Fix misbehaving DFA match for possessively repeated character class (Bugzilla

2086).

ChangeLog

@@ -80,6 +80,9 @@ a NULL pattern pointer when Unicode support is available.
 were longer than 64 code units could cause a buffer overflow. This was a bug in 
 pcre2test.
 
+14. The alternative matching function, pcre2_dfa_match() misbehaved if it 
+encountered a character class with a possessive repeat, for example [a-f]{3}+.
+
 
 Version 10.23 14-February-2017
 ------------------------------

src/pcre2_dfa_match.c

@@ -2539,11 +2539,13 @@ for (;;)
           if (isinclass)
             {
             int max = (int)GET2(ecode, 1 + IMM2_SIZE);
-            if (*ecode == OP_CRPOSRANGE)
+
+            if (*ecode == OP_CRPOSRANGE && count >= (int)GET2(ecode, 1))
               {
               active_count--;           /* Remove non-match possibility */
               next_active_state--;
               }
+
             if (++count >= max && max != 0)   /* Max 0 => no limit */
               { ADD_NEW(next_state_offset + 1 + 2 * IMM2_SIZE, 0); }
             else

testdata/testinput6

@@ -4886,4 +4886,7 @@
 \= Expect depth limit exceeded
     a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]
 
+/(02-)?[0-9]{3}-[0-9]{3}/
+    02-123-123
+
 # End of testinput6

testdata/testoutput6

@@ -7685,4 +7685,8 @@ No match
     a[00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]([00]
 Failed: error -53: matching depth limit exceeded
 
+/(02-)?[0-9]{3}-[0-9]{3}/
+    02-123-123
+ 0: 02-123-123
+
 # End of testinput6