From 378091e434d66dcc7081f991a07db2244dbb8cda Mon Sep 17 00:00:00 2001 From: Dmitry Shulga Date: Fri, 4 Feb 2011 10:47:46 +0600 Subject: Fixed bug#58026 - massive recursion and crash in regular expression handling. The problem was that parsing of nested regular expression involved recursive calls. Such recursion didn't take into account the amount of available stack space, which ended up leading to stack overflow crashes. mysql-test/t/not_embedded_server.test: Added test for bug#58026. regex/my_regex.h: added pointer to function as last argument of my_regex_init() for check enough memory in stack. regex/regcomp.c: p_ere() was modified: added call to function for check enough memory in stack. Function for check available stack space specified by global variable my_regex_enough_mem_in_stack. This variable set to NULL for embedded mysqld and to a pointer to function check_enough_stack_size otherwise. regex/reginit.c: my_regex_init was modified: pass a pointer to a function for check enough memory in stack space. Reset this pointer to NULL in my_regex_end. sql/mysqld.cc: Added function check_enough_stack_size() for check enough memory in stack. Passed this function as second argument to my_regex_init. For embedded mysqld passed NULL as second argument. --- mysql-test/r/not_embedded_server.result | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'mysql-test/r/not_embedded_server.result') diff --git a/mysql-test/r/not_embedded_server.result b/mysql-test/r/not_embedded_server.result index 60c92bd0196..7219e29b2a6 100644 --- a/mysql-test/r/not_embedded_server.result +++ b/mysql-test/r/not_embedded_server.result @@ -4,3 +4,7 @@ select 1; SHOW VARIABLES like 'slave_skip_errors'; Variable_name Value slave_skip_errors OFF +# +# Bug#58026: massive recursion and crash in regular expression handling +# +SELECT '1' RLIKE RPAD('1', 10000, '('); -- cgit v1.2.1