Fix bad processing of (?x)(*MARK) within another group.

ChangeLog

@@ -18,6 +18,13 @@ pcre2_auto_possessify.c source.
 processing them could involve a buffer overflow if the following character was 
 an opening parenthesis.
 
+6. Change 36 for 10.20 also introduced a bug in processing this pattern:
+/((?x)(*:0))#(?'/. Specifically: if a setting of (?x) was followed by a (*MARK) 
+setting (which (*:0) is), then (?x) did not get unset at the end of its group 
+during the scan for named groups, and hence the external # was incorrectly
+treated as a comment and the invalid (?' at the end of the pattern was not 
+diagnosed. This caused a buffer overflow during the real compile.
+
 
 Version 10.20 30-June-2015
 --------------------------

src/pcre2_compile.c

@@ -3334,6 +3334,7 @@ for (; ptr < cb->end_pattern; ptr++)
         {
         ptr += 2;
         while (ptr < cb->end_pattern && *ptr != CHAR_RIGHT_PARENTHESIS) ptr++;
+        nest_depth--;
         }
       }
 

testdata/testinput2

@@ -4329,4 +4329,6 @@ a random value. /Ix
 
 /[[:>:]](?<)/
 
+/((?x)(*:0))#(?'/
+
 # End of testinput2 

testdata/testoutput2

@@ -14473,4 +14473,7 @@ Failed: error 161 at offset 32: number is too big
 /[[:>:]](?<)/
 Failed: error 124 at offset 10: unrecognized character after (?<
 
+/((?x)(*:0))#(?'/
+Failed: error 124 at offset 15: unrecognized character after (?<
+
 # End of testinput2