From: Dmitry Shulga Date: February 3 2011 10:28am Subject: bzr commit into mysql-5.5 branch (Dmitry.Shulga:3300) Bug#58026 List-Archive: http://lists.mysql.com/commits/130309 X-Bug: 58026 Message-Id: <201102031029.p13ATEPb010074@rcsinet13.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9222547933333821231==" --===============9222547933333821231== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///Users/shulga/projects/mysql/mysql-5.5/ based on revid:georgi.kodinov@stripped 3300 Dmitry Shulga 2011-02-03 [merge] Merge from mysql-5.1 for bug#58026. modified: mysql-test/r/not_embedded_server.result mysql-test/t/not_embedded_server.test regex/my_regex.h regex/regcomp.c regex/reginit.c sql/mysqld.cc === modified file 'mysql-test/r/not_embedded_server.result' --- a/mysql-test/r/not_embedded_server.result 2011-01-07 12:08:05 +0000 +++ b/mysql-test/r/not_embedded_server.result 2011-02-03 10:26:24 +0000 @@ -3,6 +3,10 @@ SHOW VARIABLES like 'slave_skip_errors'; Variable_name Value slave_skip_errors OFF # +# Bug#58026: massive recursion and crash in regular expression handling +# +SELECT '1' RLIKE RPAD('1', 10000, '('); +# # WL#4284: Transactional DDL locking # # FLUSH PRIVILEGES should not implicitly unlock locked tables. === modified file 'mysql-test/t/not_embedded_server.test' --- a/mysql-test/t/not_embedded_server.test 2011-01-07 12:08:05 +0000 +++ b/mysql-test/t/not_embedded_server.test 2011-02-03 10:26:24 +0000 @@ -14,6 +14,16 @@ call mtr.add_suppression("Can't open and SHOW VARIABLES like 'slave_skip_errors'; +--echo # +--echo # Bug#58026: massive recursion and crash in regular expression handling +--echo # + +--disable_result_log +--error ER_STACK_OVERRUN_NEED_MORE +SELECT '1' RLIKE RPAD('1', 10000, '('); +--enable_result_log + + # End of 5.1 tests --echo # === modified file 'regex/my_regex.h' --- a/regex/my_regex.h 2005-09-29 00:08:24 +0000 +++ b/regex/my_regex.h 2011-02-03 09:28:04 +0000 @@ -28,6 +28,7 @@ typedef struct { /* === regcomp.c === */ +typedef int (*my_regex_stack_check_t)(); extern int my_regcomp(my_regex_t *, const char *, int, CHARSET_INFO *charset); #define REG_BASIC 0000 #define REG_EXTENDED 0001 @@ -76,7 +77,8 @@ extern void my_regfree(my_regex_t *); /* === reginit.c === */ -extern void my_regex_init(CHARSET_INFO *cs); /* Should be called for multithread progs */ +/* Should be called for multithread progs */ +extern void my_regex_init(CHARSET_INFO *cs, my_regex_stack_check_t func); extern void my_regex_end(void); /* If one wants a clean end */ #ifdef __cplusplus === modified file 'regex/regcomp.c' --- a/regex/regcomp.c 2010-07-23 20:16:29 +0000 +++ b/regex/regcomp.c 2011-02-03 10:26:24 +0000 @@ -31,6 +31,9 @@ struct parse { CHARSET_INFO *charset; /* for ctype things */ }; +/* Check if there is enough stack space for recursion. */ +my_regex_stack_check_t my_regex_enough_mem_in_stack= NULL; + #include "regcomp.ih" static char nuls[10]; /* place to point scanner in event of error */ @@ -117,7 +120,7 @@ CHARSET_INFO *charset; # define GOODFLAGS(f) ((f)&~REG_DUMP) #endif - my_regex_init(charset); /* Init cclass if neaded */ + my_regex_init(charset, NULL); /* Init cclass if neaded */ preg->charset=charset; cflags = GOODFLAGS(cflags); if ((cflags®_EXTENDED) && (cflags®_NOSPEC)) @@ -222,7 +225,15 @@ int stop; /* character this ERE should /* do a bunch of concatenated expressions */ conc = HERE(); while (MORE() && (c = PEEK()) != '|' && c != stop) - p_ere_exp(p); + { + if (my_regex_enough_mem_in_stack && + my_regex_enough_mem_in_stack()) + { + SETERROR(REG_ESPACE); + return; + } + p_ere_exp(p); + } if(REQUIRE(HERE() != conc, REG_EMPTY)) {}/* require nonempty */ if (!EAT('|')) === modified file 'regex/reginit.c' --- a/regex/reginit.c 2008-02-18 22:29:39 +0000 +++ b/regex/reginit.c 2011-02-03 09:28:04 +0000 @@ -4,10 +4,12 @@ #include #include #include "cclass.h" +#include "my_regex.h" static my_bool regex_inited=0; +extern my_regex_stack_check_t my_regex_enough_mem_in_stack; -void my_regex_init(CHARSET_INFO *cs) +void my_regex_init(CHARSET_INFO *cs, my_regex_stack_check_t func) { char buff[CCLASS_LAST][256]; int count[CCLASS_LAST]; @@ -16,6 +18,7 @@ void my_regex_init(CHARSET_INFO *cs) if (!regex_inited) { regex_inited=1; + my_regex_enough_mem_in_stack= func; bzero((uchar*) &count,sizeof(count)); for (i=1 ; i<= 255; i++) @@ -74,6 +77,7 @@ void my_regex_end() int i; for (i=0; i < CCLASS_LAST ; i++) free((char*) cclasses[i].chars); + my_regex_enough_mem_in_stack= NULL; regex_inited=0; } } === modified file 'sql/mysqld.cc' --- a/sql/mysqld.cc 2011-02-02 18:13:28 +0000 +++ b/sql/mysqld.cc 2011-02-03 10:26:24 +0000 @@ -2879,6 +2879,19 @@ sizeof(load_default_groups)/sizeof(load_ #endif +#ifndef EMBEDDED_LIBRARY +static +int +check_enough_stack_size() +{ + uchar stack_top; + + return check_stack_overrun(current_thd, STACK_MIN_SIZE, + &stack_top); +} +#endif + + /** Initialize one of the global date/time format variables. @@ -3340,7 +3353,11 @@ static int init_common_variables() if (item_create_init()) return 1; item_init(); - my_regex_init(&my_charset_latin1); +#ifndef EMBEDDED_LIBRARY + my_regex_init(&my_charset_latin1, check_enough_stack_size); +#else + my_regex_init(&my_charset_latin1, NULL); +#endif /* Process a comma-separated character set list and choose the first available character set. This is mostly for --===============9222547933333821231== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/dmitry.shulga@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: dmitry.shulga@stripped\ # y3qfwe7z2daej1qr # target_branch: file:///Users/shulga/projects/mysql/mysql-5.5/ # testament_sha1: 2848cf7a323035a3295ee5570544e2767e44631f # timestamp: 2011-02-03 16:28:20 +0600 # source_branch: file:///Users/shulga/projects/mysql/mysql-5.1-\ # bug58887/ # base_revision_id: georgi.kodinov@stripped\ # hi05so9jg3q05486 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWZOPeOwACYz/gFAwACBZ9/// f+/fML////pgEYL7eLit311xqtpAVCQkhY9dd5s8TeylD0HsapBPbHm7u3drAJQlNRDUMTQU20TM gaT0poDRo0DR6mjQBoZBJITGiNNInqm0qN6htFHtJNPU9TQyAAADRp6HDTTBDIaaZGTCAaaAMJo0 yYAEDQSIgU9RNSPT0m1T2kyamjeqB6R6j0jZTQAHqepoNAikImmkG00SbE1J+p6p7VNtMinknkEb UNABoAEkgRoJpgQFPBBNompqaBiGmRoAAaYSSM9zgcwSM1TnCO18zu7BFWqYB8OERiWXToV0r1Sl hPW4vUKii/mkZo2m+3Dt/R+X/UHj34OTGOLKuGLPHDPjw8Sl44XYabkHyWwGyJyDRevSR075k7Qs 1dHNeqTM19Gm44wyBmRKF8aR/19dEl/kr5T6Fb37Knp1lobQ5pEtZ7Wj84UTqfN7oWP5VwqNXl/S u7lYbuNAqGQvOoYZmOrnCNdTZYzqOObPL2aeBl3jGZg0F1MzhkgSQkkk22xgufvSW51rBwWkoQKn JT2jm0yq13YpFZnLbHFitq+Pno5MOW7VlXdWjQ5xPku61arGHm1dGYs62rKh3cOkOLNvQXiuXWSj h0y83xnuPKc1Jy5B+XPjPQcxaQihaPIVI59dTTVIccNjzAIkJHons2i+yEj/dTWIOIf5Ke1htbzf JCp3ZNad8bnnpad91qu/Z2r7/q5KhI60pwYLbG/MqfXp7BFCp77dX1oInu+O4g7Ms1wpWsCqUuDZ eBUH1s4IeOJOIxyOx9E8cULtMMOK4X9dqst22b9+rv85pHFJqxBREx/Wb5mzGEY3LDjDMN8uK5+P h366esAveAg5YSTfKNj5kQL6Z7Tt2kkkEEHNxnSfeeGWb+jFDueJOUdvOwKG9vnRqhRbKEfqVaKK fP9ZQV4d2jZPQWpHimA7kN3XCA/6G3wShxMpqk3elO8ag57jZW6SZfCS8WPoRmGA5BMGQ8GF7jjV 6ltRrBVI8vLOYZ8IVQWPbalNqZpPc+cr6UmVQGhxhXAFi/eKYDwruLEgGX5lx+puQiyVgnOcFdtz j2rZmZtk7Dl19OpIJab5WJS02q+HkkA5LnHNijKEdIBlmRFBqrMmSKDKAFCRBKEiY8+cFer6OApg wkIsBTA1IJpmT/KpIkAaFdRJGxJaNNJHjFBIpjQcsI0K1J/YvFXTlscBqNBLQWNBNhquS8lWakkY YBWqAsisKmImS45AN7jkjUy/F8TikqXg7DxgGjBDVLXiSj9/G8NxCmi1DLngGAVOBpCNIJ4gjagc S3BrxJUBJCRAiP1xi1Jm78LCPpi7jSsn9E43oRL00vypN9LEIsm9lyZqJW0LlIGTtD1mB8ZKqNhf AgalfslHCUOBga8KK91IFGMfPo6Bk3oAONZxNTFohw2RjcpFBPQRia40nDeSQKnqCgZN9RoPfxYh IzhocJEBjwZJI75pCIpaFiVmpXtYbJZA/V+v3TAS0q9zl+xEc5H6Aqc69XNehA3ydBzPVBxTgjRJ WZcKd6oGcY6PC6SIP41KstSmOJPxgmZ2JnaqikpnAcdjglyjTqQXGp8AXo8B1Y1Ldx8iLEUWCaen EswjTppWF6tOXUlUjkYgHCSCcIAniE7Fpc9YDkihIc76kjsiSmlGUWIw5GfW2x3lPPm9KsPPi0C5 m/ccpGB5KVWOpaEnVPtKNDTOi8ksSRqWJWMPkOGJlCJTg9Yd57UdQURkYPz96Mc4UcwM8R4hB4tP wvpSQwKJbVpSRqMmS+AwHhXXZtUSBBBdEgTlaiG1qBlGwzVy3lUWHsN4ToxUjaSz9nFxpgFkM8U7 XljA0603anEWGMUcAVoxPTImaEiQwYVxPidEXpIYt0DZbpmEWg9pvhFznayawuHiUxmjowxzI+Pr 4ENRSaBXAwx9R3b71XU1DjG9oqhg3O41JZQcjThmF4woXgu+psIxtn9C+ViFVcmASt1aoWlg4gZe pTEqGMTCBvnvW0rszCw6rmi03Lgjos0YLXKvLPRzSujBQ4OxpRamCghQVFA5OL5EyyyYKiSokRhF xWMoC0O66YESRUUAbYXTJD9VBIGK6ExBBxIIVuqhqjuEyRWYGJsRwMLyrPjjh4RzBQjWTXAJGkvQ VWaIIDQkpD6J2QNryPIonN+o59wcnY3kYqXNDBMaLzGIlyhDxG/z3b7h1dAltNry4yC1WYndDpGh WTQ9WI/FF3Jaw1ApTwrxug5tDMwdQRyMZigkhwVlbtSoVGTNWkPGMzs5Ete+zRO1WM3xHnI6ibvS 1ow8qbkpDHBKA40Rq10hyT34ID9iJ0MGxvQ810jpveZtPVsNpdEmVGUxhQJlRyBpQ0WlHICFE0bo UyY4L1AIuQnccuQLgEyXc3YtTQr625EObiRczFhSMSias4kDJJHwXh6lRKQ2SwyQHiGcMQ2axyOk 3QSU4kScJAEWJkgaUgq0rSJIEqogrcuTQFj23LxEykp0DOs3vr6I5HL42G484KVrPMbEoaaMi2MH BIiAY5TnGLWgeItArYYHD+zpEfg9RvMN9AkhNgxDb9Z/J2cR3fWMkmCD1DWg/c0+s7/Zr5jqMlv+ v/4wc//h8JKZmRXBqFDurPuJk0qFDU+CUSJZ3MeJotPsMar6pMd/CPbpKs4DaSyJuftUzWsNekbA sIqmGKVNjGv8dDYb2oc0vuO6Ogl94Dg9zkLeVCSE9K1gSVmG1cEiwBofTVvFqErCBMK2JOoISjB7 jK4e71nbt9lVovlAmDyn4nrJmSDrPnPqOwsaDtMLjI05Lj7DtNOxCChP6eo+03WYbeYcGYQvvAFE 22HI0NQ4nwksyAKI4pSmkv2FembYOV4i2I6geHBPxDR+9ZCFJWH0EVCHWIU4cGmCOVe/cz1dREwi iIkZ4VmAm8dJ1s3RtyD6tm7TYT7N3UbazI2wKCeInkJYigT5M8u0nJSVsfFsIzHjygEzXi+WWhbu Gw5GvF9vmoBHGbamGOhMmBEIHmtx6GXUgBBD9htGR0XI5HwNxyFtRsu10ELC7oR0VxrL0rRoWRNt J4KAWGFJVU9GxrRyI7PSa0bRqEbFZrU02xEDQQDQxMywBfhVtQQsniBQpYP7nn4A6Vz3LLiwj2Bu HZEA0mM5OTKQz2myg3roIfED4jyRI06nUkQN69G7FI+K5bTW41n0AwUDzvxwQrSW0cGOAlgsbeoc 4M2Jli4kMJUPMoC2OepsjYrb9MHOcJdoFRiV6Usi9hKTimDG5JHOByBeJJgO9RFfgb0mFkAw5DA7 T0R7ns880WhZ80X9svDn7/IR2vtiXqrRRox5aE2lJrwEJaX/pc9JsMQF4lffpQUtwzd0i6sqKik1 EzzNAXuUlx5kavPsXmYj5iJcGbk5AzO3bklUkmNQ/txhDJduvE0PBfCYBArFzmP9vB9rcWMWk3Ut NxGVjTKBLiAasDOfuOp7HWbihy8Ck4rNIFhuMg5AszYi2i479HF/S1H+yj+fHn2LuO4WQa5TrI7I iJqVHKR5pKZBgXUvEDoEBLhe81VEfu9TjIvj1ICVJ2P0XpawmA45ueFCMFWnm9DAGAgNeQUiRmVB WWnybcnOZuqBdtx3O/f1Ir5FR6FoMcyuo8ik8hvZFBXqJHc+NDibzzR7OKIAqC4niC7HZJDl/ERn uEMjgI4I8Q4nOsJm8oEWplMihzhkH0guSMwKAkcjCsPAz93GzMHdOBSxg0MISEAUAUECwAoBJM2U t2diaSZdJUlgCxrL06A6lTqh6glHakjUkBNYgKAOgx0Cp+q+afCBMPPWYdSpczDvgt61TaqWh8M2 czBZQ4lAMcVgIUCRkB5J6mcTcoBBoA/b1N6OJmdijlkanETNTAOaDvOn0GAELrAsXLEjEtnSko2c jda6gDRHmQAorvBv0+h4kSF1gMmZMCPFJ6W3ZqANAtnIgnALQ+6tMQTFv5+shhHWD5yeqgHS3KmM LQoFhNJ/IoeAQo6g5hh0Y53qg5pLWGw+Ww7ga0aFSvCsfaaASAgJ7CIG8gkfY2BYYBjxwL1bFkHK gR4g1IAmQJxTbgD9iJpIJXK/MbmMRPCesluLMcEka1MMAiOfs8OpUWj6mECdwcPAzXkjYDwDARel ELVFLMPU+Z+0NqQGhpeYms6B7GouC6oCDlByFZiDLZ8TxPdPf/0n5TFJPjAejylR8ZUtMqYoDa3n RA3wspQsZ9VGGChNL0gqoColx6hHm22NCgtCVyQvRJPkGSsVHYN4XStPwckvsXySRP17IoQZBlqA JgYl59by6LMFyQDNIGQSkLC7PBMxm6sjCErHYcza9fJ2sqi0CmdtSon3lwRLgKtwAQcDIl4crXuD ESLSMi+qGbsAGpWbeBCUyUIYDNxC9OfcRAJT4oEgKe7n8djqx9HzwuI5QgyiPneQNAYQwkyZFJgv oDM/VU6Jw6idG1iAbmhYRKluRxRkuCPmtD4KxekjxCQLojqjQtEjsbDq7QW02jEfADbfQEEooeQo JSDCqrkIVXebAk8pW1aU4bi9N0BxkMedhEpNpWGMAvNhLoH5ByfvuakQWCgxkB0QrFHiemQ6nyF+ V79EHgvgwECgzSElGBpNCBm9G7l90aacybeeU4A9lJJE/Mo+RNLUTKo9fMzKDPZkJw1Xtqpja+iA IhwCT0KBXbAQ8ZKBYk1CWF5ThQe802cQSuFc4jnGa4IIggYyIiJSk40vbjqSkC5C9YICAgDlwJEE RAvqc85sUJJg+SdajYTy0asIEP8OmNLQoHCoixEezIwjwD3OckdkexaP7ERJwiwtKj2BDEGSFkyi KgREeRDiPJczdMHPBDjwRYh+LFswcY/qJEW6m0HHRKuJSFzI6osL0lARSqR1iSCtwk4gGJxmGRSp BtwUe6Pruv3kD2X3jZAG49PEGB/ySQeptDXFbXqAH0t8wpOwXy3nM2pOGR+RFhnMOKGAkTN4R3I+ ArxKg7BErJlQB5or51cltN25W+NKzRtBOvuDujQD2Q5E3g6HXlR5jGVpNEsc80sDHlrp2JIPMwC4 Ezpl15AJQgnO8gPQmlq1iPpaKORMIVhTkjy6TSDWjFFeYKd4gsXBDqg2GeZijJFhYHI6E5k0afHX KUv/F3JFOFCQk4947A== --===============9222547933333821231==--