Cherry-pick two upstream patches to the ICU regex engine

The patches for the following upstream two bugs are cherry-picked:

  http://bugs.icu-project.org/trac/ticket/11369
  http://bugs.icu-project.org/trac/ticket/11370


BUG=422824,430353
TEST=See the bugs.
TBR=mbarbella

Review URL: https://codereview.chromium.org/732743002

git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/icu52@292943 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/README.chromium b/README.chromium
index 66dd3d8..d271b5c 100644
--- a/README.chromium
+++ b/README.chromium
@@ -238,3 +238,9 @@
 11. Cherry-pick an upstream patch to fix a bug in bidi.
     - patches/bidi.patch
     - upstream bug : http://bugs.icu-project.org/trac/ticket/11054
+
+12. Apply the following patch for regex
+   - patches/regex.patch
+   - upstream bugs : http://bugs.icu-project.org/trac/ticket/11369
+                     http://bugs.icu-project.org/trac/ticket/11370
+
diff --git a/source/i18n/regexcmp.cpp b/source/i18n/regexcmp.cpp
index 0ec6154..8f1504f 100644
--- a/source/i18n/regexcmp.cpp
+++ b/source/i18n/regexcmp.cpp
@@ -2133,6 +2133,10 @@
             int32_t patEnd   = fRXPat->fCompiledPat->size() - 1;
             int32_t minML    = minMatchLength(fMatchOpenParen, patEnd);
             int32_t maxML    = maxMatchLength(fMatchOpenParen, patEnd);
+            if (URX_TYPE(maxML) != 0) {
+                error(U_REGEX_LOOK_BEHIND_LIMIT);
+                break;
+            }
             if (maxML == INT32_MAX) {
                 error(U_REGEX_LOOK_BEHIND_LIMIT);
                 break;
@@ -2166,6 +2170,10 @@
             int32_t patEnd   = fRXPat->fCompiledPat->size() - 1;
             int32_t minML    = minMatchLength(fMatchOpenParen, patEnd);
             int32_t maxML    = maxMatchLength(fMatchOpenParen, patEnd);
+            if (URX_TYPE(maxML) != 0) {
+                error(U_REGEX_LOOK_BEHIND_LIMIT);
+                break;
+            }
             if (maxML == INT32_MAX) {
                 error(U_REGEX_LOOK_BEHIND_LIMIT);
                 break;
@@ -2329,7 +2337,15 @@
     int32_t   topOfBlock = blockTopLoc(FALSE);
     if (fIntervalUpper == 0) {
         // Pathological case.  Attempt no matches, as if the block doesn't exist.
+        // Discard the generated code for the block.
+        // If the block included parens, discard the info pertaining to them as well.
         fRXPat->fCompiledPat->setSize(topOfBlock);
+        if (fMatchOpenParen >= topOfBlock) {
+            fMatchOpenParen = -1;
+        }
+        if (fMatchCloseParen >= topOfBlock) {
+            fMatchCloseParen = -1;
+        }
         return TRUE;
     }
 
diff --git a/source/i18n/regexcmp.h b/source/i18n/regexcmp.h
index 0041beb..5d526be 100644
--- a/source/i18n/regexcmp.h
+++ b/source/i18n/regexcmp.h
@@ -182,7 +182,9 @@
     int32_t                       fMatchOpenParen;   // The position in the compiled pattern
                                                      //   of the slot reserved for a state save
                                                      //   at the start of the most recently processed
-                                                     //   parenthesized block.
+                                                     //   parenthesized block. Updated when processing
+                                                     //   a close to the location for the corresponding open.
+
     int32_t                       fMatchCloseParen;  // The position in the pattern of the first
                                                      //   location after the most recently processed
                                                      //   parenthesized block.
diff --git a/source/test/testdata/regextst.txt b/source/test/testdata/regextst.txt
index 5716ab5..f0b00ab 100644
--- a/source/test/testdata/regextst.txt
+++ b/source/test/testdata/regextst.txt
@@ -1173,6 +1173,24 @@
 "(?<=(?:){11})bc"                "<0>bc</0>"          # Empty (?:) expression.
 
 
+# Bug 11369
+#   Incorrect optimization of patterns with a zero length quantifier {0}
+
+"(.|b)(|b){0}\$(?#xxx){3}(?>\D*)"   "AAAAABBBBBCCCCCDDDDEEEEE"
+"(|b)ab(c)"                     "<0><1></1>ab<2>c</2></0>"
+"(|b){0}a{3}(D*)"               "<0>aaa<2></2></0>"
+"(|b){0,1}a{3}(D*)"             "<0><1></1>aaa<2></2></0>"
+"((|b){0})a{3}(D*)"             "<0><1></1>aaa<3></3></0>"
+
+# Bug 11370
+#   Max match length computation of look-behind expression gives result that is too big to fit in the
+#   in the 24 bit operand portion of the compiled code. Expressions should fail to compile
+#   (Look-behind match length must be bounded. This case is treated as unbounded, an error.)
+
+"(?<!(0123456789a){10000000})x"         E  "no match"
+"(?<!\\ubeaf(\\ubeaf{11000}){11000})"   E  "no match"
+
+
 #  Random debugging, Temporary
 #
 #"^(?:a?b?)*$"	                  "a--"