       }
+     c = *code;
      continue;
      }
-Line 1399 
 for (code = first_significant_code(code
+Line 2016 
 for (code = first_significant_code(code
    switch (c)
      {
-     /* Check for quantifiers after a class */
+     /* Check for quantifiers after a class. XCLASS is used for classes that
+     cannot be represented just by a bit map. This includes negated single
+     high-valued characters. The length in _pcre_OP_lengths[] is zero; the
+     actual length is stored in the compiled code, so we must update "code"
+     here. */
  #ifdef SUPPORT_UTF8
      case OP_XCLASS:
-     ccode = code + GET(code, 1);
+     ccode = code += GET(code, 1);
      goto CHECK_CLASS_REPEAT;
  #endif
-Line 1447 
 for (code = first_significant_code(code
+Line 2068 
 for (code = first_significant_code(code
      case OP_NOT_WORDCHAR:
      case OP_WORDCHAR:
      case OP_ANY:
+     case OP_ALLANY:
      case OP_ANYBYTE:
      case OP_CHAR:
      case OP_CHARNC:
-Line 1465 
 for (code = first_significant_code(code
+Line 2087 
 for (code = first_significant_code(code
      case OP_TYPEEXACT:
      return FALSE;
+     /* These are going to continue, as they may be empty, but we have to
+     fudge the length for the \p and \P cases. */
+     case OP_TYPESTAR:
+     case OP_TYPEMINSTAR:
+     case OP_TYPEPOSSTAR:
+     case OP_TYPEQUERY:
+     case OP_TYPEMINQUERY:
+     case OP_TYPEPOSQUERY:
+     if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+     break;
+     /* Same for these */
+     case OP_TYPEUPTO:
+     case OP_TYPEMINUPTO:
+     case OP_TYPEPOSUPTO:
+     if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+     break;
      /* End of branch */
      case OP_KET:
-Line 1483 
 for (code = first_significant_code(code
+Line 2125 
 for (code = first_significant_code(code
      case OP_QUERY:
      case OP_MINQUERY:
      case OP_POSQUERY:
+     if (utf8 && code[1] >= 0xc0) code += _pcre_utf8_table4[code[1] & 0x3f];
+     break;
      case OP_UPTO:
      case OP_MINUPTO:
      case OP_POSUPTO:
-     if (utf8) while ((code[2] & 0xc0) == 0x80) code++;
+     if (utf8 && code[3] >= 0xc0) code += _pcre_utf8_table4[code[3] & 0x3f];
      break;
  #endif
+     /* MARK, and PRUNE/SKIP/THEN with an argument must skip over the argument
+     string. */
+     case OP_MARK:
+     case OP_PRUNE_ARG:
+     case OP_SKIP_ARG:
+     code += code[1];
+     break;
+     case OP_THEN_ARG:
+     code += code[1+LINK_SIZE];
+     break;
+     /* None of the remaining opcodes are required to match a character. */
+     default:
+     break;
      }
    }
-Line 1511 
 Arguments:
+Line 2174 
 Arguments:
    endcode     points to where to stop (current RECURSE item)
    bcptr       points to the chain of current (unclosed) branch starts
    utf8        TRUE if in UTF-8 mode
+   cd          pointers to tables etc
  Returns:      TRUE if what is matched could be empty
  */
  static BOOL
  could_be_empty(const uschar *code, const uschar *endcode, branch_chain *bcptr,
-   BOOL utf8)
+   BOOL utf8, compile_data *cd)
  {
- while (bcptr != NULL && bcptr->current >= code)
+ while (bcptr != NULL && bcptr->current_branch >= code)
    {
-   if (!could_be_empty_branch(bcptr->current, endcode, utf8)) return FALSE;
+   if (!could_be_empty_branch(bcptr->current_branch, endcode, utf8, cd))
+     return FALSE;
    bcptr = bcptr->outer;
    }
  return TRUE;
-Line 1534 
 return TRUE;
+Line 2199 
 return TRUE;
  *************************************************/
  /* This function is called when the sequence "[:" or "[." or "[=" is
- encountered in a character class. It checks whether this is followed by an
+ encountered in a character class. It checks whether this is followed by a
- optional ^ and then a sequence of letters, terminated by a matching ":]" or
+ sequence of characters terminated by a matching ":]" or ".]" or "=]". If we
- ".]" or "=]".
+ reach an unescaped ']' without the special preceding character, return FALSE.
+ Originally, this function only recognized a sequence of letters between the
+ terminators, but it seems that Perl recognizes any sequence of characters,
+ though of course unknown POSIX names are subsequently rejected. Perl gives an
+ "Unknown POSIX class" error for [:f\oo:] for example, where previously PCRE
+ didn't consider this to be a POSIX class. Likewise for [:1234:].
+ The problem in trying to be exactly like Perl is in the handling of escapes. We
+ have to be sure that [abc[:x\]pqr] is *not* treated as containing a POSIX
+ class, but [abc[:x\]pqr:]] is (so that an error can be generated). The code
+ below handles the special case of \], but does not try to do any other escape
+ processing. This makes it different from Perl for cases such as [:l\ower:]
+ where Perl recognizes it as the POSIX class "lower" but PCRE does not recognize
+ "l\ower". This is a lesser evil that not diagnosing bad classes when Perl does,
+ I think.
- Argument:
+ Arguments:
    ptr      pointer to the initial [
    endptr   where to return the end pointer
-   cd       pointer to compile data
  Returns:   TRUE or FALSE
  */
  static BOOL
- check_posix_syntax(const uschar *ptr, const uschar **endptr, compile_data *cd)
+ check_posix_syntax(const uschar *ptr, const uschar **endptr)
  {
  int terminator;          /* Don't combine these lines; the Solaris cc */
  terminator = *(++ptr);   /* compiler warns about "non-constant" initializer. */
- if (*(++ptr) == '^') ptr++;
+ for (++ptr; *ptr != 0; ptr++)
- while ((cd->ctypes[*ptr] & ctype_letter) != 0) ptr++;
- if (*ptr == terminator && ptr[1] == ']')
    {
-   *endptr = ptr;
+   if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET) ptr++; else
-   return TRUE;
+     {
+     if (*ptr == CHAR_RIGHT_SQUARE_BRACKET) return FALSE;
+     if (*ptr == terminator && ptr[1] == CHAR_RIGHT_SQUARE_BRACKET)
+       {
+       *endptr = ptr;
+       return TRUE;
+       }
+     }
    }
  return FALSE;
  }
-Line 1581 
 Returns:     a value representing the na
+Line 2265 
 Returns:     a value representing the na
  static int
  check_posix_name(const uschar *ptr, int len)
  {
+ const char *pn = posix_names;
  register int yield = 0;
  while (posix_name_lengths[yield] != 0)
    {
    if (len == posix_name_lengths[yield] &&
-     strncmp((const char *)ptr, posix_names[yield], len) == 0) return yield;
+     strncmp((const char *)ptr, pn, len) == 0) return yield;
+   pn += posix_name_lengths[yield] + 1;
    yield++;
    }
  return -1;
-Line 1600 
 return -1;
+Line 2286 
 return -1;
  that is referenced. This means that groups can be replicated for fixed
  repetition simply by copying (because the recursion is allowed to refer to
  earlier groups that are outside the current group). However, when a group is
- optional (i.e. the minimum quantifier is zero), OP_BRAZERO is inserted before
+ optional (i.e. the minimum quantifier is zero), OP_BRAZERO or OP_SKIPZERO is
- it, after it has been compiled. This means that any OP_RECURSE items within it
+ inserted before it, after it has been compiled. This means that any OP_RECURSE
- that refer to the group itself or any contained groups have to have their
+ items within it that refer to the group itself or any contained groups have to
- offsets adjusted. That one of the jobs of this function. Before it is called,
+ have their offsets adjusted. That one of the jobs of this function. Before it
- the partially compiled regex must be temporarily terminated with OP_END.
+ is called, the partially compiled regex must be temporarily terminated with
+ OP_END.
  This function has been extended with the possibility of forward references for
  recursions and subroutine calls. It must also check the list of such references
-Line 1627 
 adjust_recurse(uschar *group, int adjust
+Line 2314 
 adjust_recurse(uschar *group, int adjust
    uschar *save_hwm)
  {
  uschar *ptr = group;
  while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
    {
    int offset;
-Line 1680 
 auto_callout(uschar *code, const uschar
+Line 2368 
 auto_callout(uschar *code, const uschar
  {
  *code++ = OP_CALLOUT;
  *code++ = 255;
- PUT(code, 0, ptr - cd->start_pattern);  /* Pattern offset */
+ PUT(code, 0, (int)(ptr - cd->start_pattern));  /* Pattern offset */
- PUT(code, LINK_SIZE, 0);                /* Default length */
+ PUT(code, LINK_SIZE, 0);                       /* Default length */
  return code + 2*LINK_SIZE;
  }
-Line 1706 
 Returns:             nothing
+Line 2394 
 Returns:             nothing
  static void
  complete_callout(uschar *previous_callout, const uschar *ptr, compile_data *cd)
  {
- int length = ptr - cd->start_pattern - GET(previous_callout, 2);
+ int length = (int)(ptr - cd->start_pattern - GET(previous_callout, 2));
  PUT(previous_callout, 2 + LINK_SIZE, length);
  }
-Line 1738 
 get_othercase_range(unsigned int *cptr,
+Line 2426 
 get_othercase_range(unsigned int *cptr,
  unsigned int c, othercase, next;
  for (c = *cptr; c <= d; c++)
-   { if ((othercase = _pcre_ucp_othercase(c)) != NOTACHAR) break; }
+   { if ((othercase = UCD_OTHERCASE(c)) != c) break; }
  if (c > d) return FALSE;
-Line 1747 
 next = othercase + 1;
+Line 2435 
 next = othercase + 1;
  for (++c; c <= d; c++)
    {
-   if (_pcre_ucp_othercase(c) != next) break;
+   if (UCD_OTHERCASE(c) != next) break;
    next++;
    }
-Line 1756 
 for (++c; c <= d; c++)
+Line 2444 
 for (++c; c <= d; c++)
  return TRUE;
  }
+ /*************************************************
+ *        Check a character and a property        *
+ *************************************************/
+ /* This function is called by check_auto_possessive() when a property item
+ is adjacent to a fixed character.
+ Arguments:
+   c            the character
+   ptype        the property type
+   pdata        the data for the type
+   negated      TRUE if it's a negated property (\P or \p{^)
+ Returns:       TRUE if auto-possessifying is OK
+ */
+ static BOOL
+ check_char_prop(int c, int ptype, int pdata, BOOL negated)
+ {
+ const ucd_record *prop = GET_UCD(c);
+ switch(ptype)
+   {
+   case PT_LAMP:
+   return (prop->chartype == ucp_Lu ||
+           prop->chartype == ucp_Ll ||
+           prop->chartype == ucp_Lt) == negated;
+   case PT_GC:
+   return (pdata == _pcre_ucp_gentype[prop->chartype]) == negated;
+   case PT_PC:
+   return (pdata == prop->chartype) == negated;
+   case PT_SC:
+   return (pdata == prop->script) == negated;
+   /* These are specials */
+   case PT_ALNUM:
+   return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
+           _pcre_ucp_gentype[prop->chartype] == ucp_N) == negated;
+   case PT_SPACE:    /* Perl space */
+   return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
+           c == CHAR_HT || c == CHAR_NL || c == CHAR_FF || c == CHAR_CR)
+           == negated;
+   case PT_PXSPACE:  /* POSIX space */
+   return (_pcre_ucp_gentype[prop->chartype] == ucp_Z ||
+           c == CHAR_HT || c == CHAR_NL || c == CHAR_VT ||
+           c == CHAR_FF || c == CHAR_CR)
+           == negated;
+   case PT_WORD:
+   return (_pcre_ucp_gentype[prop->chartype] == ucp_L ||
+           _pcre_ucp_gentype[prop->chartype] == ucp_N ||
+           c == CHAR_UNDERSCORE) == negated;
+   }
+ return FALSE;
+ }
  #endif  /* SUPPORT_UCP */
-Line 1769 
 whether the next thing could possibly ma
+Line 2520 
 whether the next thing could possibly ma
  sense to automatically possessify the repeated item.
  Arguments:
-   op_code       the repeated op code
+   previous      pointer to the repeated opcode
-   this          data for this item, depends on the opcode
    utf8          TRUE in UTF-8 mode
-   utf8_char     used for utf8 character bytes, NULL if not relevant
    ptr           next character in pattern
    options       options bits
    cd            contains pointers to tables etc.
-Line 1781 
 Returns:        TRUE if possessifying is
+Line 2530 
 Returns:        TRUE if possessifying is
  */
  static BOOL
- check_auto_possessive(int op_code, int item, BOOL utf8, uschar *utf8_char,
+ check_auto_possessive(const uschar *previous, BOOL utf8, const uschar *ptr,
-   const uschar *ptr, int options, compile_data *cd)
+   int options, compile_data *cd)
  {
- int next;
+ int c, next;
+ int op_code = *previous++;
  /* Skip whitespace and comments in extended mode */
-Line 1793 
 if ((options & PCRE_EXTENDED) != 0)
+Line 2543 
 if ((options & PCRE_EXTENDED) != 0)
    for (;;)
      {
      while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
-     if (*ptr == '#')
+     if (*ptr == CHAR_NUMBER_SIGN)
        {
-       while (*(++ptr) != 0)
+       ptr++;
+       while (*ptr != 0)
+         {
          if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
+         ptr++;
+ #ifdef SUPPORT_UTF8
+         if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
+ #endif
+         }
        }
      else break;
      }
-Line 1805 
 if ((options & PCRE_EXTENDED) != 0)
+Line 2562 
 if ((options & PCRE_EXTENDED) != 0)
  /* If the next item is one that we can handle, get its value. A non-negative
  value is a character, a negative value is an escape value. */
- if (*ptr == '\\')
+ if (*ptr == CHAR_BACKSLASH)
    {
    int temperrorcode = 0;
    next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
-Line 1830 
 if ((options & PCRE_EXTENDED) != 0)
+Line 2587 
 if ((options & PCRE_EXTENDED) != 0)
    for (;;)
      {
      while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
-     if (*ptr == '#')
+     if (*ptr == CHAR_NUMBER_SIGN)
        {
-       while (*(++ptr) != 0)
+       ptr++;
+       while (*ptr != 0)
+         {
          if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
+         ptr++;
+ #ifdef SUPPORT_UTF8
+         if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
+ #endif
+         }
        }
      else break;
      }
-Line 1841 
 if ((options & PCRE_EXTENDED) != 0)
+Line 2605 
 if ((options & PCRE_EXTENDED) != 0)
  /* If the next thing is itself optional, we have to give up. */
- if (*ptr == '*' || *ptr == '?' || strncmp((char *)ptr, "{0,", 3) == 0)
+ if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
-   return FALSE;
+   strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
+     return FALSE;
- /* Now compare the next item with the previous opcode. If the previous is a
- positive single character match, "item" either contains the character or, if
- "item" is greater than 127 in utf8 mode, the character's bytes are in
- utf8_char. */
- /* Handle cases when the next item is a character. */
+ /* Now compare the next item with the previous opcode. First, handle cases when
+ the next item is a character. */
  if (next >= 0) switch(op_code)
    {
    case OP_CHAR:
  #ifdef SUPPORT_UTF8
-   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
+   GETCHARTEST(c, previous);
+ #else
+   c = *previous;
  #endif
-   return item != next;
+   return c != next;
    /* For CHARNC (caseless character) we must check the other case. If we have
    Unicode property support, we can use it to test the other case of
-Line 1866 
 if (next >= 0) switch(op_code)
+Line 2628 
 if (next >= 0) switch(op_code)
    case OP_CHARNC:
  #ifdef SUPPORT_UTF8
-   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
+   GETCHARTEST(c, previous);
+ #else
+   c = *previous;
  #endif
-   if (item == next) return FALSE;
+   if (c == next) return FALSE;
  #ifdef SUPPORT_UTF8
    if (utf8)
      {
      unsigned int othercase;
      if (next < 128) othercase = cd->fcc[next]; else
  #ifdef SUPPORT_UCP
-     othercase = _pcre_ucp_othercase((unsigned int)next);
+     othercase = UCD_OTHERCASE((unsigned int)next);
  #else
      othercase = NOTACHAR;
  #endif
-     return (unsigned int)item != othercase;
+     return (unsigned int)c != othercase;
      }
    else
  #endif  /* SUPPORT_UTF8 */
-   return (item != cd->fcc[next]);  /* Non-UTF-8 mode */
+   return (c != cd->fcc[next]);  /* Non-UTF-8 mode */
-   /* For OP_NOT, "item" must be a single-byte character. */
+   /* For OP_NOT, its data is always a single-byte character. */
    case OP_NOT:
-   if (next < 0) return FALSE;  /* Not a character */
+   if ((c = *previous) == next) return TRUE;
-   if (item == next) return TRUE;
    if ((options & PCRE_CASELESS) == 0) return FALSE;
  #ifdef SUPPORT_UTF8
    if (utf8)
-Line 1897 
 if (next >= 0) switch(op_code)
+Line 2660 
 if (next >= 0) switch(op_code)
      unsigned int othercase;
      if (next < 128) othercase = cd->fcc[next]; else
  #ifdef SUPPORT_UCP
-     othercase = _pcre_ucp_othercase(next);
+     othercase = UCD_OTHERCASE(next);
  #else
      othercase = NOTACHAR;
  #endif
-     return (unsigned int)item == othercase;
+     return (unsigned int)c == othercase;
      }
    else
  #endif  /* SUPPORT_UTF8 */
-   return (item == cd->fcc[next]);  /* Non-UTF-8 mode */
+   return (c == cd->fcc[next]);  /* Non-UTF-8 mode */
+   /* Note that OP_DIGIT etc. are generated only when PCRE_UCP is *not* set.
+   When it is set, \d etc. are converted into OP_(NOT_)PROP codes. */
    case OP_DIGIT:
    return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
-Line 1925 
 if (next >= 0) switch(op_code)
+Line 2691 
 if (next >= 0) switch(op_code)
    case OP_NOT_WORDCHAR:
    return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
+   case OP_HSPACE:
+   case OP_NOT_HSPACE:
+   switch(next)
+     {
+     case 0x09:
+     case 0x20:
+     case 0xa0:
+     case 0x1680:
+     case 0x180e:
+     case 0x2000:
+     case 0x2001:
+     case 0x2002:
+     case 0x2003:
+     case 0x2004:
+     case 0x2005:
+     case 0x2006:
+     case 0x2007:
+     case 0x2008:
+     case 0x2009:
+     case 0x200A:
+     case 0x202f:
+     case 0x205f:
+     case 0x3000:
+     return op_code == OP_NOT_HSPACE;
+     default:
+     return op_code != OP_NOT_HSPACE;
+     }
+   case OP_ANYNL:
+   case OP_VSPACE:
+   case OP_NOT_VSPACE:
+   switch(next)
+     {
+     case 0x0a:
+     case 0x0b:
+     case 0x0c:
+     case 0x0d:
+     case 0x85:
+     case 0x2028:
+     case 0x2029:
+     return op_code == OP_NOT_VSPACE;
+     default:
+     return op_code != OP_NOT_VSPACE;
+     }
+ #ifdef SUPPORT_UCP
+   case OP_PROP:
+   return check_char_prop(next, previous[0], previous[1], FALSE);
+   case OP_NOTPROP:
+   return check_char_prop(next, previous[0], previous[1], TRUE);
+ #endif
    default:
    return FALSE;
    }
- /* Handle the case when the next item is \d, \s, etc. */
+ /* Handle the case when the next item is \d, \s, etc. Note that when PCRE_UCP
+ is set, \d turns into ESC_du rather than ESC_d, etc., so ESC_d etc. are
+ generated only when PCRE_UCP is *not* set, that is, when only ASCII
+ characteristics are recognized. Similarly, the opcodes OP_DIGIT etc. are
+ replaced by OP_PROP codes when PCRE_UCP is set. */
  switch(op_code)
    {
    case OP_CHAR:
    case OP_CHARNC:
  #ifdef SUPPORT_UTF8
-   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
+   GETCHARTEST(c, previous);
+ #else
+   c = *previous;
  #endif
    switch(-next)
      {
      case ESC_d:
-     return item > 127 || (cd->ctypes[item] & ctype_digit) == 0;
+     return c > 127 || (cd->ctypes[c] & ctype_digit) == 0;
      case ESC_D:
-     return item <= 127 && (cd->ctypes[item] & ctype_digit) != 0;
+     return c <= 127 && (cd->ctypes[c] & ctype_digit) != 0;
      case ESC_s:
-     return item > 127 || (cd->ctypes[item] & ctype_space) == 0;
+     return c > 127 || (cd->ctypes[c] & ctype_space) == 0;
      case ESC_S:
-     return item <= 127 && (cd->ctypes[item] & ctype_space) != 0;
+     return c <= 127 && (cd->ctypes[c] & ctype_space) != 0;
      case ESC_w:
-     return item > 127 || (cd->ctypes[item] & ctype_word) == 0;
+     return c > 127 || (cd->ctypes[c] & ctype_word) == 0;
      case ESC_W:
-     return item <= 127 && (cd->ctypes[item] & ctype_word) != 0;
+     return c <= 127 && (cd->ctypes[c] & ctype_word) != 0;
+     case ESC_h:
+     case ESC_H:
+     switch(c)
+       {
+       case 0x09:
+       case 0x20:
+       case 0xa0:
+       case 0x1680:
+       case 0x180e:
+       case 0x2000:
+       case 0x2001:
+       case 0x2002:
+       case 0x2003:
+       case 0x2004:
+       case 0x2005:
+       case 0x2006:
+       case 0x2007:
+       case 0x2008:
+       case 0x2009:
+       case 0x200A:
+       case 0x202f:
+       case 0x205f:
+       case 0x3000:
+       return -next != ESC_h;
+       default:
+       return -next == ESC_h;
+       }
+     case ESC_v:
+     case ESC_V:
+     switch(c)
+       {
+       case 0x0a:
+       case 0x0b:
+       case 0x0c:
+       case 0x0d:
+       case 0x85:
+       case 0x2028:
+       case 0x2029:
+       return -next != ESC_v;
+       default:
+       return -next == ESC_v;
+       }
+     /* When PCRE_UCP is set, these values get generated for \d etc. Find
+     their substitutions and process them. The result will always be either
+     -ESC_p or -ESC_P. Then fall through to process those values. */
+ #ifdef SUPPORT_UCP
+     case ESC_du:
+     case ESC_DU:
+     case ESC_wu:
+     case ESC_WU:
+     case ESC_su:
+     case ESC_SU:
+       {
+       int temperrorcode = 0;
+       ptr = substitutes[-next - ESC_DU];
+       next = check_escape(&ptr, &temperrorcode, 0, options, FALSE);
+       if (temperrorcode != 0) return FALSE;
+       ptr++;    /* For compatibility */
+       }
+     /* Fall through */
+     case ESC_p:
+     case ESC_P:
+       {
+       int ptype, pdata, errorcodeptr;
+       BOOL negated;
+       ptr--;      /* Make ptr point at the p or P */
+       ptype = get_ucp(&ptr, &negated, &pdata, &errorcodeptr);
+       if (ptype < 0) return FALSE;
+       ptr++;      /* Point past the final curly ket */
+       /* If the property item is optional, we have to give up. (When generated
+       from \d etc by PCRE_UCP, this test will have been applied much earlier,
+       to the original \d etc. At this point, ptr will point to a zero byte. */
+       if (*ptr == CHAR_ASTERISK || *ptr == CHAR_QUESTION_MARK ||
+         strncmp((char *)ptr, STR_LEFT_CURLY_BRACKET STR_0 STR_COMMA, 3) == 0)
+           return FALSE;
+       /* Do the property check. */
+       return check_char_prop(c, ptype, pdata, (next == -ESC_P) != negated);
+       }
+ #endif
      default:
      return FALSE;
      }
+   /* In principle, support for Unicode properties should be integrated here as
+   well. It means re-organizing the above code so as to get hold of the property
+   values before switching on the op-code. However, I wonder how many patterns
+   combine ASCII \d etc with Unicode properties? (Note that if PCRE_UCP is set,
+   these op-codes are never generated.) */
    case OP_DIGIT:
-   return next == -ESC_D || next == -ESC_s || next == -ESC_W;
+   return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
+          next == -ESC_h || next == -ESC_v || next == -ESC_R;
    case OP_NOT_DIGIT:
    return next == -ESC_d;
    case OP_WHITESPACE:
-   return next == -ESC_S || next == -ESC_d || next == -ESC_w;
+   return next == -ESC_S || next == -ESC_d || next == -ESC_w || next == -ESC_R;
    case OP_NOT_WHITESPACE:
-   return next == -ESC_s;
+   return next == -ESC_s || next == -ESC_h || next == -ESC_v;
+   case OP_HSPACE:
+   return next == -ESC_S || next == -ESC_H || next == -ESC_d ||
+          next == -ESC_w || next == -ESC_v || next == -ESC_R;
+   case OP_NOT_HSPACE:
+   return next == -ESC_h;
+   /* Can't have \S in here because VT matches \S (Perl anomaly) */
+   case OP_ANYNL:
+   case OP_VSPACE:
+   return next == -ESC_V || next == -ESC_d || next == -ESC_w;
+   case OP_NOT_VSPACE:
+   return next == -ESC_v || next == -ESC_R;
    case OP_WORDCHAR:
-   return next == -ESC_W || next == -ESC_s;
+   return next == -ESC_W || next == -ESC_s || next == -ESC_h ||
+          next == -ESC_v || next == -ESC_R;
    case OP_NOT_WORDCHAR:
    return next == -ESC_w || next == -ESC_d;
-Line 2040 
 BOOL inescq = FALSE;
+Line 2977 
 BOOL inescq = FALSE;
  BOOL groupsetfirstbyte = FALSE;
  const uschar *ptr = *ptrptr;
  const uschar *tempptr;
+ const uschar *nestptr = NULL;
  uschar *previous = NULL;
  uschar *previous_callout = NULL;
  uschar *save_hwm = NULL;
-Line 2049 
 uschar classbits[32];
+Line 2987 
 uschar classbits[32];
  BOOL class_utf8;
  BOOL utf8 = (options & PCRE_UTF8) != 0;
  uschar *class_utf8data;
+ uschar *class_utf8data_base;
  uschar utf8_char[6];
  #else
  BOOL utf8 = FALSE;
  uschar *utf8_char = NULL;
  #endif
- #ifdef DEBUG
+ #ifdef PCRE_DEBUG
  if (lengthptr != NULL) DPRINTF((">> start branch\n"));
  #endif
-Line 2088 
 req_caseopt = ((options & PCRE_CASELESS)
+Line 3027 
 req_caseopt = ((options & PCRE_CASELESS)
  for (;; ptr++)
    {
    BOOL negate_class;
+   BOOL should_flip_negation;
    BOOL possessive_quantifier;
    BOOL is_quantifier;
    BOOL is_recurse;
+   BOOL reset_bracount;
    int class_charcount;
    int class_lastchar;
    int newoptions;
    int recno;
+   int refsign;
    int skipbytes;
    int subreqbyte;
    int subfirstbyte;
-Line 2106 
 for (;; ptr++)
+Line 3048 
 for (;; ptr++)
    c = *ptr;
+   /* If we are at the end of a nested substitution, revert to the outer level
+   string. Nesting only happens one level deep. */
+   if (c == 0 && nestptr != NULL)
+     {
+     ptr = nestptr;
+     nestptr = NULL;
+     c = *ptr;
+     }
    /* If we are in the pre-compile phase, accumulate the length used for the
    previous cycle of this loop. */
    if (lengthptr != NULL)
      {
- #ifdef DEBUG
+ #ifdef PCRE_DEBUG
      if (code > cd->hwm) cd->hwm = code;                 /* High water info */
  #endif
-     if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
+     if (code > cd->start_workspace + WORK_SIZE_CHECK)   /* Check for overrun */
        {
        *errorcodeptr = ERR52;
        goto FAILED;
-Line 2127 
 for (;; ptr++)
+Line 3079 
 for (;; ptr++)
      */
      if (code < last_code) code = last_code;
-     *lengthptr += code - last_code;
+     /* Paranoid check for integer overflow */
+     if (OFLOW_MAX - *lengthptr < code - last_code)
+       {
+       *errorcodeptr = ERR20;
+       goto FAILED;
+       }
+     *lengthptr += (int)(code - last_code);
      DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));
      /* If "previous" is set and it is not at the start of the work space, move
-Line 2154 
 for (;; ptr++)
+Line 3115 
 for (;; ptr++)
    /* In the real compile phase, just check the workspace used by the forward
    reference list. */
-   else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
+   else if (cd->hwm > cd->start_workspace + WORK_SIZE_CHECK)
      {
      *errorcodeptr = ERR52;
      goto FAILED;
-Line 2164 
 for (;; ptr++)
+Line 3125 
 for (;; ptr++)
    if (inescq && c != 0)
      {
-     if (c == '\\' && ptr[1] == 'E')
+     if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)
        {
        inescq = FALSE;
        ptr++;
-Line 2190 
 for (;; ptr++)
+Line 3151 
 for (;; ptr++)
    /* Fill in length of a previous callout, except when the next thing is
    a quantifier. */
-   is_quantifier = c == '*' || c == '+' || c == '?' ||
+   is_quantifier =
-     (c == '{' && is_counted_repeat(ptr+1));
+     c == CHAR_ASTERISK || c == CHAR_PLUS || c == CHAR_QUESTION_MARK ||
+     (c == CHAR_LEFT_CURLY_BRACKET && is_counted_repeat(ptr+1));
    if (!is_quantifier && previous_callout != NULL &&
         after_manual_callout-- <= 0)
-Line 2206 
 for (;; ptr++)
+Line 3168 
 for (;; ptr++)
    if ((options & PCRE_EXTENDED) != 0)
      {
      if ((cd->ctypes[c] & ctype_space) != 0) continue;
-     if (c == '#')
+     if (c == CHAR_NUMBER_SIGN)
        {
-       while (*(++ptr) != 0)
+       ptr++;
+       while (*ptr != 0)
          {
          if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
+         ptr++;
+ #ifdef SUPPORT_UTF8
+         if (utf8) while ((*ptr & 0xc0) == 0x80) ptr++;
+ #endif
          }
        if (*ptr != 0) continue;
-Line 2231 
 for (;; ptr++)
+Line 3198 
 for (;; ptr++)
      {
      /* ===================================================================*/
      case 0:                        /* The branch terminates at string end */
-     case '|':                      /* or | or ) */
+     case CHAR_VERTICAL_LINE:       /* or | or ) */
-     case ')':
+     case CHAR_RIGHT_PARENTHESIS:
      *firstbyteptr = firstbyte;
      *reqbyteptr = reqbyte;
      *codeptr = code;
      *ptrptr = ptr;
      if (lengthptr != NULL)
        {
-       *lengthptr += code - last_code;   /* To include callout length */
+       if (OFLOW_MAX - *lengthptr < code - last_code)
+         {
+         *errorcodeptr = ERR20;
+         goto FAILED;
+         }
+       *lengthptr += (int)(code - last_code);   /* To include callout length */
        DPRINTF((">> end branch\n"));
        }
      return TRUE;
-Line 2249 
 for (;; ptr++)
+Line 3221 
 for (;; ptr++)
      /* Handle single-character metacharacters. In multiline mode, ^ disables
      the setting of any following char as a first character. */
-     case '^':
+     case CHAR_CIRCUMFLEX_ACCENT:
      if ((options & PCRE_MULTILINE) != 0)
        {
        if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
-Line 2258 
 for (;; ptr++)
+Line 3230 
 for (;; ptr++)
      *code++ = OP_CIRC;
      break;
-     case '$':
+     case CHAR_DOLLAR_SIGN:
      previous = NULL;
      *code++ = OP_DOLL;
      break;
-Line 2266 
 for (;; ptr++)
+Line 3238 
 for (;; ptr++)
      /* There can never be a first char if '.' is first, whatever happens about
      repeats. The value of reqbyte doesn't change either. */
-     case '.':
+     case CHAR_DOT:
      if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
      zerofirstbyte = firstbyte;
      zeroreqbyte = reqbyte;
      previous = code;
-     *code++ = OP_ANY;
+     *code++ = ((options & PCRE_DOTALL) != 0)? OP_ALLANY: OP_ANY;
      break;
-Line 2286 
 for (;; ptr++)
+Line 3258 
 for (;; ptr++)
      opcode is compiled. It may optionally have a bit map for characters < 256,
      but those above are are explicitly listed afterwards. A flag byte tells
      whether the bitmap is present, and whether this is a negated class or not.
-     */
-     case '[':
+     In JavaScript compatibility mode, an isolated ']' causes an error. In
+     default (Perl) mode, it is treated as a data character. */
+     case CHAR_RIGHT_SQUARE_BRACKET:
+     if ((cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
+       {
+       *errorcodeptr = ERR64;
+       goto FAILED;
+       }
+     goto NORMAL_CHAR;
+     case CHAR_LEFT_SQUARE_BRACKET:
      previous = code;
      /* PCRE supports POSIX class stuff inside a class. Perl gives an error if
      they are encountered at the top level, so we'll do that too. */
-     if ((ptr[1] == ':' || ptr[1] == '.' || ptr[1] == '=') &&
+     if ((ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
-         check_posix_syntax(ptr, &tempptr, cd))
+          ptr[1] == CHAR_EQUALS_SIGN) &&
+         check_posix_syntax(ptr, &tempptr))
        {
-       *errorcodeptr = (ptr[1] == ':')? ERR13 : ERR31;
+       *errorcodeptr = (ptr[1] == CHAR_COLON)? ERR13 : ERR31;
        goto FAILED;
        }
-     /* If the first character is '^', set the negation flag and skip it. */
+     /* If the first character is '^', set the negation flag and skip it. Also,
+     if the first few characters (either before or after ^) are \Q\E or \E we
+     skip them too. This makes for compatibility with Perl. */
-     if ((c = *(++ptr)) == '^')
+     negate_class = FALSE;
+     for (;;)
        {
-       negate_class = TRUE;
        c = *(++ptr);
+       if (c == CHAR_BACKSLASH)
+         {
+         if (ptr[1] == CHAR_E)
+           ptr++;
+         else if (strncmp((const char *)ptr+1,
+                           STR_Q STR_BACKSLASH STR_E, 3) == 0)
+           ptr += 3;
+         else
+           break;
+         }
+       else if (!negate_class && c == CHAR_CIRCUMFLEX_ACCENT)
+         negate_class = TRUE;
+       else break;
        }
-     else
+     /* Empty classes are allowed in JavaScript compatibility mode. Otherwise,
+     an initial ']' is taken as a data character -- the code below handles
+     that. In JS mode, [] must always fail, so generate OP_FAIL, whereas
+     [^] must match any character, so generate OP_ALLANY. */
+     if (c == CHAR_RIGHT_SQUARE_BRACKET &&
+         (cd->external_options & PCRE_JAVASCRIPT_COMPAT) != 0)
        {
-       negate_class = FALSE;
+       *code++ = negate_class? OP_ALLANY : OP_FAIL;
+       if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
+       zerofirstbyte = firstbyte;
+       break;
        }
+     /* If a class contains a negative special such as \S, we need to flip the
+     negation flag at the end, so that support for characters > 255 works
+     correctly (they are all included in the class). */
+     should_flip_negation = FALSE;
      /* Keep a count of chars with values < 256 so that we can optimize the case
      of just a single character (as long as it's < 256). However, For higher
      valued UTF-8 characters, we don't yet do any optimization. */
-Line 2330 
 for (;; ptr++)
+Line 3344 
 for (;; ptr++)
  #ifdef SUPPORT_UTF8
      class_utf8 = FALSE;                       /* No chars >= 256 */
      class_utf8data = code + LINK_SIZE + 2;    /* For UTF-8 items */
+     class_utf8data_base = class_utf8data;     /* For resetting in pass 1 */
  #endif
      /* Process characters until ] is reached. By writing this as a "do" it
-Line 2345 
 for (;; ptr++)
+Line 3360 
 for (;; ptr++)
          {                           /* Braces are required because the */
          GETCHARLEN(c, ptr, ptr);    /* macro generates multiple statements */
          }
+       /* In the pre-compile phase, accumulate the length of any UTF-8 extra
+       data and reset the pointer. This is so that very large classes that
+       contain a zillion UTF-8 characters no longer overwrite the work space
+       (which is on the stack). */
+       if (lengthptr != NULL)
+         {
+         *lengthptr += class_utf8data - class_utf8data_base;
+         class_utf8data = class_utf8data_base;
+         }
  #endif
        /* Inside \Q...\E everything is literal except \E */
        if (inescq)
          {
-         if (c == '\\' && ptr[1] == 'E')     /* If we are at \E */
+         if (c == CHAR_BACKSLASH && ptr[1] == CHAR_E)  /* If we are at \E */
            {
            inescq = FALSE;                   /* Reset literal state */
            ptr++;                            /* Skip the 'E' */
-Line 2366 
 for (;; ptr++)
+Line 3393 
 for (;; ptr++)
        [.ch.] and [=ch=] ("collating elements") and fault them, as Perl
 .6 and 5.8 do. */
-       if (c == '[' &&
+       if (c == CHAR_LEFT_SQUARE_BRACKET &&
-           (ptr[1] == ':' || ptr[1] == '.' || ptr[1] == '=') &&
+           (ptr[1] == CHAR_COLON || ptr[1] == CHAR_DOT ||
-           check_posix_syntax(ptr, &tempptr, cd))
+            ptr[1] == CHAR_EQUALS_SIGN) && check_posix_syntax(ptr, &tempptr))
          {
          BOOL local_negate = FALSE;
          int posix_class, taboffset, tabopt;
          register const uschar *cbits = cd->cbits;
          uschar pbits[32];
-         if (ptr[1] != ':')
+         if (ptr[1] != CHAR_COLON)
            {
            *errorcodeptr = ERR31;
            goto FAILED;
            }
          ptr += 2;
-         if (*ptr == '^')
+         if (*ptr == CHAR_CIRCUMFLEX_ACCENT)
            {
            local_negate = TRUE;
+           should_flip_negation = TRUE;  /* Note negative special */
            ptr++;
            }
-         posix_class = check_posix_name(ptr, tempptr - ptr);
+         posix_class = check_posix_name(ptr, (int)(tempptr - ptr));
          if (posix_class < 0)
            {
            *errorcodeptr = ERR30;
-Line 2402 
 for (;; ptr++)
+Line 3430 
 for (;; ptr++)
          if ((options & PCRE_CASELESS) != 0 && posix_class <= 2)
            posix_class = 0;
-         /* We build the bit map for the POSIX class in a chunk of local store
+         /* When PCRE_UCP is set, some of the POSIX classes are converted to
-         because we may be adding and subtracting from it, and we don't want to
+         different escape sequences that use Unicode properties. */
-         subtract bits that may be in the main map already. At the end we or the
-         result into the bit map that is being built. */
+ #ifdef SUPPORT_UCP
+         if ((options & PCRE_UCP) != 0)
+           {
+           int pc = posix_class + ((local_negate)? POSIX_SUBSIZE/2 : 0);
+           if (posix_substitutes[pc] != NULL)
+             {
+             nestptr = tempptr + 1;
+             ptr = posix_substitutes[pc] - 1;
+             continue;
+             }
+           }
+ #endif
+         /* In the non-UCP case, we build the bit map for the POSIX class in a
+         chunk of local store because we may be adding and subtracting from it,
+         and we don't want to subtract bits that may be in the main map already.
+         At the end we or the result into the bit map that is being built. */
          posix_class *= 3;
-Line 2449 
 for (;; ptr++)
+Line 3492 
 for (;; ptr++)
        /* Backslash may introduce a single character, or it may introduce one
        of the specials, which just set a flag. The sequence \b is a special
-       case. Inside a class (and only there) it is treated as backspace.
+       case. Inside a class (and only there) it is treated as backspace. We
-       Elsewhere it marks a word boundary. Other escapes have preset maps ready
+       assume that other escapes have more than one character in them, so set
-       to or into the one we are building. We assume they have more than one
+       class_charcount bigger than one. Unrecognized escapes fall through and
-       character in them, so set class_charcount bigger than one. */
+       are either treated as literal characters (by default), or are faulted if
+       PCRE_EXTRA is set. */
-       if (c == '\\')
+       if (c == CHAR_BACKSLASH)
          {
          c = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
          if (*errorcodeptr != 0) goto FAILED;
-         if (-c == ESC_b) c = '\b';       /* \b is backslash in a class */
+         if (-c == ESC_b) c = CHAR_BS;    /* \b is backspace in a class */
-         else if (-c == ESC_X) c = 'X';   /* \X is literal X in a class */
-         else if (-c == ESC_R) c = 'R';   /* \R is literal R in a class */
          else if (-c == ESC_Q)            /* Handle start of quoted string */
            {
-           if (ptr[1] == '\\' && ptr[2] == 'E')
+           if (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
              {
              ptr += 2; /* avoid empty string */
              }
            else inescq = TRUE;
            continue;
            }
+         else if (-c == ESC_E) continue;  /* Ignore orphan \E */
          if (c < 0)
            {
            register const uschar *cbits = cd->cbits;
            class_charcount += 2;     /* Greater than 1 is what matters */
-           /* Save time by not doing this in the pre-compile phase. */
+           switch (-c)
-           if (lengthptr == NULL) switch (-c)
              {
+ #ifdef SUPPORT_UCP
+             case ESC_du:     /* These are the values given for \d etc */
+             case ESC_DU:     /* when PCRE_UCP is set. We replace the */
+             case ESC_wu:     /* escape sequence with an appropriate \p */
+             case ESC_WU:     /* or \P to test Unicode properties instead */
+             case ESC_su:     /* of the default ASCII testing. */
+             case ESC_SU:
+             nestptr = ptr;
+             ptr = substitutes[-c - ESC_DU] - 1;  /* Just before substitute */
+             class_charcount -= 2;                /* Undo! */
+             continue;
+ #endif
              case ESC_d:
              for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
              continue;
              case ESC_D:
+             should_flip_negation = TRUE;
              for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_digit];
              continue;
-Line 2494 
 for (;; ptr++)
+Line 3548 
 for (;; ptr++)
              continue;
              case ESC_W:
+             should_flip_negation = TRUE;
              for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_word];
              continue;
+             /* Perl 5.004 onwards omits VT from \s, but we must preserve it
+             if it was previously set by something earlier in the character
+             class. */
              case ESC_s:
-             for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
+             classbits[0] |= cbits[cbit_space];
-             classbits[1] &= ~0x08;   /* Perl 5.004 onwards omits VT from \s */
+             classbits[1] |= cbits[cbit_space+1] & ~0x08;
+             for (c = 2; c < 32; c++) classbits[c] |= cbits[c+cbit_space];
              continue;
              case ESC_S:
+             should_flip_negation = TRUE;
              for (c = 0; c < 32; c++) classbits[c] |= ~cbits[c+cbit_space];
              classbits[1] |= 0x08;    /* Perl 5.004 onwards omits VT from \s */
              continue;
-             case ESC_E: /* Perl ignores an orphan \E */
+             case ESC_h:
+             SETBIT(classbits, 0x09); /* VT */
+             SETBIT(classbits, 0x20); /* SPACE */
+             SETBIT(classbits, 0xa0); /* NSBP */
+ #ifdef SUPPORT_UTF8
+             if (utf8)
+               {
+               class_utf8 = TRUE;
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x1680, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x180e, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2000, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x200A, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x202f, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x205f, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x3000, class_utf8data);
+               }
+ #endif
              continue;
-             default:    /* Not recognized; fall through */
+             case ESC_H:
-             break;      /* Need "default" setting to stop compiler warning. */
+             for (c = 0; c < 32; c++)
-             }
+               {
+               int x = 0xff;
+               switch (c)
+                 {
+                 case 0x09/8: x ^= 1 << (0x09%8); break;
+                 case 0x20/8: x ^= 1 << (0x20%8); break;
+                 case 0xa0/8: x ^= 1 << (0xa0%8); break;
+                 default: break;
+                 }
+               classbits[c] |= x;
+               }
-           /* In the pre-compile phase, just do the recognition. */
+ #ifdef SUPPORT_UTF8
+             if (utf8)
+               {
+               class_utf8 = TRUE;
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x167f, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x1681, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x180d, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x180f, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x1fff, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x200B, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x202e, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2030, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x205e, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2060, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x2fff, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x3001, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
+               }
+ #endif
+             continue;
-           else if (c == -ESC_d || c == -ESC_D || c == -ESC_w ||
+             case ESC_v:
-                    c == -ESC_W || c == -ESC_s || c == -ESC_S) continue;
+             SETBIT(classbits, 0x0a); /* LF */
+             SETBIT(classbits, 0x0b); /* VT */
+             SETBIT(classbits, 0x0c); /* FF */
+             SETBIT(classbits, 0x0d); /* CR */
+             SETBIT(classbits, 0x85); /* NEL */
+ #ifdef SUPPORT_UTF8
+             if (utf8)
+               {
+               class_utf8 = TRUE;
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2028, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
+               }
+ #endif
+             continue;
-           /* We need to deal with \P and \p in both phases. */
+             case ESC_V:
+             for (c = 0; c < 32; c++)
+               {
+               int x = 0xff;
+               switch (c)
+                 {
+                 case 0x0a/8: x ^= 1 << (0x0a%8);
+                              x ^= 1 << (0x0b%8);
+                              x ^= 1 << (0x0c%8);
+                              x ^= 1 << (0x0d%8);
+                              break;
+                 case 0x85/8: x ^= 1 << (0x85%8); break;
+                 default: break;
+                 }
+               classbits[c] |= x;
+               }
- #ifdef SUPPORT_UCP
+ #ifdef SUPPORT_UTF8
-           if (-c == ESC_p || -c == ESC_P)
+             if (utf8)
-             {
+               {
-             BOOL negated;
+               class_utf8 = TRUE;
-             int pdata;
+               *class_utf8data++ = XCL_RANGE;
-             int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
+               class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
-             if (ptype < 0) goto FAILED;
+               class_utf8data += _pcre_ord2utf8(0x2027, class_utf8data);
-             class_utf8 = TRUE;
+               *class_utf8data++ = XCL_RANGE;
-             *class_utf8data++ = ((-c == ESC_p) != negated)?
+               class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
-               XCL_PROP : XCL_NOTPROP;
+               class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
-             *class_utf8data++ = ptype;
+               }
-             *class_utf8data++ = pdata;
+ #endif
-             class_charcount -= 2;   /* Not a < 256 character */
              continue;
-             }
+ #ifdef SUPPORT_UCP
+             case ESC_p:
+             case ESC_P:
+               {
+               BOOL negated;
+               int pdata;
+               int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
+               if (ptype < 0) goto FAILED;
+               class_utf8 = TRUE;
+               *class_utf8data++ = ((-c == ESC_p) != negated)?
+                 XCL_PROP : XCL_NOTPROP;
+               *class_utf8data++ = ptype;
+               *class_utf8data++ = pdata;
+               class_charcount -= 2;   /* Not a < 256 character */
+               continue;
+               }
  #endif
-           /* Unrecognized escapes are faulted if PCRE is running in its
+             /* Unrecognized escapes are faulted if PCRE is running in its
-           strict mode. By default, for compatibility with Perl, they are
+             strict mode. By default, for compatibility with Perl, they are
-           treated as literals. */
+             treated as literals. */
-           if ((options & PCRE_EXTRA) != 0)
+             default:
-             {
+             if ((options & PCRE_EXTRA) != 0)
-             *errorcodeptr = ERR7;
+               {
-             goto FAILED;
+               *errorcodeptr = ERR7;
+               goto FAILED;
+               }
+             class_charcount -= 2;  /* Undo the default count from above */
+             c = *ptr;              /* Get the final character and fall through */
+             break;
              }
-           class_charcount -= 2;  /* Undo the default count from above */
-           c = *ptr;              /* Get the final character and fall through */
            }
          /* Fall through if we have a single character (c >= 0). This may be
-Line 2562 
 for (;; ptr++)
+Line 3728 
 for (;; ptr++)
        entirely. The code for handling \Q and \E is messy. */
        CHECK_RANGE:
-       while (ptr[1] == '\\' && ptr[2] == 'E')
+       while (ptr[1] == CHAR_BACKSLASH && ptr[2] == CHAR_E)
          {
          inescq = FALSE;
          ptr += 2;
-Line 2570 
 for (;; ptr++)
+Line 3736 
 for (;; ptr++)
        oldptr = ptr;
-       if (!inescq && ptr[1] == '-')
+       /* Remember \r or \n */
+       if (c == CHAR_CR || c == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
+       /* Check for range */
+       if (!inescq && ptr[1] == CHAR_MINUS)
          {
          int d;
          ptr += 2;
-         while (*ptr == '\\' && ptr[1] == 'E') ptr += 2;
+         while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E) ptr += 2;
          /* If we hit \Q (not followed by \E) at this point, go into escaped
          mode. */
-         while (*ptr == '\\' && ptr[1] == 'Q')
+         while (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_Q)
            {
            ptr += 2;
-           if (*ptr == '\\' && ptr[1] == 'E') { ptr += 2; continue; }
+           if (*ptr == CHAR_BACKSLASH && ptr[1] == CHAR_E)
+             { ptr += 2; continue; }
            inescq = TRUE;
            break;
            }
-         if (*ptr == 0 || (!inescq && *ptr == ']'))
+         if (*ptr == 0 || (!inescq && *ptr == CHAR_RIGHT_SQUARE_BRACKET))
            {
            ptr = oldptr;
            goto LONE_SINGLE_CHARACTER;
-Line 2606 
 for (;; ptr++)
+Line 3779 
 for (;; ptr++)
          not any of the other escapes. Perl 5.6 treats a hyphen as a literal
          in such circumstances. */
-         if (!inescq && d == '\\')
+         if (!inescq && d == CHAR_BACKSLASH)
            {
            d = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
            if (*errorcodeptr != 0) goto FAILED;
-           /* \b is backslash; \X is literal X; \R is literal R; any other
+           /* \b is backspace; any other special means the '-' was literal */
-           special means the '-' was literal */
            if (d < 0)
              {
-             if (d == -ESC_b) d = '\b';
+             if (d == -ESC_b) d = CHAR_BS; else
-             else if (d == -ESC_X) d = 'X';
-             else if (d == -ESC_R) d = 'R'; else
                {
                ptr = oldptr;
                goto LONE_SINGLE_CHARACTER;  /* A few lines below */
-Line 2637 
 for (;; ptr++)
+Line 3807 
 for (;; ptr++)
          if (d == c) goto LONE_SINGLE_CHARACTER;  /* A few lines below */
+         /* Remember \r or \n */
+         if (d == CHAR_CR || d == CHAR_NL) cd->external_flags |= PCRE_HASCRORLF;
          /* In UTF-8 mode, if the upper limit is > 255, or > 127 for caseless
          matching, we have to use an XCLASS with extra data items. Caseless
          matching for characters > 127 is available only if UCP support is
-Line 2659 
 for (;; ptr++)
+Line 3833 
 for (;; ptr++)
              unsigned int origd = d;
              while (get_othercase_range(&cc, origd, &occ, &ocd))
                {
-               if (occ >= c && ocd <= d) continue;  /* Skip embedded ranges */
+               if (occ >= (unsigned int)c &&
+                   ocd <= (unsigned int)d)
+                 continue;                          /* Skip embedded ranges */
-               if (occ < c  && ocd >= c - 1)        /* Extend the basic range */
+               if (occ < (unsigned int)c  &&
+                   ocd >= (unsigned int)c - 1)      /* Extend the basic range */
                  {                                  /* if there is overlap,   */
                  c = occ;                           /* noting that if occ < c */
                  continue;                          /* we can't have ocd > d  */
                  }                                  /* because a subrange is  */
-               if (ocd > d && occ <= d + 1)         /* always shorter than    */
+               if (ocd > (unsigned int)d &&
+                   occ <= (unsigned int)d + 1)      /* always shorter than    */
                  {                                  /* the basic range.       */
                  d = ocd;
                  continue;
-Line 2751 
 for (;; ptr++)
+Line 3929 
 for (;; ptr++)
          if ((options & PCRE_CASELESS) != 0)
            {
            unsigned int othercase;
-           if ((othercase = _pcre_ucp_othercase(c)) != NOTACHAR)
+           if ((othercase = UCD_OTHERCASE(c)) != c)
              {
              *class_utf8data++ = XCL_SINGLE;
              class_utf8data += _pcre_ord2utf8(othercase, class_utf8data);
-Line 2776 
 for (;; ptr++)
+Line 3954 
 for (;; ptr++)
          }
        }
-     /* Loop until ']' reached. This "while" is the end of the "do" above. */
+     /* Loop until ']' reached. This "while" is the end of the "do" far above.
+     If we are at the end of an internal nested string, revert to the outer
+     string. */
+     while (((c = *(++ptr)) != 0 ||
+            (nestptr != NULL &&
+              (ptr = nestptr, nestptr = NULL, c = *(++ptr)) != 0)) &&
+            (c != CHAR_RIGHT_SQUARE_BRACKET || inescq));
-     while ((c = *(++ptr)) != 0 && (c != ']' || inescq));
+     /* Check for missing terminating ']' */
-     if (c == 0)                          /* Missing terminating ']' */
+     if (c == 0)
        {
        *errorcodeptr = ERR6;
        goto FAILED;
        }
      /* If class_charcount is 1, we saw precisely one character whose value is
-     less than 256. In non-UTF-8 mode we can always optimize. In UTF-8 mode, we
+     less than 256. As long as there were no characters >= 128 and there was no
-     can optimize the negative case only if there were no characters >= 128
+     use of \p or \P, in other words, no use of any XCLASS features, we can
-     because OP_NOT and the related opcodes like OP_NOTSTAR operate on
+     optimize.
-     single-bytes only. This is an historical hangover. Maybe one day we can
-     tidy these opcodes to handle multi-byte characters.
+     In UTF-8 mode, we can optimize the negative case only if there were no
+     characters >= 128 because OP_NOT and the related opcodes like OP_NOTSTAR
+     operate on single-bytes only. This is an historical hangover. Maybe one day
+     we can tidy these opcodes to handle multi-byte characters.
      The optimization throws away the bit map. We turn the item into a
 -character OP_CHAR[NC] if it's positive, or OP_NOT if it's negative. Note
-Line 2801 
 for (;; ptr++)
+Line 3989 
 for (;; ptr++)
      reqbyte, save the previous value for reinstating. */
  #ifdef SUPPORT_UTF8
-     if (class_charcount == 1 &&
+     if (class_charcount == 1 && !class_utf8 &&
-           (!utf8 ||
+       (!utf8 || !negate_class || class_lastchar < 128))
-           (!class_utf8 && (!negate_class || class_lastchar < 128))))
  #else
      if (class_charcount == 1)
  #endif
-Line 2847 
 for (;; ptr++)
+Line 4033 
 for (;; ptr++)
      zeroreqbyte = reqbyte;
      /* If there are characters with values > 255, we have to compile an
-     extended class, with its own opcode. If there are no characters < 256,
+     extended class, with its own opcode, unless there was a negated special
-     we can omit the bitmap in the actual compiled code. */
+     such as \S in the class, and PCRE_UCP is not set, because in that case all
+     characters > 255 are in the class, so any that were explicitly given as
+     well can be ignored. If (when there are explicit characters > 255 that must
+     be listed) there are no characters < 256, we can omit the bitmap in the
+     actual compiled code. */
  #ifdef SUPPORT_UTF8
-     if (class_utf8)
+     if (class_utf8 && (!should_flip_negation || (options & PCRE_UCP) != 0))
        {
        *class_utf8data++ = XCL_END;    /* Marks the end of extra data */
        *code++ = OP_XCLASS;
-Line 2877 
 for (;; ptr++)
+Line 4067 
 for (;; ptr++)
        }
  #endif
-     /* If there are no characters > 255, negate the 32-byte map if necessary,
+     /* If there are no characters > 255, or they are all to be included or
-     and copy it into the code vector. If this is the first thing in the branch,
+     excluded, set the opcode to OP_CLASS or OP_NCLASS, depending on whether the
-     there can be no first char setting, whatever the repeat count. Any reqbyte
+     whole class was negated and whether there were negative specials such as \S
-     setting must remain unchanged after any kind of repeat. */
+     (non-UCP) in the class. Then copy the 32-byte map into the code vector,
+     negating it if necessary. */
+     *code++ = (negate_class == should_flip_negation) ? OP_CLASS : OP_NCLASS;
      if (negate_class)
        {
-       *code++ = OP_NCLASS;
        if (lengthptr == NULL)    /* Save time in the pre-compile phase */
          for (c = 0; c < 32; c++) code[c] = ~classbits[c];
        }
      else
        {
-       *code++ = OP_CLASS;
        memcpy(code, classbits, 32);
        }
      code += 32;
-Line 2901 
 for (;; ptr++)
+Line 4091 
 for (;; ptr++)
      /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
      has been tested above. */
-     case '{':
+     case CHAR_LEFT_CURLY_BRACKET:
      if (!is_quantifier) goto NORMAL_CHAR;
      ptr = read_repeat_counts(ptr+1, &repeat_min, &repeat_max, errorcodeptr);
      if (*errorcodeptr != 0) goto FAILED;
      goto REPEAT;
-     case '*':
+     case CHAR_ASTERISK:
      repeat_min = 0;
      repeat_max = -1;
      goto REPEAT;
-     case '+':
+     case CHAR_PLUS:
      repeat_min = 1;
      repeat_max = -1;
      goto REPEAT;
-     case '?':
+     case CHAR_QUESTION_MARK:
      repeat_min = 0;
      repeat_max = 1;
-Line 2952 
 for (;; ptr++)
+Line 4142 
 for (;; ptr++)
      but if PCRE_UNGREEDY is set, it works the other way round. We change the
      repeat type to the non-default. */
-     if (ptr[1] == '+')
+     if (ptr[1] == CHAR_PLUS)
        {
        repeat_type = 0;                  /* Force greedy */
        possessive_quantifier = TRUE;
        ptr++;
        }
-     else if (ptr[1] == '?')
+     else if (ptr[1] == CHAR_QUESTION_MARK)
        {
        repeat_type = greedy_non_default;
        ptr++;
-Line 3005 
 for (;; ptr++)
+Line 4195 
 for (;; ptr++)
        if (!possessive_quantifier &&
            repeat_max < 0 &&
-           check_auto_possessive(*previous, c, utf8, utf8_char, ptr + 1,
+           check_auto_possessive(previous, utf8, ptr + 1, options, cd))
-             options, cd))
          {
          repeat_type = 0;    /* Force greedy */
          possessive_quantifier = TRUE;
-Line 3027 
 for (;; ptr++)
+Line 4216 
 for (;; ptr++)
        c = previous[1];
        if (!possessive_quantifier &&
            repeat_max < 0 &&
-           check_auto_possessive(OP_NOT, c, utf8, NULL, ptr + 1, options, cd))
+           check_auto_possessive(previous, utf8, ptr + 1, options, cd))
          {
          repeat_type = 0;    /* Force greedy */
          possessive_quantifier = TRUE;
-Line 3051 
 for (;; ptr++)
+Line 4240 
 for (;; ptr++)
        if (!possessive_quantifier &&
            repeat_max < 0 &&
-           check_auto_possessive(c, 0, utf8, NULL, ptr + 1, options, cd))
+           check_auto_possessive(previous, utf8, ptr + 1, options, cd))
          {
          repeat_type = 0;    /* Force greedy */
          possessive_quantifier = TRUE;
-Line 3073 
 for (;; ptr++)
+Line 4262 
 for (;; ptr++)
        if (repeat_max == 0) goto END_REPEAT;
+       /*--------------------------------------------------------------------*/
+       /* This code is obsolete from release 8.00; the restriction was finally
+       removed: */
        /* All real repeats make it impossible to handle partial matching (maybe
        one day we will be able to remove this restriction). */
-       if (repeat_max != 1) cd->nopartial = TRUE;
+       /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
+       /*--------------------------------------------------------------------*/
        /* Combine the op_type with the repeat_type */
-Line 3223 
 for (;; ptr++)
+Line 4417 
 for (;; ptr++)
          goto END_REPEAT;
          }
+       /*--------------------------------------------------------------------*/
+       /* This code is obsolete from release 8.00; the restriction was finally
+       removed: */
        /* All real repeats make it impossible to handle partial matching (maybe
        one day we will be able to remove this restriction). */
-       if (repeat_max != 1) cd->nopartial = TRUE;
+       /* if (repeat_max != 1) cd->external_flags |= PCRE_NOPARTIAL; */
+       /*--------------------------------------------------------------------*/
        if (repeat_min == 0 && repeat_max == -1)
          *code++ = OP_CRSTAR + repeat_type;
-Line 3251 
 for (;; ptr++)
+Line 4450 
 for (;; ptr++)
        {
        register int i;
        int ketoffset = 0;
-       int len = code - previous;
+       int len = (int)(code - previous);
        uschar *bralink = NULL;
        /* Repeating a DEFINE group is pointless */
-Line 3262 
 for (;; ptr++)
+Line 4461 
 for (;; ptr++)
          goto FAILED;
          }
-       /* This is a paranoid check to stop integer overflow later on */
-       if (len > MAX_DUPLENGTH)
-         {
-         *errorcodeptr = ERR50;
-         goto FAILED;
-         }
        /* If the maximum repeat count is unlimited, find the end of the bracket
        by scanning through from the start, and compute the offset back to it
        from the current code pointer. There may be an OP_OPT setting following
-Line 3280 
 for (;; ptr++)
+Line 4471 
 for (;; ptr++)
          {
          register uschar *ket = previous;
          do ket += GET(ket, 1); while (*ket != OP_KET);
-         ketoffset = code - ket;
+         ketoffset = (int)(code - ket);
          }
        /* The case of a zero minimum is special because of the need to stick
-Line 3292 
 for (;; ptr++)
+Line 4483 
 for (;; ptr++)
        if (repeat_min == 0)
          {
-         /* If the maximum is also zero, we just omit the group from the output
+         /* If the maximum is also zero, we used to just omit the group from the
-         altogether. */
+         output altogether, like this:
-         if (repeat_max == 0)
+         ** if (repeat_max == 0)
-           {
+         **   {
-           code = previous;
+         **   code = previous;
-           goto END_REPEAT;
+         **   goto END_REPEAT;
-           }
+         **   }
+         However, that fails when a group is referenced as a subroutine from
+         elsewhere in the pattern, so now we stick in OP_SKIPZERO in front of it
+         so that it is skipped on execution. As we don't have a list of which
+         groups are referenced, we cannot do this selectively.
+         If the maximum is 1 or unlimited, we just have to stick in the BRAZERO
+         and do no more at this point. However, we do need to adjust any
+         OP_RECURSE calls inside the group that refer to the group itself or any
+         internal or forward referenced group, because the offset is from the
+         start of the whole regex. Temporarily terminate the pattern while doing
+         this. */
-         /* If the maximum is 1 or unlimited, we just have to stick in the
+         if (repeat_max <= 1)    /* Covers 0, 1, and unlimited */
-         BRAZERO and do no more at this point. However, we do need to adjust
-         any OP_RECURSE calls inside the group that refer to the group itself or
-         any internal or forward referenced group, because the offset is from
-         the start of the whole regex. Temporarily terminate the pattern while
-         doing this. */
-         if (repeat_max <= 1)
            {
            *code = OP_END;
            adjust_recurse(previous, 1, utf8, cd, save_hwm);
            memmove(previous+1, previous, len);
            code++;
+           if (repeat_max == 0)
+             {
+             *previous++ = OP_SKIPZERO;
+             goto END_REPEAT;
+             }
            *previous++ = OP_BRAZERO + repeat_type;
            }
-Line 3338 
 for (;; ptr++)
+Line 4539 
 for (;; ptr++)
            /* We chain together the bracket offset fields that have to be
            filled in later when the ends of the brackets are reached. */
-           offset = (bralink == NULL)? 0 : previous - bralink;
+           offset = (bralink == NULL)? 0 : (int)(previous - bralink);
            bralink = previous;
            PUTINC(previous, 0, offset);
            }
-Line 3358 
 for (;; ptr++)
+Line 4559 
 for (;; ptr++)
          if (repeat_min > 1)
            {
            /* In the pre-compile phase, we don't actually do the replication. We
-           just adjust the length as if we had. */
+           just adjust the length as if we had. Do some paranoid checks for
+           potential integer overflow. The INT64_OR_DOUBLE type is a 64-bit
+           integer type when available, otherwise double. */
            if (lengthptr != NULL)
-             *lengthptr += (repeat_min - 1)*length_prevgroup;
+             {
+             int delta = (repeat_min - 1)*length_prevgroup;
+             if ((INT64_OR_DOUBLE)(repeat_min - 1)*
+                   (INT64_OR_DOUBLE)length_prevgroup >
+                     (INT64_OR_DOUBLE)INT_MAX ||
+                 OFLOW_MAX - *lengthptr < delta)
+               {
+               *errorcodeptr = ERR20;
+               goto FAILED;
+               }
+             *lengthptr += delta;
+             }
            /* This is compiling for real */
-Line 3399 
 for (;; ptr++)
+Line 4613 
 for (;; ptr++)
          /* In the pre-compile phase, we don't actually do the replication. We
          just adjust the length as if we had. For each repetition we must add 1
          to the length for BRAZERO and for all but the last repetition we must
-         add 2 + 2*LINKSIZE to allow for the nesting that occurs. */
+         add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
+         paranoid checks to avoid integer overflow. The INT64_OR_DOUBLE type is
+         a 64-bit integer type when available, otherwise double. */
          if (lengthptr != NULL && repeat_max > 0)
-           *lengthptr += repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
+           {
-- 2*LINK_SIZE;  /* Last one doesn't nest */
+           int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
+- 2*LINK_SIZE;   /* Last one doesn't nest */
+           if ((INT64_OR_DOUBLE)repeat_max *
+                 (INT64_OR_DOUBLE)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
+                   > (INT64_OR_DOUBLE)INT_MAX ||
+               OFLOW_MAX - *lengthptr < delta)
+             {
+             *errorcodeptr = ERR20;
+             goto FAILED;
+             }
+           *lengthptr += delta;
+           }
          /* This is compiling for real */
-Line 3421 
 for (;; ptr++)
+Line 4648 
 for (;; ptr++)
              {
              int offset;
              *code++ = OP_BRA;
-             offset = (bralink == NULL)? 0 : code - bralink;
+             offset = (bralink == NULL)? 0 : (int)(code - bralink);
              bralink = code;
              PUTINC(code, 0, offset);
              }
-Line 3442 
 for (;; ptr++)
+Line 4669 
 for (;; ptr++)
          while (bralink != NULL)
            {
            int oldlinkoffset;
-           int offset = code - bralink + 1;
+           int offset = (int)(code - bralink + 1);
            uschar *bra = code - offset;
            oldlinkoffset = GET(bra, 1);
            bralink = (oldlinkoffset == 0)? NULL : bralink - oldlinkoffset;
-Line 3473 
 for (;; ptr++)
+Line 4700 
 for (;; ptr++)
            uschar *scode = bracode;
            do
              {
-             if (could_be_empty_branch(scode, ketcode, utf8))
+             if (could_be_empty_branch(scode, ketcode, utf8, cd))
                {
                *bracode += OP_SBRA - OP_BRA;
                break;
-Line 3485 
 for (;; ptr++)
+Line 4712 
 for (;; ptr++)
          }
        }
+     /* If previous is OP_FAIL, it was generated by an empty class [] in
+     JavaScript mode. The other ways in which OP_FAIL can be generated, that is
+     by (*FAIL) or (?!) set previous to NULL, which gives a "nothing to repeat"
+     error above. We can just ignore the repeat in JS case. */
+     else if (*previous == OP_FAIL) goto END_REPEAT;
      /* Else there's some kind of shambles */
      else
-Line 3509 
 for (;; ptr++)
+Line 4743 
 for (;; ptr++)
      if (possessive_quantifier)
        {
        int len;
-       if (*tempcode == OP_EXACT || *tempcode == OP_TYPEEXACT ||
-           *tempcode == OP_NOTEXACT)
+       if (*tempcode == OP_TYPEEXACT)
+         tempcode += _pcre_OP_lengths[*tempcode] +
+           ((tempcode[3] == OP_PROP || tempcode[3] == OP_NOTPROP)? 2 : 0);
+       else if (*tempcode == OP_EXACT || *tempcode == OP_NOTEXACT)
+         {
          tempcode += _pcre_OP_lengths[*tempcode];
-       len = code - tempcode;
+ #ifdef SUPPORT_UTF8
+         if (utf8 && tempcode[-1] >= 0xc0)
+           tempcode += _pcre_utf8_table4[tempcode[-1] & 0x3f];
+ #endif
+         }
+       len = (int)(code - tempcode);
        if (len > 0) switch (*tempcode)
          {
          case OP_STAR:  *tempcode = OP_POSSTAR; break;
-Line 3530 
 for (;; ptr++)
+Line 4775 
 for (;; ptr++)
          case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
          case OP_NOTUPTO:  *tempcode = OP_NOTPOSUPTO; break;
+         /* Because we are moving code along, we must ensure that any
+         pending recursive references are updated. */
          default:
+         *code = OP_END;
+         adjust_recurse(tempcode, 1 + LINK_SIZE, utf8, cd, save_hwm);
          memmove(tempcode + 1+LINK_SIZE, tempcode, len);
          code += 1 + LINK_SIZE;
          len += 1 + LINK_SIZE;
-Line 3546 
 for (;; ptr++)
+Line 4796 
 for (;; ptr++)
      "follows varying string" flag for subsequently encountered reqbytes if
      it isn't already set and we have just passed a varying length item. */
      END_REPEAT:
      previous = NULL;
      cd->req_varyopt |= reqvary;
      break;
+     /* ===================================================================*/
+     /* Start of nested parenthesized sub-expression, or comment or lookahead or
+     lookbehind or option setting or condition or all the other extended
+     parenthesis forms.  */
+     case CHAR_LEFT_PARENTHESIS:
+     newoptions = options;
+     skipbytes = 0;
+     bravalue = OP_CBRA;
+     save_hwm = cd->hwm;
+     reset_bracount = FALSE;
+     /* First deal with various "verbs" that can be introduced by '*'. */
+     if (*(++ptr) == CHAR_ASTERISK &&
+          ((cd->ctypes[ptr[1]] & ctype_letter) != 0 || ptr[1] == ':'))
+       {
+       int i, namelen;
+       int arglen = 0;
+       const char *vn = verbnames;
+       const uschar *name = ptr + 1;
+       const uschar *arg = NULL;
+       previous = NULL;
+       while ((cd->ctypes[*++ptr] & ctype_letter) != 0) {};
+       namelen = (int)(ptr - name);