/*************************************************

*      Perl-Compatible Regular Expressions       *

*************************************************/

/* PCRE is a library of functions to support regular expressions whose syntax

and semantics are as close as possible to those of the Perl 5 language.

                       Written by Philip Hazel

     Original API code Copyright (c) 1997-2012 University of Cambridge

          New API code Copyright (c) 2016-2023 University of Cambridge

-----------------------------------------------------------------------------

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,

      this list of conditions and the following disclaimer.

    * Redistributions in binary form must reproduce the above copyright

      notice, this list of conditions and the following disclaimer in the

      documentation and/or other materials provided with the distribution.

    * Neither the name of the University of Cambridge nor the names of its

      contributors may be used to endorse or promote products derived from

      this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE.

-----------------------------------------------------------------------------

*/

/* This module contains the external function pcre2_dfa_match(), which is an

alternative matching function that uses a sort of DFA algorithm (not a true

FSM). This is NOT Perl-compatible, but it has advantages in certain

applications. */

/* NOTE ABOUT PERFORMANCE: A user of this function sent some code that improved

the performance of his patterns greatly. I could not use it as it stood, as it

was not thread safe, and made assumptions about pattern sizes. Also, it caused

test 7 to loop, and test 9 to crash with a segfault.

The issue is the check for duplicate states, which is done by a simple linear

search up the state list. (Grep for "duplicate" below to find the code.) For

many patterns, there will never be many states active at one time, so a simple

linear search is fine. In patterns that have many active states, it might be a

bottleneck. The suggested code used an indexing scheme to remember which states

had previously been used for each character, and avoided the linear search when

it knew there was no chance of a duplicate. This was implemented when adding

states to the state lists.

I wrote some thread-safe, not-limited code to try something similar at the time

of checking for duplicates (instead of when adding states), using index vectors

on the stack. It did give a 13% improvement with one specially constructed

pattern for certain subject strings, but on other strings and on many of the

simpler patterns in the test suite it did worse. The major problem, I think,

was the extra time to initialize the index. This had to be done for each call

of internal_dfa_match(). (The supplied patch used a static vector, initialized

only once - I suspect this was the cause of the problems with the tests.)

Overall, I concluded that the gains in some cases did not outweigh the losses

in others, so I abandoned this code. */

#ifdef HAVE_CONFIG_H

#include "config.h"

#endif

#define NLBLOCK mb             /* Block containing newline information */

#define PSSTART start_subject  /* Field containing processed string start */

#define PSEND   end_subject    /* Field containing processed string end */

#include "pcre2_internal.h"

#define PUBLIC_DFA_MATCH_OPTIONS \

  (PCRE2_ANCHORED|PCRE2_ENDANCHORED|PCRE2_NOTBOL|PCRE2_NOTEOL|PCRE2_NOTEMPTY| \

   PCRE2_NOTEMPTY_ATSTART|PCRE2_NO_UTF_CHECK|PCRE2_PARTIAL_HARD| \

   PCRE2_PARTIAL_SOFT|PCRE2_DFA_SHORTEST|PCRE2_DFA_RESTART| \

   PCRE2_COPY_MATCHED_SUBJECT)

/*************************************************

*      Code parameters and static tables         *

*************************************************/

/* These are offsets that are used to turn the OP_TYPESTAR and friends opcodes

into others, under special conditions. A gap of 20 between the blocks should be

enough. The resulting opcodes don't have to be less than 256 because they are

never stored, so we push them well clear of the normal opcodes. */

#define OP_PROP_EXTRA       300

#define OP_EXTUNI_EXTRA     320

#define OP_ANYNL_EXTRA      340

#define OP_HSPACE_EXTRA     360

#define OP_VSPACE_EXTRA     380

/* This table identifies those opcodes that are followed immediately by a

character that is to be tested in some way. This makes it possible to

centralize the loading of these characters. In the case of Type * etc, the

"character" is the opcode for \D, \d, \S, \s, \W, or \w, which will always be a

small value. Non-zero values in the table are the offsets from the opcode where

the character is to be found. ***NOTE*** If the start of this table is

modified, the three tables that follow must also be modified. */

static const uint8_t coptable[] = {

  0,                             /* End                                    */

  0, 0, 0, 0, 0,                 /* \A, \G, \K, \B, \b                     */

  0, 0, 0, 0, 0, 0,              /* \D, \d, \S, \s, \W, \w                 */

  0, 0, 0,                       /* Any, AllAny, Anybyte                   */

  0, 0,                          /* \P, \p                                 */

  0, 0, 0, 0, 0,                 /* \R, \H, \h, \V, \v                     */

  0,                             /* \X                                     */

  0, 0, 0, 0, 0, 0,              /* \Z, \z, $, $M, ^, ^M                   */

  1,                             /* Char                                   */

  1,                             /* Chari                                  */

  1,                             /* not                                    */

  1,                             /* noti                                   */

  /* Positive single-char repeats                                          */

  1, 1, 1, 1, 1, 1,              /* *, *?, +, +?, ?, ??                    */

  1+IMM2_SIZE, 1+IMM2_SIZE,      /* upto, minupto                          */

  1+IMM2_SIZE,                   /* exact                                  */

  1, 1, 1, 1+IMM2_SIZE,          /* *+, ++, ?+, upto+                      */

  1, 1, 1, 1, 1, 1,              /* *I, *?I, +I, +?I, ?I, ??I              */

  1+IMM2_SIZE, 1+IMM2_SIZE,      /* upto I, minupto I                      */

  1+IMM2_SIZE,                   /* exact I                                */

  1, 1, 1, 1+IMM2_SIZE,          /* *+I, ++I, ?+I, upto+I                  */

  /* Negative single-char repeats - only for chars < 256                   */

  1, 1, 1, 1, 1, 1,              /* NOT *, *?, +, +?, ?, ??                */

  1+IMM2_SIZE, 1+IMM2_SIZE,      /* NOT upto, minupto                      */

  1+IMM2_SIZE,                   /* NOT exact                              */

  1, 1, 1, 1+IMM2_SIZE,          /* NOT *+, ++, ?+, upto+                  */

  1, 1, 1, 1, 1, 1,              /* NOT *I, *?I, +I, +?I, ?I, ??I          */

  1+IMM2_SIZE, 1+IMM2_SIZE,      /* NOT upto I, minupto I                  */

  1+IMM2_SIZE,                   /* NOT exact I                            */

  1, 1, 1, 1+IMM2_SIZE,          /* NOT *+I, ++I, ?+I, upto+I              */

  /* Positive type repeats                                                 */

  1, 1, 1, 1, 1, 1,              /* Type *, *?, +, +?, ?, ??               */

  1+IMM2_SIZE, 1+IMM2_SIZE,      /* Type upto, minupto                     */

  1+IMM2_SIZE,                   /* Type exact                             */

  1, 1, 1, 1+IMM2_SIZE,          /* Type *+, ++, ?+, upto+                 */

  /* Character class & ref repeats                                         */

  0, 0, 0, 0, 0, 0,              /* *, *?, +, +?, ?, ??                    */

  0, 0,                          /* CRRANGE, CRMINRANGE                    */

  0, 0, 0, 0,                    /* Possessive *+, ++, ?+, CRPOSRANGE      */

  0,                             /* CLASS                                  */

  0,                             /* NCLASS                                 */

  0,                             /* XCLASS - variable length               */

  0,                             /* REF                                    */

  0,                             /* REFI                                   */

  0,                             /* DNREF                                  */

  0,                             /* DNREFI                                 */

  0,                             /* RECURSE                                */

  0,                             /* CALLOUT                                */

  0,                             /* CALLOUT_STR                            */

  0,                             /* Alt                                    */

  0,                             /* Ket                                    */

  0,                             /* KetRmax                                */

  0,                             /* KetRmin                                */

  0,                             /* KetRpos                                */

  0, 0,                          /* Reverse, Vreverse                      */

  0,                             /* Assert                                 */

  0,                             /* Assert not                             */

  0,                             /* Assert behind                          */

  0,                             /* Assert behind not                      */

  0,                             /* NA assert                              */

  0,                             /* NA assert behind                       */

  0,                             /* ONCE                                   */

  0,                             /* SCRIPT_RUN                             */

  0, 0, 0, 0, 0,                 /* BRA, BRAPOS, CBRA, CBRAPOS, COND       */

  0, 0, 0, 0, 0,                 /* SBRA, SBRAPOS, SCBRA, SCBRAPOS, SCOND  */

  0, 0,                          /* CREF, DNCREF                           */

  0, 0,                          /* RREF, DNRREF                           */

  0, 0,                          /* FALSE, TRUE                            */

  0, 0, 0,                       /* BRAZERO, BRAMINZERO, BRAPOSZERO        */

  0, 0, 0,                       /* MARK, PRUNE, PRUNE_ARG                 */

  0, 0, 0, 0,                    /* SKIP, SKIP_ARG, THEN, THEN_ARG         */

  0, 0,                          /* COMMIT, COMMIT_ARG                     */

  0, 0, 0,                       /* FAIL, ACCEPT, ASSERT_ACCEPT            */

  0, 0, 0,                       /* CLOSE, SKIPZERO, DEFINE                */

  0, 0                           /* \B and \b in UCP mode                  */

};

/* This table identifies those opcodes that inspect a character. It is used to

remember the fact that a character could have been inspected when the end of

the subject is reached. ***NOTE*** If the start of this table is modified, the

two tables that follow must also be modified. */

static const uint8_t poptable[] = {

  0,                             /* End                                    */

  0, 0, 0, 1, 1,                 /* \A, \G, \K, \B, \b                     */

  1, 1, 1, 1, 1, 1,              /* \D, \d, \S, \s, \W, \w                 */

  1, 1, 1,                       /* Any, AllAny, Anybyte                   */

  1, 1,                          /* \P, \p                                 */

  1, 1, 1, 1, 1,                 /* \R, \H, \h, \V, \v                     */

  1,                             /* \X                                     */

  0, 0, 0, 0, 0, 0,              /* \Z, \z, $, $M, ^, ^M                   */

  1,                             /* Char                                   */

  1,                             /* Chari                                  */

  1,                             /* not                                    */

  1,                             /* noti                                   */

  /* Positive single-char repeats                                          */

  1, 1, 1, 1, 1, 1,              /* *, *?, +, +?, ?, ??                    */

  1, 1, 1,                       /* upto, minupto, exact                   */

  1, 1, 1, 1,                    /* *+, ++, ?+, upto+                      */

  1, 1, 1, 1, 1, 1,              /* *I, *?I, +I, +?I, ?I, ??I              */

  1, 1, 1,                       /* upto I, minupto I, exact I             */

  1, 1, 1, 1,                    /* *+I, ++I, ?+I, upto+I                  */

  /* Negative single-char repeats - only for chars < 256                   */

  1, 1, 1, 1, 1, 1,              /* NOT *, *?, +, +?, ?, ??                */

  1, 1, 1,                       /* NOT upto, minupto, exact               */

  1, 1, 1, 1,                    /* NOT *+, ++, ?+, upto+                  */

  1, 1, 1, 1, 1, 1,              /* NOT *I, *?I, +I, +?I, ?I, ??I          */

  1, 1, 1,                       /* NOT upto I, minupto I, exact I         */

  1, 1, 1, 1,                    /* NOT *+I, ++I, ?+I, upto+I              */

  /* Positive type repeats                                                 */

  1, 1, 1, 1, 1, 1,              /* Type *, *?, +, +?, ?, ??               */

  1, 1, 1,                       /* Type upto, minupto, exact              */

  1, 1, 1, 1,                    /* Type *+, ++, ?+, upto+                 */

  /* Character class & ref repeats                                         */

  1, 1, 1, 1, 1, 1,              /* *, *?, +, +?, ?, ??                    */

  1, 1,                          /* CRRANGE, CRMINRANGE                    */

  1, 1, 1, 1,                    /* Possessive *+, ++, ?+, CRPOSRANGE      */

  1,                             /* CLASS                                  */

  1,                             /* NCLASS                                 */

  1,                             /* XCLASS - variable length               */

  0,                             /* REF                                    */

  0,                             /* REFI                                   */

  0,                             /* DNREF                                  */

  0,                             /* DNREFI                                 */

  0,                             /* RECURSE                                */

  0,                             /* CALLOUT                                */

  0,                             /* CALLOUT_STR                            */

  0,                             /* Alt                                    */

  0,                             /* Ket                                    */

  0,                             /* KetRmax                                */

  0,                             /* KetRmin                                */

  0,                             /* KetRpos                                */

  0, 0,                          /* Reverse, Vreverse                      */

  0,                             /* Assert                                 */

  0,                             /* Assert not                             */

  0,                             /* Assert behind                          */

  0,                             /* Assert behind not                      */

  0,                             /* NA assert                              */

  0,                             /* NA assert behind                       */

  0,                             /* ONCE                                   */

  0,                             /* SCRIPT_RUN                             */

  0, 0, 0, 0, 0,                 /* BRA, BRAPOS, CBRA, CBRAPOS, COND       */

  0, 0, 0, 0, 0,                 /* SBRA, SBRAPOS, SCBRA, SCBRAPOS, SCOND  */

  0, 0,                          /* CREF, DNCREF                           */

  0, 0,                          /* RREF, DNRREF                           */

  0, 0,                          /* FALSE, TRUE                            */

  0, 0, 0,                       /* BRAZERO, BRAMINZERO, BRAPOSZERO        */

  0, 0, 0,                       /* MARK, PRUNE, PRUNE_ARG                 */

  0, 0, 0, 0,                    /* SKIP, SKIP_ARG, THEN, THEN_ARG         */

  0, 0,                          /* COMMIT, COMMIT_ARG                     */

  0, 0, 0,                       /* FAIL, ACCEPT, ASSERT_ACCEPT            */

  0, 0, 0,                       /* CLOSE, SKIPZERO, DEFINE                */

  1, 1                           /* \B and \b in UCP mode                  */

};

/* These 2 tables allow for compact code for testing for \D, \d, \S, \s, \W,

and \w */

static const uint8_t toptable1[] = {

  0, 0, 0, 0, 0, 0,

  ctype_digit, ctype_digit,

  ctype_space, ctype_space,

  ctype_word,  ctype_word,

  0, 0                            /* OP_ANY, OP_ALLANY */

};

static const uint8_t toptable2[] = {

  0, 0, 0, 0, 0, 0,

  ctype_digit, 0,

  ctype_space, 0,

  ctype_word,  0,

  1, 1                            /* OP_ANY, OP_ALLANY */

};

/* Structure for holding data about a particular state, which is in effect the

current data for an active path through the match tree. It must consist

entirely of ints because the working vector we are passed, and which we put

these structures in, is a vector of ints. */

typedef struct stateblock {

  int offset;                     /* Offset to opcode (-ve has meaning) */

  int count;                      /* Count for repeats */

  int data;                       /* Some use extra data */

} stateblock;

#define INTS_PER_STATEBLOCK  (int)(sizeof(stateblock)/sizeof(int))

/* Before version 10.32 the recursive calls of internal_dfa_match() were passed

local working space and output vectors that were created on the stack. This has

caused issues for some patterns, especially in small-stack environments such as

Windows. A new scheme is now in use which sets up a vector on the stack, but if

this is too small, heap memory is used, up to the heap_limit. The main

parameters are all numbers of ints because the workspace is a vector of ints.

The size of the starting stack vector, DFA_START_RWS_SIZE, is in bytes, and is

defined in pcre2_internal.h so as to be available to pcre2test when it is

finding the minimum heap requirement for a match. */

#define OVEC_UNIT  (sizeof(PCRE2_SIZE)/sizeof(int))

#define RWS_BASE_SIZE   (DFA_START_RWS_SIZE/sizeof(int))  /* Stack vector */

#define RWS_RSIZE       1000                    /* Work size for recursion */

#define RWS_OVEC_RSIZE  (1000*OVEC_UNIT)        /* Ovector for recursion */

#define RWS_OVEC_OSIZE  (2*OVEC_UNIT)           /* Ovector in other cases */

/* This structure is at the start of each workspace block. */

typedef struct RWS_anchor {

  struct RWS_anchor *next;

  uint32_t size;  /* Number of ints */

  uint32_t free;  /* Number of ints */

} RWS_anchor;

#define RWS_ANCHOR_SIZE (sizeof(RWS_anchor)/sizeof(int))

/*************************************************

*               Process a callout                *

*************************************************/

/* This function is called to perform a callout.

Arguments:

  code              current code pointer

  offsets           points to current capture offsets

  current_subject   start of current subject match

  ptr               current position in subject

  mb                the match block

  extracode         extra code offset when called from condition

  lengthptr         where to return the callout length

Returns:            the return from the callout

*/

static int

do_callout_dfa(PCRE2_SPTR code, PCRE2_SIZE *offsets, PCRE2_SPTR current_subject,

  PCRE2_SPTR ptr, dfa_match_block *mb, PCRE2_SIZE extracode,

  PCRE2_SIZE *lengthptr)

{

pcre2_callout_block *cb = mb->cb;

*lengthptr = (code[extracode] == OP_CALLOUT)?

  (PCRE2_SIZE)PRIV(OP_lengths)[OP_CALLOUT] :

  (PCRE2_SIZE)GET(code, 1 + 2*LINK_SIZE + extracode);

if (mb->callout == NULL) return 0;    /* No callout provided */

/* Fixed fields in the callout block are set once and for all at the start of

matching. */

cb->offset_vector    = offsets;

cb->start_match      = (PCRE2_SIZE)(current_subject - mb->start_subject);

cb->current_position = (PCRE2_SIZE)(ptr - mb->start_subject);

cb->pattern_position = GET(code, 1 + extracode);

cb->next_item_length = GET(code, 1 + LINK_SIZE + extracode);

if (code[extracode] == OP_CALLOUT)

  {

  cb->callout_number = code[1 + 2*LINK_SIZE + extracode];

  cb->callout_string_offset = 0;

  cb->callout_string = NULL;

  cb->callout_string_length = 0;

  }

else

  {

  cb->callout_number = 0;

  cb->callout_string_offset = GET(code, 1 + 3*LINK_SIZE + extracode);

  cb->callout_string = code + (1 + 4*LINK_SIZE + extracode) + 1;

  cb->callout_string_length = *lengthptr - (1 + 4*LINK_SIZE) - 2;

  }

return (mb->callout)(cb, mb->callout_data);

}

/*************************************************

*         Expand local workspace memory          *

*************************************************/

/* This function is called when internal_dfa_match() is about to be called

recursively and there is insufficient working space left in the current

workspace block. If there's an existing next block, use it; otherwise get a new

block unless the heap limit is reached.

Arguments:

  rwsptr     pointer to block pointer (updated)

  ovecsize   space needed for an ovector

  mb         the match block

Returns:     0 rwsptr has been updated

            !0 an error code

*/

static int

more_workspace(RWS_anchor **rwsptr, unsigned int ovecsize, dfa_match_block *mb)

{

RWS_anchor *rws = *rwsptr;

RWS_anchor *new;

if (rws->next != NULL)

  {

  new = rws->next;

  }

/* Sizes in the RWS_anchor blocks are in units of sizeof(int), but

mb->heap_limit and mb->heap_used are in kibibytes. Play carefully, to avoid

overflow. */

else

  {

  uint32_t newsize = (rws->size >= UINT32_MAX/(sizeof(int)*2))? UINT32_MAX/sizeof(int) : rws->size * 2;

  uint32_t newsizeK = newsize/(1024/sizeof(int));

  if (newsizeK + mb->heap_used > mb->heap_limit)

    newsizeK = (uint32_t)(mb->heap_limit - mb->heap_used);

  newsize = newsizeK*(1024/sizeof(int));

  if (newsize < RWS_RSIZE + ovecsize + RWS_ANCHOR_SIZE)

    return PCRE2_ERROR_HEAPLIMIT;

  new = mb->memctl.malloc(newsize*sizeof(int), mb->memctl.memory_data);

  if (new == NULL) return PCRE2_ERROR_NOMEMORY;

  mb->heap_used += newsizeK;

  new->next = NULL;

  new->size = newsize;

  rws->next = new;

  }

new->free = new->size - RWS_ANCHOR_SIZE;

*rwsptr = new;

return 0;

}

/*************************************************

*     Match a Regular Expression - DFA engine    *

*************************************************/

/* This internal function applies a compiled pattern to a subject string,

starting at a given point, using a DFA engine. This function is called from the

external one, possibly multiple times if the pattern is not anchored. The

function calls itself recursively for some kinds of subpattern.

Arguments:

  mb                the match_data block with fixed information

  this_start_code   the opening bracket of this subexpression's code

  current_subject   where we currently are in the subject string

  start_offset      start offset in the subject string

  offsets           vector to contain the matching string offsets

  offsetcount       size of same

  workspace         vector of workspace

  wscount           size of same

  rlevel            function call recursion level

Returns:            > 0 => number of match offset pairs placed in offsets

                    = 0 => offsets overflowed; longest matches are present

                     -1 => failed to match

                   < -1 => some kind of unexpected problem

The following macros are used for adding states to the two state vectors (one

for the current character, one for the following character). */

#define ADD_ACTIVE(x,y) \

  if (active_count++ < wscount) \

    { \

    next_active_state->offset = (x); \

    next_active_state->count  = (y); \

    next_active_state++; \

    } \

  else return PCRE2_ERROR_DFA_WSSIZE

#define ADD_ACTIVE_DATA(x,y,z) \

  if (active_count++ < wscount) \

    { \

    next_active_state->offset = (x); \

    next_active_state->count  = (y); \

    next_active_state->data   = (z); \

    next_active_state++; \

    } \

  else return PCRE2_ERROR_DFA_WSSIZE

#define ADD_NEW(x,y) \

  if (new_count++ < wscount) \

    { \

    next_new_state->offset = (x); \

    next_new_state->count  = (y); \

    next_new_state++; \

    } \

  else return PCRE2_ERROR_DFA_WSSIZE

#define ADD_NEW_DATA(x,y,z) \

  if (new_count++ < wscount) \

    { \

    next_new_state->offset = (x); \

    next_new_state->count  = (y); \

    next_new_state->data   = (z); \

    next_new_state++; \

    } \

  else return PCRE2_ERROR_DFA_WSSIZE

/* And now, here is the code */

static int

internal_dfa_match(

  dfa_match_block *mb,

  PCRE2_SPTR this_start_code,

  PCRE2_SPTR current_subject,

  PCRE2_SIZE start_offset,

  PCRE2_SIZE *offsets,

  uint32_t offsetcount,

  int *workspace,

  int wscount,

  uint32_t rlevel,

  int *RWS)

{

stateblock *active_states, *new_states, *temp_states;

stateblock *next_active_state, *next_new_state;

const uint8_t *ctypes, *lcc, *fcc;

PCRE2_SPTR ptr;

PCRE2_SPTR end_code;

dfa_recursion_info new_recursive;

int active_count, new_count, match_count;

/* Some fields in the mb block are frequently referenced, so we load them into

independent variables in the hope that this will perform better. */

PCRE2_SPTR start_subject = mb->start_subject;

PCRE2_SPTR end_subject = mb->end_subject;

PCRE2_SPTR start_code = mb->start_code;

#ifdef SUPPORT_UNICODE

BOOL utf = (mb->poptions & PCRE2_UTF) != 0;

BOOL utf_or_ucp = utf || (mb->poptions & PCRE2_UCP) != 0;

#else

BOOL utf = FALSE;

#endif

BOOL reset_could_continue = FALSE;

if (mb->match_call_count++ >= mb->match_limit) return PCRE2_ERROR_MATCHLIMIT;

if (rlevel++ > mb->match_limit_depth) return PCRE2_ERROR_DEPTHLIMIT;

offsetcount &= (uint32_t)(-2);  /* Round down */

wscount -= 2;

wscount = (wscount - (wscount % (INTS_PER_STATEBLOCK * 2))) /

          (2 * INTS_PER_STATEBLOCK);

ctypes = mb->tables + ctypes_offset;

lcc = mb->tables + lcc_offset;

fcc = mb->tables + fcc_offset;

match_count = PCRE2_ERROR_NOMATCH;   /* A negative number */

active_states = (stateblock *)(workspace + 2);

next_new_state = new_states = active_states + wscount;

new_count = 0;

/* The first thing in any (sub) pattern is a bracket of some sort. Push all

the alternative states onto the list, and find out where the end is. This

makes is possible to use this function recursively, when we want to stop at a

matching internal ket rather than at the end.

If we are dealing with a backward assertion we have to find out the maximum

amount to move back, and set up each alternative appropriately. */

if (*this_start_code == OP_ASSERTBACK || *this_start_code == OP_ASSERTBACK_NOT)

  {

  size_t max_back = 0;

  size_t gone_back;

  end_code = this_start_code;

  do

    {

    size_t back = (size_t)GET2(end_code, 2+LINK_SIZE);

    if (back > max_back) max_back = back;

    end_code += GET(end_code, 1);

    }

  while (*end_code == OP_ALT);

  /* If we can't go back the amount required for the longest lookbehind

  pattern, go back as far as we can; some alternatives may still be viable. */

#ifdef SUPPORT_UNICODE

  /* In character mode we have to step back character by character */

  if (utf)

    {

    for (gone_back = 0; gone_back < max_back; gone_back++)

      {

      if (current_subject <= start_subject) break;

      current_subject--;

      ACROSSCHAR(current_subject > start_subject, current_subject,

        current_subject--);

      }

    }

  else

#endif

  /* In byte-mode we can do this quickly. */

    {

    size_t current_offset = (size_t)(current_subject - start_subject);

    gone_back = (current_offset < max_back)? current_offset : max_back;

    current_subject -= gone_back;

    }

  /* Save the earliest consulted character */

  if (current_subject < mb->start_used_ptr)

    mb->start_used_ptr = current_subject;

  /* Now we can process the individual branches. There will be an OP_REVERSE at

  the start of each branch, except when the length of the branch is zero. */

  end_code = this_start_code;

  do

    {

    uint32_t revlen = (end_code[1+LINK_SIZE] == OP_REVERSE)? 1 + IMM2_SIZE : 0;

    size_t back = (revlen == 0)? 0 : (size_t)GET2(end_code, 2+LINK_SIZE);

    if (back <= gone_back)

      {

      int bstate = (int)(end_code - start_code + 1 + LINK_SIZE + revlen);

      ADD_NEW_DATA(-bstate, 0, (int)(gone_back - back));

      }

    end_code += GET(end_code, 1);

    }

  while (*end_code == OP_ALT);

 }

/* This is the code for a "normal" subpattern (not a backward assertion). The

start of a whole pattern is always one of these. If we are at the top level,

we may be asked to restart matching from the same point that we reached for a

previous partial match. We still have to scan through the top-level branches to

find the end state. */

else

  {

  end_code = this_start_code;

  /* Restarting */

  if (rlevel == 1 && (mb->moptions & PCRE2_DFA_RESTART) != 0)

    {

    do { end_code += GET(end_code, 1); } while (*end_code == OP_ALT);

    new_count = workspace[1];

    if (!workspace[0])

      memcpy(new_states, active_states, (size_t)new_count * sizeof(stateblock));

    }

  /* Not restarting */

  else

    {

    int length = 1 + LINK_SIZE +

      ((*this_start_code == OP_CBRA || *this_start_code == OP_SCBRA ||

        *this_start_code == OP_CBRAPOS || *this_start_code == OP_SCBRAPOS)

        ? IMM2_SIZE:0);

    do

      {

      ADD_NEW((int)(end_code - start_code + length), 0);

      end_code += GET(end_code, 1);

      length = 1 + LINK_SIZE;

      }

    while (*end_code == OP_ALT);

    }

  }

workspace[0] = 0;    /* Bit indicating which vector is current */

/* Loop for scanning the subject */

ptr = current_subject;

for (;;)

  {

  int i, j;

  int clen, dlen;

  uint32_t c, d;

  int forced_fail = 0;

  BOOL partial_newline = FALSE;

  BOOL could_continue = reset_could_continue;

  reset_could_continue = FALSE;

  if (ptr > mb->last_used_ptr) mb->last_used_ptr = ptr;

  /* Make the new state list into the active state list and empty the

  new state list. */

  temp_states = active_states;

  active_states = new_states;

  new_states = temp_states;

  active_count = new_count;

  new_count = 0;

  workspace[0] ^= 1;              /* Remember for the restarting feature */

  workspace[1] = active_count;

  /* Set the pointers for adding new states */

  next_active_state = active_states + active_count;

  next_new_state = new_states;

  /* Load the current character from the subject outside the loop, as many

  different states may want to look at it, and we assume that at least one

  will. */

  if (ptr < end_subject)

    {

    clen = 1;        /* Number of data items in the character */

#ifdef SUPPORT_UNICODE

    GETCHARLENTEST(c, ptr, clen);

#else

    c = *ptr;

#endif  /* SUPPORT_UNICODE */

    }

  else

    {

    clen = 0;        /* This indicates the end of the subject */

    c = NOTACHAR;    /* This value should never actually be used */

    }

  /* Scan up the active states and act on each one. The result of an action

  may be to add more states to the currently active list (e.g. on hitting a

  parenthesis) or it may be to put states on the new list, for considering

  when we move the character pointer on. */

  for (i = 0; i < active_count; i++)

    {

    stateblock *current_state = active_states + i;

    BOOL caseless = FALSE;

    PCRE2_SPTR code;

    uint32_t codevalue;

    int state_offset = current_state->offset;

    int rrc;

    int count;

    /* A negative offset is a special case meaning "hold off going to this

    (negated) state until the number of characters in the data field have

    been skipped". If the could_continue flag was passed over from a previous

    state, arrange for it to passed on. */

    if (state_offset < 0)

      {

      if (current_state->data > 0)

        {

        ADD_NEW_DATA(state_offset, current_state->count,

          current_state->data - 1);

        if (could_continue) reset_could_continue = TRUE;

        continue;

        }

      else

        {

        current_state->offset = state_offset = -state_offset;

        }

      }

    /* Check for a duplicate state with the same count, and skip if found.

    See the note at the head of this module about the possibility of improving

    performance here. */

    for (j = 0; j < i; j++)

      {

      if (active_states[j].offset == state_offset &&

          active_states[j].count == current_state->count)

        goto NEXT_ACTIVE_STATE;

      }

    /* The state offset is the offset to the opcode */

    code = start_code + state_offset;

    codevalue = *code;

    /* If this opcode inspects a character, but we are at the end of the

    subject, remember the fact for use when testing for a partial match. */

    if (clen == 0 && poptable[codevalue] != 0)

      could_continue = TRUE;

    /* If this opcode is followed by an inline character, load it. It is

    tempting to test for the presence of a subject character here, but that

    is wrong, because sometimes zero repetitions of the subject are

    permitted.

    We also use this mechanism for opcodes such as OP_TYPEPLUS that take an

    argument that is not a data character - but is always one byte long because

    the values are small. We have to take special action to deal with  \P, \p,

    \H, \h, \V, \v and \X in this case. To keep the other cases fast, convert

    these ones to new opcodes. */

    if (coptable[codevalue] > 0)

      {

      dlen = 1;

#ifdef SUPPORT_UNICODE

      if (utf) { GETCHARLEN(d, (code + coptable[codevalue]), dlen); } else

#endif  /* SUPPORT_UNICODE */

      d = code[coptable[codevalue]];

      if (codevalue >= OP_TYPESTAR)

        {

        switch(d)

          {

          case OP_ANYBYTE: return PCRE2_ERROR_DFA_UITEM;

          case OP_NOTPROP:

          case OP_PROP: codevalue += OP_PROP_EXTRA; break;

          case OP_ANYNL: codevalue += OP_ANYNL_EXTRA; break;

          case OP_EXTUNI: codevalue += OP_EXTUNI_EXTRA; break;

          case OP_NOT_HSPACE:

          case OP_HSPACE: codevalue += OP_HSPACE_EXTRA; break;

          case OP_NOT_VSPACE:

          case OP_VSPACE: codevalue += OP_VSPACE_EXTRA; break;

          default: break;

          }

        }

      }

    else

      {

      dlen = 0;         /* Not strictly necessary, but compilers moan */

      d = NOTACHAR;     /* if these variables are not set. */

      }

    /* Now process the individual opcodes */

    switch (codevalue)

      {

/* ========================================================================== */

      /* These cases are never obeyed. This is a fudge that causes a compile-

      time error if the vectors coptable or poptable, which are indexed by

      opcode, are not the correct length. It seems to be the only way to do

      such a check at compile time, as the sizeof() operator does not work

      in the C preprocessor. */

      case OP_TABLE_LENGTH:

      case OP_TABLE_LENGTH +

        ((sizeof(coptable) == OP_TABLE_LENGTH) &&

         (sizeof(poptable) == OP_TABLE_LENGTH)):

      return 0;

/* ========================================================================== */

      /* Reached a closing bracket. If not at the end of the pattern, carry

      on with the next opcode. For repeating opcodes, also add the repeat

      state. Note that KETRPOS will always be encountered at the end of the

      subpattern, because the possessive subpattern repeats are always handled

      using recursive calls. Thus, it never adds any new states.

      At the end of the (sub)pattern, unless we have an empty string and

      PCRE2_NOTEMPTY is set, or PCRE2_NOTEMPTY_ATSTART is set and we are at the

      start of the subject, save the match data, shifting up all previous

      matches so we always have the longest first. */

      case OP_KET:

      case OP_KETRMIN:

      case OP_KETRMAX:

      case OP_KETRPOS:

      if (code != end_code)

        {

        ADD_ACTIVE(state_offset + 1 + LINK_SIZE, 0);

        if (codevalue != OP_KET)

          {

          ADD_ACTIVE(state_offset - (int)GET(code, 1), 0);

          }

        }

      else

        {

        if (ptr > current_subject ||

            ((mb->moptions & PCRE2_NOTEMPTY) == 0 &&

              ((mb->moptions & PCRE2_NOTEMPTY_ATSTART) == 0 ||

                current_subject > start_subject + mb->start_offset)))

          {

          if (match_count < 0) match_count = (offsetcount >= 2)? 1 : 0;

            else if (match_count > 0 && ++match_count * 2 > (int)offsetcount)

              match_count = 0;

          count = ((match_count == 0)? (int)offsetcount : match_count * 2) - 2;

          if (count > 0) (void)memmove(offsets + 2, offsets,

            (size_t)count * sizeof(PCRE2_SIZE));

          if (offsetcount >= 2)

            {

            offsets[0] = (PCRE2_SIZE)(current_subject - start_subject);

            offsets[1] = (PCRE2_SIZE)(ptr - start_subject);

            }

          if ((mb->moptions & PCRE2_DFA_SHORTEST) != 0) return match_count;

          }

        }

      break;

/* ========================================================================== */

      /* These opcodes add to the current list of states without looking

      at the current character. */

      /*-----------------------------------------------------------------*/

      case OP_ALT:

      do { code += GET(code, 1); } while (*code == OP_ALT);

      ADD_ACTIVE((int)(code - start_code), 0);

      break;

      /*-----------------------------------------------------------------*/

      case OP_BRA:

      case OP_SBRA:

      do

        {

        ADD_ACTIVE((int)(code - start_code + 1 + LINK_SIZE), 0);

        code += GET(code, 1);

        }

      while (*code == OP_ALT);

      break;

      /*-----------------------------------------------------------------*/

      case OP_CBRA:

      case OP_SCBRA:

      ADD_ACTIVE((int)(code - start_code + 1 + LINK_SIZE + IMM2_SIZE),  0);

      code += GET(code, 1);

      while (*code == OP_ALT)

        {

        ADD_ACTIVE((int)(code - start_code + 1 + LINK_SIZE),  0);

        code += GET(code, 1);

        }

      break;

      /*-----------------------------------------------------------------*/

      case OP_BRAZERO:

      case OP_BRAMINZERO:

      ADD_ACTIVE(state_offset + 1, 0);

      code += 1 + GET(code, 2);

      while (*code == OP_ALT) code += GET(code, 1);

      ADD_ACTIVE((int)(code - start_code + 1 + LINK_SIZE), 0);

      break;

      /*-----------------------------------------------------------------*/

      case OP_SKIPZERO:

      code += 1 + GET(code, 2);

      while (*code == OP_ALT) code += GET(code, 1);

      ADD_ACTIVE((int)(code - start_code + 1 + LINK_SIZE), 0);

      break;

      /*-----------------------------------------------------------------*/

      case OP_CIRC:

      if (ptr == start_subject && (mb->moptions & PCRE2_NOTBOL) == 0)

        { ADD_ACTIVE(state_offset + 1, 0); }

      break;

      /*-----------------------------------------------------------------*/