Fix bug when a character > 0xffff appears in a lookbehind within a lookbehind.

ChangeLog

@@ -48,12 +48,12 @@ parenthesis item, not the length of the whole group. A length of zero is now
 given only for a callout at the end of the pattern. Automatic callouts are no
 longer inserted before and after explicit callouts in the pattern.
 
-A number of bugs in the refactored code were subsequently fixed before release,
-but after the code was made available in the repository. Many of the bugs were
-discovered by fuzzing testing. Several of them were related to the change from
-assuming a zero-terminated pattern (which previously had required non-zero
-terminated strings to be copied). These bugs were never in released code, but
-are noted here for the record.
+A number of bugs in the refactored code were subsequently fixed during testing
+before release, but after the code was made available in the repository. Many
+of the bugs were discovered by fuzzing testing. Several of them were related to
+the change from assuming a zero-terminated pattern (which previously had
+required non-zero terminated strings to be copied). These bugs were never in
+fully released code, but are noted here for the record.
 
   (a) An overall recursion such as (?0) inside a lookbehind assertion was not
       being diagnosed as an error.
@@ -115,6 +115,10 @@ are noted here for the record.
       check for a following assertion, leading to compiling bad code. Example:
       /(?(C'XX))?!XX/
 
+  (r) If a character whose code point was greater than 0xffff appeared within
+      a lookbehind that was within another lookbehind, the calculation of the
+      lookbehind length went wrong and could provoke an internal error.
+
 4. Back references are now permitted in lookbehind assertions when there are
 no duplicated group numbers (that is, (?| has not been used), and, if the
 reference is by name, there is only one group of that name. The referenced

src/pcre2_compile.c

@@ -7924,6 +7924,7 @@ Arguments:
 
 Returns:     new value of pptr
              NULL if META_END is reached - should never occur
+               or for an unknown meta value - likewise 
 */
 
 static uint32_t *
@@ -7934,9 +7935,11 @@ uint32_t nestlevel = 0;
 for (pptr += 1;; pptr++)
   {
   uint32_t meta = META_CODE(*pptr);
+  
   switch(meta)
     {
     default:  /* Just skip over most items */
+    if (meta < META_END) continue;  /* Literal */
     break;
 
     /* This should never occur. */
@@ -8007,7 +8010,7 @@ for (pptr += 1;; pptr++)
 
   /* The extra data item length for each meta is in a table. */
 
-  meta = (meta & 0x0fff0000u) >> 16;
+  meta = (meta >> 16) & 0x7fff;
   if (meta >= sizeof(meta_extra_lengths)) return NULL;
   pptr += meta_extra_lengths[meta];
   }

testdata/testinput5

@@ -1755,4 +1755,6 @@
 /[\P{Yi}]/utf,locale=C
 \x{2f000}
 
+/^(?<!(?=􃡜))/B,utf
+
 # End of testinput5 

testdata/testoutput5

@@ -4201,4 +4201,17 @@ Failed: error 125 at offset 2: lookbehind assertion is not fixed length
 \x{2f000}
  0: \x{2f000}
 
+/^(?<!(?=􃡜))/B,utf
+------------------------------------------------------------------
+        Bra
+        ^
+        AssertB not
+        Assert
+        \x{10385c}
+        Ket
+        Ket
+        Ket
+        End
+------------------------------------------------------------------
+
 # End of testinput5