diff options
| author | Neeraj Bisht <neeraj.x.bisht@oracle.com> | 2013-01-14 14:59:48 +0530 |
|---|---|---|
| committer | Neeraj Bisht <neeraj.x.bisht@oracle.com> | 2013-01-14 14:59:48 +0530 |
| commit | 99645e5be59145bcab2fe36aefde4224e6e69961 (patch) | |
| tree | 0b998acedd66459a904e80d06ccf91edbeef36ca | |
| parent | 54c47527e25f7ebe8c0d995b4a9a1bea901047a9 (diff) | |
| download | mariadb-git-99645e5be59145bcab2fe36aefde4224e6e69961.tar.gz | |
BUG#14303860 - EXECUTING A SELECT QUERY WITH TOO
MANY WILDCARDS CAUSES A SEGFAULT
Back port from 5.6 and trunk
| -rw-r--r-- | include/m_ctype.h | 2 | ||||
| -rw-r--r-- | regex/my_regex.h | 2 | ||||
| -rw-r--r-- | regex/regcomp.c | 2 | ||||
| -rw-r--r-- | sql/mysqld.cc | 22 | ||||
| -rw-r--r-- | strings/ctype-bin.c | 27 | ||||
| -rw-r--r-- | strings/ctype-mb.c | 50 | ||||
| -rw-r--r-- | strings/ctype-simple.c | 26 | ||||
| -rw-r--r-- | strings/ctype-uca.c | 26 | ||||
| -rw-r--r-- | strings/ctype-utf8.c | 33 | ||||
| -rw-r--r-- | strings/ctype.c | 2 |
10 files changed, 145 insertions, 47 deletions
diff --git a/include/m_ctype.h b/include/m_ctype.h index d58081ec19e..b36fdbe6d68 100644 --- a/include/m_ctype.h +++ b/include/m_ctype.h @@ -132,6 +132,8 @@ enum my_lex_states struct charset_info_st; +extern int (*my_string_stack_guard)(int); + /* See strings/CHARSET_INFO.txt for information about this structure */ typedef struct my_collation_handler_st { diff --git a/regex/my_regex.h b/regex/my_regex.h index 30896e29b91..1f96b8c461e 100644 --- a/regex/my_regex.h +++ b/regex/my_regex.h @@ -28,7 +28,7 @@ typedef struct { /* === regcomp.c === */ -typedef int (*my_regex_stack_check_t)(); +typedef int (*my_regex_stack_check_t)(int); extern int my_regcomp(my_regex_t *, const char *, int, CHARSET_INFO *charset); #define REG_BASIC 0000 #define REG_EXTENDED 0001 diff --git a/regex/regcomp.c b/regex/regcomp.c index e163a9ba7f4..c0fb93917a4 100644 --- a/regex/regcomp.c +++ b/regex/regcomp.c @@ -227,7 +227,7 @@ int stop; /* character this ERE should end at */ while (MORE() && (c = PEEK()) != '|' && c != stop) { if (my_regex_enough_mem_in_stack && - my_regex_enough_mem_in_stack()) + my_regex_enough_mem_in_stack(0)) { SETERROR(REG_ESPACE); return; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 3b43217dd2f..b7da50606dd 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2898,14 +2898,25 @@ sizeof(load_default_groups)/sizeof(load_default_groups[0]); #ifndef EMBEDDED_LIBRARY -static -int -check_enough_stack_size() +/** + This function is used to check for stack overrun for pathological + cases of regular expressions and 'like' expressions. + The call to current_thd is quite expensive, so we try to avoid it + for the normal cases. + The size of each stack frame for the wildcmp() routines is ~128 bytes, + so checking *every* recursive call is not necessary. + */ +extern "C" int +check_enough_stack_size(int recurse_level) { uchar stack_top; + if (recurse_level % 16 != 0) + return 0; - return check_stack_overrun(current_thd, STACK_MIN_SIZE, - &stack_top); + THD *my_thd= current_thd; + if (my_thd != NULL) + return check_stack_overrun(my_thd, STACK_MIN_SIZE * 2, &stack_top); + return 0; } #endif @@ -3293,6 +3304,7 @@ static int init_common_variables(const char *conf_file_name, int argc, #ifdef USE_REGEX #ifndef EMBEDDED_LIBRARY my_regex_init(&my_charset_latin1, check_enough_stack_size); + my_string_stack_guard= check_enough_stack_size; #else my_regex_init(&my_charset_latin1, NULL); #endif diff --git a/strings/ctype-bin.c b/strings/ctype-bin.c index 424549de9b2..f2d2d4a950f 100644 --- a/strings/ctype-bin.c +++ b/strings/ctype-bin.c @@ -323,13 +323,16 @@ void my_hash_sort_bin(CHARSET_INFO *cs __attribute__((unused)), #define INC_PTR(cs,A,B) (A)++ -int my_wildcmp_bin(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many) +static +int my_wildcmp_bin_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, int recurse_level) { int result= -1; /* Not found, using wildcards */ - + + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (*wildstr != w_many && *wildstr != w_one) @@ -388,8 +391,8 @@ int my_wildcmp_bin(CHARSET_INFO *cs, if (str++ == str_end) return(-1); { - int tmp=my_wildcmp_bin(cs,str,str_end,wildstr,wildend,escape,w_one, - w_many); + int tmp=my_wildcmp_bin_impl(cs,str,str_end,wildstr,wildend,escape,w_one, + w_many, recurse_level + 1); if (tmp <= 0) return(tmp); } @@ -400,6 +403,16 @@ int my_wildcmp_bin(CHARSET_INFO *cs, return(str != str_end ? 1 : 0); } +int my_wildcmp_bin(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many) +{ + return my_wildcmp_bin_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, 1); +} + static size_t my_strnxfrm_bin(CHARSET_INFO *cs __attribute__((unused)), uchar *dest, size_t dstlen, diff --git a/strings/ctype-mb.c b/strings/ctype-mb.c index 76dae6762af..92d7b5f48c8 100644 --- a/strings/ctype-mb.c +++ b/strings/ctype-mb.c @@ -148,13 +148,16 @@ int my_strcasecmp_mb(CHARSET_INFO * cs,const char *s, const char *t) #define likeconv(s,A) (uchar) (s)->sort_order[(uchar) (A)] -int my_wildcmp_mb(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many) +static +int my_wildcmp_mb_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, int recurse_level) { int result= -1; /* Not found, using wildcards */ + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (*wildstr != w_many && *wildstr != w_one) @@ -243,8 +246,8 @@ int my_wildcmp_mb(CHARSET_INFO *cs, INC_PTR(cs,str, str_end); } { - int tmp=my_wildcmp_mb(cs,str,str_end,wildstr,wildend,escape,w_one, - w_many); + int tmp=my_wildcmp_mb_impl(cs,str,str_end,wildstr,wildend,escape,w_one, + w_many, recurse_level + 1); if (tmp <= 0) return (tmp); } @@ -255,6 +258,16 @@ int my_wildcmp_mb(CHARSET_INFO *cs, return (str != str_end ? 1 : 0); } +int my_wildcmp_mb(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many) +{ + return my_wildcmp_mb_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, 1); +} + size_t my_numchars_mb(CHARSET_INFO *cs __attribute__((unused)), const char *pos, const char *end) @@ -697,13 +710,15 @@ fill_max_and_min: } -static int my_wildcmp_mb_bin(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many) +static int my_wildcmp_mb_bin_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, int recurse_level) { int result= -1; /* Not found, using wildcards */ + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (*wildstr != w_many && *wildstr != w_one) @@ -790,7 +805,9 @@ static int my_wildcmp_mb_bin(CHARSET_INFO *cs, INC_PTR(cs,str, str_end); } { - int tmp=my_wildcmp_mb_bin(cs,str,str_end,wildstr,wildend,escape,w_one,w_many); + int tmp=my_wildcmp_mb_bin_impl(cs,str,str_end, + wildstr,wildend,escape, + w_one,w_many, recurse_level+1); if (tmp <= 0) return (tmp); } @@ -801,6 +818,17 @@ static int my_wildcmp_mb_bin(CHARSET_INFO *cs, return (str != str_end ? 1 : 0); } +int +my_wildcmp_mb_bin(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many) +{ + return my_wildcmp_mb_bin_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, 1); +} + /* Data was produced from EastAsianWidth.txt diff --git a/strings/ctype-simple.c b/strings/ctype-simple.c index 2193e155f1f..082868600b2 100644 --- a/strings/ctype-simple.c +++ b/strings/ctype-simple.c @@ -952,13 +952,16 @@ cnv: #define INC_PTR(cs,A,B) (A)++ -int my_wildcmp_8bit(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many) +static +int my_wildcmp_8bit_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, int recurse_level) { int result= -1; /* Not found, using wildcards */ + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (*wildstr != w_many && *wildstr != w_one) @@ -1018,8 +1021,9 @@ int my_wildcmp_8bit(CHARSET_INFO *cs, str++; if (str++ == str_end) return(-1); { - int tmp=my_wildcmp_8bit(cs,str,str_end,wildstr,wildend,escape,w_one, - w_many); + int tmp=my_wildcmp_8bit_impl(cs,str,str_end, + wildstr,wildend,escape,w_one, + w_many, recurse_level+1); if (tmp <= 0) return(tmp); } @@ -1030,6 +1034,16 @@ int my_wildcmp_8bit(CHARSET_INFO *cs, return(str != str_end ? 1 : 0); } +int my_wildcmp_8bit(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many) +{ + return my_wildcmp_8bit_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, 1); +} + /* ** Calculate min_str and max_str that ranges a LIKE string. diff --git a/strings/ctype-uca.c b/strings/ctype-uca.c index ff97a750c8a..26a3bac7964 100644 --- a/strings/ctype-uca.c +++ b/strings/ctype-uca.c @@ -7328,10 +7328,10 @@ static int my_uca_charcmp(CHARSET_INFO *cs, my_wc_t wc1, my_wc_t wc2) */ static -int my_wildcmp_uca(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many) +int my_wildcmp_uca_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, int recurse_level) { int result= -1; /* Not found, using wildcards */ my_wc_t s_wc, w_wc; @@ -7339,7 +7339,9 @@ int my_wildcmp_uca(CHARSET_INFO *cs, int (*mb_wc)(struct charset_info_st *, my_wc_t *, const uchar *, const uchar *); mb_wc= cs->cset->mb_wc; - + + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (1) @@ -7446,8 +7448,8 @@ int my_wildcmp_uca(CHARSET_INFO *cs, if (str == str_end) return -1; - result= my_wildcmp_uca(cs, str, str_end, wildstr, wildend, - escape, w_one, w_many); + result= my_wildcmp_uca_impl(cs, str, str_end, wildstr, wildend, + escape, w_one, w_many, recurse_level+1); if (result <= 0) return result; @@ -7459,6 +7461,16 @@ int my_wildcmp_uca(CHARSET_INFO *cs, return (str != str_end ? 1 : 0); } +int my_wildcmp_uca(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many) +{ + return my_wildcmp_uca_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, 1); +} + /* Collation language is implemented according to diff --git a/strings/ctype-utf8.c b/strings/ctype-utf8.c index a0e69feedab..004a09866aa 100644 --- a/strings/ctype-utf8.c +++ b/strings/ctype-utf8.c @@ -1889,11 +1889,12 @@ MY_UNICASE_INFO *my_unicase_turkish[256]= ** 1 if matched with wildcard */ -int my_wildcmp_unicode(CHARSET_INFO *cs, - const char *str,const char *str_end, - const char *wildstr,const char *wildend, - int escape, int w_one, int w_many, - MY_UNICASE_INFO **weights) +static +int my_wildcmp_unicode_impl(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, + MY_UNICASE_INFO **weights, int recurse_level) { int result= -1; /* Not found, using wildcards */ my_wc_t s_wc, w_wc; @@ -1901,7 +1902,9 @@ int my_wildcmp_unicode(CHARSET_INFO *cs, int (*mb_wc)(struct charset_info_st *, my_wc_t *, const uchar *, const uchar *); mb_wc= cs->cset->mb_wc; - + + if (my_string_stack_guard && my_string_stack_guard(recurse_level)) + return 1; while (wildstr != wildend) { while (1) @@ -2027,9 +2030,9 @@ int my_wildcmp_unicode(CHARSET_INFO *cs, return -1; str+= scan; - result= my_wildcmp_unicode(cs, str, str_end, wildstr, wildend, - escape, w_one, w_many, - weights); + result= my_wildcmp_unicode_impl(cs, str, str_end, wildstr, wildend, + escape, w_one, w_many, + weights, recurse_level+1); if (result <= 0) return result; } @@ -2038,6 +2041,18 @@ int my_wildcmp_unicode(CHARSET_INFO *cs, return (str != str_end ? 1 : 0); } +int +my_wildcmp_unicode(CHARSET_INFO *cs, + const char *str,const char *str_end, + const char *wildstr,const char *wildend, + int escape, int w_one, int w_many, + MY_UNICASE_INFO **weights) +{ + return my_wildcmp_unicode_impl(cs, str, str_end, + wildstr, wildend, + escape, w_one, w_many, weights, 1); +} + #endif diff --git a/strings/ctype.c b/strings/ctype.c index 8786eb3e889..ecb827cc778 100644 --- a/strings/ctype.c +++ b/strings/ctype.c @@ -41,6 +41,8 @@ */ +int (*my_string_stack_guard)(int)= NULL; + static char *mstr(char *str,const char *src,size_t l1,size_t l2) { l1= l1<l2 ? l1 : l2; |