From 2e36497404e01edd9052635d7c2bbfa42fd4be5c Mon Sep 17 00:00:00 2001
From: "Philip.Hazel" <Philip.Hazel@gmail.com>
Date: Fri, 6 Feb 2015 17:51:55 +0000
Subject: [PATCH] Fix compile loop for subroutine reference after class such as
 [^\ff].

---
 ChangeLog            |  3 +++
 src/pcre2_compile.c  | 28 ++++++++++++++++++++++++++++
 testdata/testinput5  |  2 ++
 testdata/testoutput5 |  3 +++
 4 files changed, 36 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index d676c6b..dbc9717 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,6 +62,9 @@ infinite loop. Now it generates an "internal error" error. This is a tidyup,
 not a bug fix; passing bad UTF with NO_UTF_CHECK is documented as having an
 undefined outcome.
 
+12. A UTF pattern containing a "not" match of a non-ASCII character and a 
+subroutine reference could loop at compile time. Example: /[^\xff]((?1))/.
+
 
 Version 10.00 05-January-2015
 -----------------------------
diff --git a/src/pcre2_compile.c b/src/pcre2_compile.c
index d829e28..a55ab65 100644
--- a/src/pcre2_compile.c
+++ b/src/pcre2_compile.c
@@ -2353,32 +2353,60 @@ for (;;)
       {
       case OP_CHAR:
       case OP_CHARI:
+      case OP_NOT:
+      case OP_NOTI:
       case OP_EXACT:
       case OP_EXACTI:
+      case OP_NOTEXACT:
+      case OP_NOTEXACTI:
       case OP_UPTO:
       case OP_UPTOI:
+      case OP_NOTUPTO:
+      case OP_NOTUPTOI:
       case OP_MINUPTO:
       case OP_MINUPTOI:
+      case OP_NOTMINUPTO:
+      case OP_NOTMINUPTOI:
       case OP_POSUPTO:
       case OP_POSUPTOI:
+      case OP_NOTPOSUPTO:
+      case OP_NOTPOSUPTOI:
       case OP_STAR:
       case OP_STARI:
+      case OP_NOTSTAR:
+      case OP_NOTSTARI:
       case OP_MINSTAR:
       case OP_MINSTARI:
+      case OP_NOTMINSTAR:
+      case OP_NOTMINSTARI:
       case OP_POSSTAR:
       case OP_POSSTARI:
+      case OP_NOTPOSSTAR:
+      case OP_NOTPOSSTARI:
       case OP_PLUS:
       case OP_PLUSI:
+      case OP_NOTPLUS:
+      case OP_NOTPLUSI:
       case OP_MINPLUS:
       case OP_MINPLUSI:
+      case OP_NOTMINPLUS:
+      case OP_NOTMINPLUSI:
       case OP_POSPLUS:
       case OP_POSPLUSI:
+      case OP_NOTPOSPLUS:
+      case OP_NOTPOSPLUSI:
       case OP_QUERY:
       case OP_QUERYI:
+      case OP_NOTQUERY:
+      case OP_NOTQUERYI:
       case OP_MINQUERY:
       case OP_MINQUERYI:
+      case OP_NOTMINQUERY:
+      case OP_NOTMINQUERYI:
       case OP_POSQUERY:
       case OP_POSQUERYI:
+      case OP_NOTPOSQUERY:
+      case OP_NOTPOSQUERYI:
       if (HAS_EXTRALEN(code[-1])) code += GET_EXTRALEN(code[-1]);
       break;
       }
diff --git a/testdata/testinput5 b/testdata/testinput5
index 7630272..4c8dfeb 100644
--- a/testdata/testinput5
+++ b/testdata/testinput5
@@ -1636,4 +1636,6 @@
 /(?<=abc)(|def)/g,utf,replace=<$0>
       123abcáyzabcdef789abcሴqr
 
+/[^\xff]((?1))/utf,debug
+
 # End of testinput5 
diff --git a/testdata/testoutput5 b/testdata/testoutput5
index 7bdab20..0a331e1 100644
--- a/testdata/testoutput5
+++ b/testdata/testoutput5
@@ -4006,4 +4006,7 @@ Subject length lower bound = 1
       123abcáyzabcdef789abcሴqr
  4: 123abc<>\x{e1}yzabc<><def>789abc<>\x{1234}qr
 
+/[^\xff]((?1))/utf,debug
+Failed: error 140 at offset 11: recursion could loop indefinitely
+
 # End of testinput5