From a98121a21285e506fb4ab43ea064a5c74ee472ea Mon Sep 17 00:00:00 2001
From: "Philip.Hazel" <Philip.Hazel@gmail.com>
Date: Sat, 10 Dec 2016 14:59:24 +0000
Subject: [PATCH] Fix caseless minimizing back reference bug when heap in use
 for recursion.

---
 ChangeLog            | 7 +++++++
 src/pcre2_match.c    | 2 +-
 testdata/testinput1  | 3 +++
 testdata/testoutput1 | 6 ++++++
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 385f1b3..e39f544 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -211,6 +211,13 @@ dereference).
 33. If the starting offset was specified as greater than the subject length in 
 a call to pcre2_substitute() an out-of-bounds memory reference could occur.
 
+34. When PCRE2 was compiled to use the heap instead of the stack for recursive 
+calls to match(), a repeated minimizing caseless back reference, or a 
+maximizing one where the two cases had different numbers of code units, 
+followed by a caseful back reference, could lose the caselessness of the first 
+repeated back reference (example: /(Z)(a)\2{1,2}?(?-i)\1X/i should match ZaAAZX 
+but didn't).
+
 
 Version 10.22 29-July-2016
 --------------------------
diff --git a/src/pcre2_match.c b/src/pcre2_match.c
index ccfe7e7..78a9bac 100644
--- a/src/pcre2_match.c
+++ b/src/pcre2_match.c
@@ -586,7 +586,6 @@ uint32_t c;       /* Character values not kept over RMATCH() calls */
 BOOL utf;         /* Local copy of UTF flag for speed */
 
 BOOL minimize, possessive; /* Quantifier options */
-BOOL caseless;
 int condcode;
 
 /* When recursion is not being used, all "local" variables that have to be
@@ -724,6 +723,7 @@ still need to be preserved over recursive calls of match(). These macros define
 the alternative names that are used. */
 
 #define allow_zero      cur_is_word
+#define caseless        cur_is_word
 #define cbegroup        condition
 #define code_offset     codelink
 #define condassert      condition
diff --git a/testdata/testinput1 b/testdata/testinput1
index 7978e0c..52b3480 100644
--- a/testdata/testinput1
+++ b/testdata/testinput1
@@ -5815,4 +5815,7 @@ ef) x/x,mark
 /(?s)(?=.*?)b/
     aabc
 
+/(Z)(a)\2{1,2}?(?-i)\1X/i
+    ZaAAZX
+
 # End of testinput1 
diff --git a/testdata/testoutput1 b/testdata/testoutput1
index 617ca8a..5683e8d 100644
--- a/testdata/testoutput1
+++ b/testdata/testoutput1
@@ -9289,4 +9289,10 @@ No match
     aabc
  0: b
 
+/(Z)(a)\2{1,2}?(?-i)\1X/i
+    ZaAAZX
+ 0: ZaAAZX
+ 1: Z
+ 2: a
+
 # End of testinput1