3 files changed, 28 insertions, 24 deletions

diff --git a/mysql-test/main/func_regexp_pcre.result b/mysql-test/main/func_regexp_pcre.result
index 5443450d5a1..3b0688fc70e 100644
--- a/mysql-test/main/func_regexp_pcre.result
+++ b/mysql-test/main/func_regexp_pcre.result
@@ -884,20 +884,6 @@ CAST(0xE001 AS BINARY) REGEXP @regCheck
 1
 # MDEV-12420: Testing recursion overflow
 SELECT 1 FROM dual WHERE ('Alpha,Bravo,Charlie,Delta,Echo,Foxtrot,StrataCentral,Golf,Hotel,India,Juliet,Kilo,Lima,Mike,StrataL3,November,Oscar,StrataL2,Sand,P3,P4SwitchTest,Arsys,Poppa,ExtensionMgr,Arp,Quebec,Romeo,StrataApiV2,PtReyes,Sierra,SandAcl,Arrow,Artools,BridgeTest,Tango,SandT,PAlaska,Namespace,Agent,Qos,PatchPanel,ProjectReport,Ark,Gimp,Agent,SliceAgent,Arnet,Bgp,Ale,Tommy,Central,AsicPktTestLib,Hsc,SandL3,Abuild,Pca9555,Standby,ControllerDut,CalSys,SandLib,Sb820,PointV2,BfnLib,Evpn,BfnSdk,Sflow,ManagementActive,AutoTest,GatedTest,Bgp,Sand,xinetd,BfnAgentLib,bf-utils,Hello,BfnState,Eos,Artest,Qos,Scd,ThermoMgr,Uniform,EosUtils,Eb,FanController,Central,BfnL3,BfnL2,tcp_wrappers,Victor,Environment,Route,Failover,Whiskey,Xray,Gimp,BfnFixed,Strata,SoCal,XApi,Msrp,XpProfile,tcpdump,PatchPanel,ArosTest,FhTest,Arbus,XpAcl,MacConc,XpApi,telnet,QosTest,Alpha2,BfnVlan,Stp,VxlanControllerTest,MplsAgent,Bravo2,Lanz,BfnMbb,Intf,XCtrl,Unicast,SandTunnel,L3Unicast,Ipsec,MplsTest,Rsvp,EthIntf,StageMgr,Sol,MplsUtils,Nat,Ira,P4NamespaceDut,Counters,Charlie2,Aqlc,Mlag,Power,OpenFlow,Lag,RestApi,BfdTest,strongs,Sfa,CEosUtils,Adt746,MaintenanceMode,MlagDut,EosImage,IpEth,MultiProtocol,Launcher,Max3179,Snmp,Acl,IpEthTest,PhyEee,bf-syslibs,tacc,XpL2,p4-ar-switch,p4-bf-switch,LdpTest,BfnPhy,Mirroring,Phy6,Ptp'  REGEXP '^((?!\b(Strata|StrataApi|StrataApiV2)\b).)*$');
-1
-1
-SELECT CONCAT(REPEAT('100,',200),'101') RLIKE '^(([1-9][0-9]*),)*[1-9][0-9]*$';
-CONCAT(REPEAT('100,',200),'101') RLIKE '^(([1-9][0-9]*),)*[1-9][0-9]*$'
-1
-SELECT REGEXP_INSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$');
-REGEXP_INSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$')
-1
-SELECT LENGTH(REGEXP_SUBSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$'));
-LENGTH(REGEXP_SUBSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$'))
-803
-SELECT LENGTH(REGEXP_REPLACE(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$', ''));
-LENGTH(REGEXP_REPLACE(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$', ''))
-0
 SELECT REGEXP_INSTR('a_kollision', 'oll');
 REGEXP_INSTR('a_kollision', 'oll')
 4
diff --git a/mysql-test/main/func_regexp_pcre.test b/mysql-test/main/func_regexp_pcre.test
index 32ca12876a4..3851caf8917 100644
--- a/mysql-test/main/func_regexp_pcre.test
+++ b/mysql-test/main/func_regexp_pcre.test
@@ -368,6 +368,8 @@ SELECT 'a\nb' RLIKE 'a.b';
 SELECT 'a\nb' RLIKE '(?-s)a.b';
 SET default_regex_flags=DEFAULT;
 
+# note that old pcre2 reports a different offset
+--replace_result 29 30
 --error ER_REGEXP_ERROR
 SELECT REGEXP_SUBSTR('Monday Mon','^((?<DN>Mon|Fri|Sun)day|(?<DN>Tue)sday).*(?P=DN)$');
 SET default_regex_flags='DUPNAMES';
@@ -432,15 +434,14 @@ SET @regCheck= '\\xE0\\x01';
 SELECT CAST(0xE001 AS BINARY) REGEXP @regCheck;
 
 --echo # MDEV-12420: Testing recursion overflow
+# pcre2 < 10.30 relies on stack, we limit recursion depth, REGEXP fails
+# newer pcre2 uses heap, no need (and no way) to limit recursion, REGEXP succeeds
+# we just test that it doesn't crash with a stack overflow
+--disable_warnings
+--disable_result_log
 SELECT 1 FROM dual WHERE ('Alpha,Bravo,Charlie,Delta,Echo,Foxtrot,StrataCentral,Golf,Hotel,India,Juliet,Kilo,Lima,Mike,StrataL3,November,Oscar,StrataL2,Sand,P3,P4SwitchTest,Arsys,Poppa,ExtensionMgr,Arp,Quebec,Romeo,StrataApiV2,PtReyes,Sierra,SandAcl,Arrow,Artools,BridgeTest,Tango,SandT,PAlaska,Namespace,Agent,Qos,PatchPanel,ProjectReport,Ark,Gimp,Agent,SliceAgent,Arnet,Bgp,Ale,Tommy,Central,AsicPktTestLib,Hsc,SandL3,Abuild,Pca9555,Standby,ControllerDut,CalSys,SandLib,Sb820,PointV2,BfnLib,Evpn,BfnSdk,Sflow,ManagementActive,AutoTest,GatedTest,Bgp,Sand,xinetd,BfnAgentLib,bf-utils,Hello,BfnState,Eos,Artest,Qos,Scd,ThermoMgr,Uniform,EosUtils,Eb,FanController,Central,BfnL3,BfnL2,tcp_wrappers,Victor,Environment,Route,Failover,Whiskey,Xray,Gimp,BfnFixed,Strata,SoCal,XApi,Msrp,XpProfile,tcpdump,PatchPanel,ArosTest,FhTest,Arbus,XpAcl,MacConc,XpApi,telnet,QosTest,Alpha2,BfnVlan,Stp,VxlanControllerTest,MplsAgent,Bravo2,Lanz,BfnMbb,Intf,XCtrl,Unicast,SandTunnel,L3Unicast,Ipsec,MplsTest,Rsvp,EthIntf,StageMgr,Sol,MplsUtils,Nat,Ira,P4NamespaceDut,Counters,Charlie2,Aqlc,Mlag,Power,OpenFlow,Lag,RestApi,BfdTest,strongs,Sfa,CEosUtils,Adt746,MaintenanceMode,MlagDut,EosImage,IpEth,MultiProtocol,Launcher,Max3179,Snmp,Acl,IpEthTest,PhyEee,bf-syslibs,tacc,XpL2,p4-ar-switch,p4-bf-switch,LdpTest,BfnPhy,Mirroring,Phy6,Ptp'  REGEXP '^((?!\b(Strata|StrataApi|StrataApiV2)\b).)*$');
-
-#
-# MDEV-13173 An RLIKE that previously worked on 10.0 now returns "Got error 'pcre_exec: recursion limit of 100 exceeded' from regexp"
-#
-SELECT CONCAT(REPEAT('100,',200),'101') RLIKE '^(([1-9][0-9]*),)*[1-9][0-9]*$';
-SELECT REGEXP_INSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$');
-SELECT LENGTH(REGEXP_SUBSTR(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$'));
-SELECT LENGTH(REGEXP_REPLACE(CONCAT(REPEAT('100,',200),'101'), '^(([1-9][0-9]*),)*[1-9][0-9]*$', ''));
+--enable_result_log
+--enable_warnings
 
 #
 # MDEV-12942 REGEXP_INSTR returns 1 when using brackets
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index b6acbee37f9..4090c39e5e0 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -5898,9 +5898,18 @@ bool Regexp_processor_pcre::compile(String *pattern, bool send_error)
   if (!(pattern= convert_if_needed(pattern, &pattern_converter)))
     return true;
 
+  pcre2_compile_context *cctx= NULL;
+#ifndef pcre2_set_depth_limit
+  // old pcre2 uses stack - put a limit on that (new pcre2 prefers heap)
+  cctx= pcre2_compile_context_create(NULL);
+  pcre2_set_compile_recursion_guard(cctx, [](uint32_t cur, void *end) -> int
+    { return available_stack_size(&cur, end) < STACK_MIN_SIZE; },
+    current_thd->mysys_var->stack_ends_here);
+#endif
   m_pcre= pcre2_compile((PCRE2_SPTR8) pattern->ptr(), pattern->length(),
                         m_library_flags,
-                        &pcreErrorNumber, &pcreErrorOffset, NULL);
+                        &pcreErrorNumber, &pcreErrorOffset, cctx);
+  pcre2_compile_context_free(cctx); // NULL is ok here
 
   if (unlikely(m_pcre == NULL))
   {
@@ -5964,8 +5973,16 @@ int Regexp_processor_pcre::pcre_exec_with_warn(const pcre2_code *code,
                                                int length, int startoffset,
                                                int options)
 {
+  pcre2_match_context *mctx= NULL;
+#ifndef pcre2_set_depth_limit
+  // old pcre2 uses stack - put a limit on that (new pcre2 prefers heap)
+  mctx= pcre2_match_context_create(NULL);
+  pcre2_set_recursion_limit(mctx,
+    available_stack_size(&mctx, current_thd->mysys_var->stack_ends_here)/544);
+#endif
   int rc= pcre2_match(code, (PCRE2_SPTR8) subject, (PCRE2_SIZE) length,
-                      (PCRE2_SIZE) startoffset, options, data, NULL);
+                      (PCRE2_SIZE) startoffset, options, data, mctx);
+  pcre2_match_context_free(mctx); // NULL is ok here
   DBUG_EXECUTE_IF("pcre_exec_error_123", rc= -123;);
   if (unlikely(rc < PCRE2_ERROR_NOMATCH))
   {