Fix a crash which occurs when the character type of an invalid UTF character is decoded in JIT.

Author: Zoltán Herczeg

ChangeLog

@@ -63,6 +63,9 @@ If the limit is reached, it just gives up trying for this optimization.
 16. The control verb chain list must always be restored when exiting from a
 recurse function in JIT.
 
+17. Fix a crash which occurs when the character type of an invalid UTF
+character is decoded in JIT.
+
 
 Version 10.34 21-November-2019
 ------------------------------

src/pcre2_jit_compile.c

@@ -7224,7 +7224,13 @@ cc = ccbegin;
 if ((cc[-1] & XCL_NOT) != 0)
   read_char(common, min, max, backtracks, READ_CHAR_UPDATE_STR_PTR);
 else
+  {
+#ifdef SUPPORT_UNICODE
+  read_char(common, min, max, (needstype || needsscript) ? backtracks : NULL, 0);
+#else /* !SUPPORT_UNICODE */
   read_char(common, min, max, NULL, 0);
+#endif /* SUPPORT_UNICODE */
+  }
 
 if ((cc[-1] & XCL_HASPROP) == 0)
   {

src/pcre2_jit_test.c

@@ -1965,6 +1965,8 @@ static struct invalid_utf8_regression_test_case invalid_utf8_regression_test_cas
 	{ PCRE2_UTF, CI, 0, 0, 0, 4, 8, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7#\xc7\x85#" },
 	{ PCRE2_UTF, CI, 0, 0, 0, 7, 11, { "#\xc7\x85#", NULL }, "\x80\x80#\xc7\x80\x80\x80#\xc7\x85#" },
 
+	{ PCRE2_UTF | PCRE2_UCP, CI, 0, 0, 0, -1, -1, { "[\\s]", NULL }, "\xed\xa0\x80" },
+
 	/* These two are not invalid UTF tests, but this infrastructure fits better for them. */
 	{ 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\X{2}", NULL }, "\r\n\n" },
 	{ 0, PCRE2_JIT_COMPLETE, 0, 0, 1, -1, -1, { "\\R{2}", NULL }, "\r\n\n" },