From: Dmitry Shulga Date: February 4 2011 5:16am Subject: bzr push into mysql-5.5 branch (Dmitry.Shulga:3299 to 3300) Bug#58026 List-Archive: http://lists.mysql.com/commits/130354 X-Bug: 58026 Message-Id: <201102040516.p1442e72029211@acsinet15.oracle.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7259265008213336444==" --===============7259265008213336444== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline 3300 Dmitry Shulga 2011-02-04 [merge] Merge from mysql-5.1 for bug#58026. modified: mysql-test/r/not_embedded_server.result mysql-test/t/not_embedded_server.test regex/my_regex.h regex/regcomp.c regex/reginit.c sql/mysqld.cc 3299 Georgi Kodinov 2011-02-02 [merge] merge modified: mysql-test/t/func_time.test === modified file 'mysql-test/r/not_embedded_server.result' --- a/mysql-test/r/not_embedded_server.result 2011-01-07 12:08:05 +0000 +++ b/mysql-test/r/not_embedded_server.result 2011-02-04 04:59:55 +0000 @@ -3,6 +3,10 @@ SHOW VARIABLES like 'slave_skip_errors'; Variable_name Value slave_skip_errors OFF # +# Bug#58026: massive recursion and crash in regular expression handling +# +SELECT '1' RLIKE RPAD('1', 10000, '('); +# # WL#4284: Transactional DDL locking # # FLUSH PRIVILEGES should not implicitly unlock locked tables. === modified file 'mysql-test/t/not_embedded_server.test' --- a/mysql-test/t/not_embedded_server.test 2011-01-07 12:08:05 +0000 +++ b/mysql-test/t/not_embedded_server.test 2011-02-04 04:59:55 +0000 @@ -14,6 +14,16 @@ call mtr.add_suppression("Can't open and SHOW VARIABLES like 'slave_skip_errors'; +--echo # +--echo # Bug#58026: massive recursion and crash in regular expression handling +--echo # + +--disable_result_log +--error ER_STACK_OVERRUN_NEED_MORE +SELECT '1' RLIKE RPAD('1', 10000, '('); +--enable_result_log + + # End of 5.1 tests --echo # === modified file 'regex/my_regex.h' --- a/regex/my_regex.h 2005-09-29 00:08:24 +0000 +++ b/regex/my_regex.h 2011-02-04 04:47:46 +0000 @@ -28,6 +28,7 @@ typedef struct { /* === regcomp.c === */ +typedef int (*my_regex_stack_check_t)(); extern int my_regcomp(my_regex_t *, const char *, int, CHARSET_INFO *charset); #define REG_BASIC 0000 #define REG_EXTENDED 0001 @@ -76,7 +77,8 @@ extern void my_regfree(my_regex_t *); /* === reginit.c === */ -extern void my_regex_init(CHARSET_INFO *cs); /* Should be called for multithread progs */ +/* Should be called for multithread progs */ +extern void my_regex_init(CHARSET_INFO *cs, my_regex_stack_check_t func); extern void my_regex_end(void); /* If one wants a clean end */ #ifdef __cplusplus === modified file 'regex/regcomp.c' --- a/regex/regcomp.c 2010-07-23 20:16:29 +0000 +++ b/regex/regcomp.c 2011-02-04 04:59:55 +0000 @@ -31,6 +31,9 @@ struct parse { CHARSET_INFO *charset; /* for ctype things */ }; +/* Check if there is enough stack space for recursion. */ +my_regex_stack_check_t my_regex_enough_mem_in_stack= NULL; + #include "regcomp.ih" static char nuls[10]; /* place to point scanner in event of error */ @@ -117,7 +120,7 @@ CHARSET_INFO *charset; # define GOODFLAGS(f) ((f)&~REG_DUMP) #endif - my_regex_init(charset); /* Init cclass if neaded */ + my_regex_init(charset, NULL); /* Init cclass if neaded */ preg->charset=charset; cflags = GOODFLAGS(cflags); if ((cflags®_EXTENDED) && (cflags®_NOSPEC)) @@ -222,7 +225,15 @@ int stop; /* character this ERE should /* do a bunch of concatenated expressions */ conc = HERE(); while (MORE() && (c = PEEK()) != '|' && c != stop) - p_ere_exp(p); + { + if (my_regex_enough_mem_in_stack && + my_regex_enough_mem_in_stack()) + { + SETERROR(REG_ESPACE); + return; + } + p_ere_exp(p); + } if(REQUIRE(HERE() != conc, REG_EMPTY)) {}/* require nonempty */ if (!EAT('|')) === modified file 'regex/reginit.c' --- a/regex/reginit.c 2008-02-18 22:29:39 +0000 +++ b/regex/reginit.c 2011-02-04 04:47:46 +0000 @@ -4,10 +4,12 @@ #include #include #include "cclass.h" +#include "my_regex.h" static my_bool regex_inited=0; +extern my_regex_stack_check_t my_regex_enough_mem_in_stack; -void my_regex_init(CHARSET_INFO *cs) +void my_regex_init(CHARSET_INFO *cs, my_regex_stack_check_t func) { char buff[CCLASS_LAST][256]; int count[CCLASS_LAST]; @@ -16,6 +18,7 @@ void my_regex_init(CHARSET_INFO *cs) if (!regex_inited) { regex_inited=1; + my_regex_enough_mem_in_stack= func; bzero((uchar*) &count,sizeof(count)); for (i=1 ; i<= 255; i++) @@ -74,6 +77,7 @@ void my_regex_end() int i; for (i=0; i < CCLASS_LAST ; i++) free((char*) cclasses[i].chars); + my_regex_enough_mem_in_stack= NULL; regex_inited=0; } } === modified file 'sql/mysqld.cc' --- a/sql/mysqld.cc 2011-02-02 18:13:28 +0000 +++ b/sql/mysqld.cc 2011-02-04 04:59:55 +0000 @@ -2879,6 +2879,19 @@ sizeof(load_default_groups)/sizeof(load_ #endif +#ifndef EMBEDDED_LIBRARY +static +int +check_enough_stack_size() +{ + uchar stack_top; + + return check_stack_overrun(current_thd, STACK_MIN_SIZE, + &stack_top); +} +#endif + + /** Initialize one of the global date/time format variables. @@ -3340,7 +3353,11 @@ static int init_common_variables() if (item_create_init()) return 1; item_init(); - my_regex_init(&my_charset_latin1); +#ifndef EMBEDDED_LIBRARY + my_regex_init(&my_charset_latin1, check_enough_stack_size); +#else + my_regex_init(&my_charset_latin1, NULL); +#endif /* Process a comma-separated character set list and choose the first available character set. This is mostly for --===============7259265008213336444== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/dmitry.shulga@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: dmitry.shulga@stripped\ # 1ssnkooxtwhu6oa1 # target_branch: file:///Users/shulga/projects/mysql/mysql-5.5/ # testament_sha1: bab5d52bff1be37eada0f3d6e2016539c03e0e40 # timestamp: 2011-02-04 11:16:30 +0600 # source_branch: file:///Users/shulga/projects/mysql/mysql-5.1-\ # bug58887/ # base_revision_id: georgi.kodinov@stripped\ # hi05so9jg3q05486 # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWVmg9jsACY//gFAwACBZ9/// f+/fML////pgEYfZvFizdt2MUdsNVMzKUhYM2dbQyAFNNUAFKKFIgAwlCIU9U/FPQmo/JPCNU/KT 9TU0DBqaGRtTQANGQSiBoE0IGkk2QGp5I0NAZAAABptQcNNMEMhppkZMIBpoAwmjTJgAQNBIiICm 1NMTRPRMRqeTQno1NkBqaGgZNPUaaBw00wQyGmmRkwgGmgDCaNMmABA0EkgTQJphNJiaYIm0E0FM T0gaYIADRlIYDpYGQIUSxmFO50rd+R9q0RB8Ot5mWnTWsZbqkMCa1jwTrPPu6IUSBJft1936Py76 /0XKPe2OcY4Ldu9XBFXnwzavdRTRxnQ+XWgWtnMG+qqUezysZ29tvC751dzJLQxxm4wqAqoQdbEX /162RE/kn5Jbidrc0bx3hEydxZ5WtK5D+MGpV9Huhd/VaFTHt/vbPqudHfYRlQTsqKKqnicwpdYl MB2G/LVJ26dpTrENCBWRqiMIqgqqKqq022xguPuSXA61gzWSUIFTZTOcWMqteC6kVmcG2OLCtle/ x0clzluysq11aL3N08lrrVqsXPCyt+EWOtlZUO1w6Q4sbd5bFcHWSjh0weFt2HzOU5KDzeIdTVvG w5DEifFiOIrFOe6xJbFGNvjcZBSEhehLJYp7HQP7mXeFBCngbzKLe0qaDpnDQu2z7HbGsrZpdNsq LP0eriTCBvZtTBXIz4wb1x7BBiZ6K76XYQlnTHAdRVTSeEhWoJMawLpRxMKXrQEKPw9iAZTtdPNA +KOiLLm3DduxXDG/Dh4dWvmNIxQaswTvQ+rfkeeYmcT1G0MbH4Nu7c49F9+qvMAY4wINbEk+obHx ogXrntO20kkggg49Z5j4GiWdHhuofN3SdUdvDcGXz+hsQbKUI+pLINPs+oYtu9xY3pyEwh5EUDgC +SDz9GQC/QO/60QLU5y9UP+YoBswPWS7R5opYuZnnRrDSQgvBokGKEkdJJlpM2Bejr8eebs+hzIF DzLhmyaEcHnG8SIqMArtMkqAJlWgSMBwUTkqIAqcyV9C2iEsMojMwSTTscVaqrbZO6Tl04pBLTfC xKWm1XTskA2Wm9NhRlCOkAwZgItqQrGYGBFBlAChIglCRMVtKejs2iy0aQioE9QxSYDAKYL6lDMU VVBAVAcWRAJtMcUEIjdJjuTpS6UJsti5QeqBIoPkKlRnEFJXAIIBNCbuT6EDGpcoK4H1GJSLGuu6 2Nw0ERKZOspV7gioOVINN0lHzXXo8QbCVSgVWYZcZDALDKYSESIIYQHHQGr+JHQJIIhEkP1jFWF/ KxDtwvFzcKcmfZjlAvOV+SQX0qOjByL2XGMhEtEuZ9FIG4Xym8glYXHjzCabRjpKFjQxLfzYDWHX 5XUTtANjM7xkxrEYPOpcpEaDMRiSN24lbJApsWgtBosGdXHhZFDK9xckQM32kka7AJQ0gGVMCmFs 9qi5lUDc3LvGAhlOlifDYeUOBSusiFdB5lg0OB7W9A0bMfiaWVM0a+qAtjDjdZ1MpoZENOENMETW xE2ZHoiSNwbGCGaGgoglT5iKXYnMUzOpDePQoEk4tpDNz2rGbrTWUNiEx+Yo4NACTqXBKoqhixMe SM1MzmQNaIKST4PYe7IaeMrLYYORTtnNs1Ky79XFzW3E6ZG860lW/C+E2FvyJ7HKOBFYkS5WF19Y 8mMMZlJOBTQdA7DyQ4yRcfTmhjlmj9XGNz9XOo9Zd7XKu0iyIBU4qB0ionjrbZQHlCCcSBBtViId jUDEW0TM1ctxKhJEnEGGnBCwU0kSKyXpBxFJGgxouCOGS1P044XSNXHGyIKMZwo4AWQy/QstUmBu 6y4uGaWqnOciWbAN7G7dCrpLumlYiGC0m6bbzEiV43otYzdocWneOyEg4nmKKek4aSTMsGuWIAj0 vqPwXzOg4kmQMEXMP0u58y7kmmQhn86eFR0UmZgGk1BL5WxsJDiC8ycJwi8pGLyJs2LWYBWclwRS a1tRxWlGhWyvwxyc0sowUOx2qaLUwVJIppJUkCY5ONWI1L3aSNEfSci4qRE4nanhhuFLEhhRGHEJ xNwMVaExBBuIIVuio6hMiqyOJiNrRvBdxoXOqWGF9Tn6XJz5wa0AgP1k1okgueOfukpFcgTYu4ik ynAYoaJZEQ4NmaSGzqZEigwpE5sRIFJnSiIjd7p7tI6ygSmONBkFhidUXxkZlRih6sR5ou6JI4q8 JU5ZZ3wc3YaTF1BHUZUiYN407K1AmKlVpSngfMpAeOLrc5yUzrk+5MHDRnN7o9BZ5AwRcRV4rNF3 AdMocxxg0LESHamecstzGUtFyWN0IKjKkhRHEiZQcMkCGlRyPJrzGbrrQUEfMAxUnOJQuOLAEiHB d/QNEaGQ/i4iV132lppGKZjxxvWpJHh5EyUhsTCwcLUMzRDZmJIpNqCSmhEmggCLCZIGlIKtK0iS BKqIK2lpNAV245d0TKSm8Z1nC+vkjdcvWw2HSClZHOakoaaMBamDgkRAI8h1iOdWnSc4HKhBBP9f eM/g9Zzm5kwbY2wYht9x/J7N0+XuGSTBB2jV58THuPn9cuI6jAw/u/6GRx9ju6CSNIE8FwY4TlwJ EkRhi53Ijx5VWJ8lQk/2E7td5P+NwvOxFTI5j1HPY/SJWMXKn3i7i5FThilOxjT+mZrNrUOaX3Hk jiJfeA4PedwvQiIgR4krAISUhzJWwXAKh76+USqIsBiL0rkTUGiiZ7TUr/Uenzc3akdVmICyp2Hp PeYkFxxmz1nQRDj2m4lBGQmX2CmdBAed/Se8qjptCpVEF+QAqHewN80mRA79lgaTRUgvSwSXaQkj a/HJsHK8RbEdMeHan4hsfsWoQpK09iKhD8xhrQtSUIJF6sEcsaj0FJ3kKOCwyEvn3zsRNnhL3Nhb eV/gbC9bw8B5XyOZwtPxSRu/G3oUqwrUM6iJhh37AC9Vmk09Q65JI8BYuVZcvyagIxOm9CPoyZgR CB7lYdTLkQAgh+vkbDY96NCSOK2HE3m08uIq3IthfhMuKp33Es1AjUduKT7BnS23TKjvUA0mFxtE I7z2yER7vaZkbBqEZKxrFptiIGggGhiZewBeZYYghcRxgWluAfI8fAG4kjBKw+CvqFcjqGkO9EA1 UjOTkykM9qWUG9Noh8QOeDQKCg19DoSIF63jqDRFVG8uPgDBIedd16FOornrHhheJeRYd5UUXjEC ZSJDCTpHMtLCpF5RR+1znOEucCZgaqGRcwlFxRBjg87gXeRYDyxIr8jsSYWADDkMDsuqPY83nuRa FnxRp448+Hy4iNdduiHKdCfQxxiSaEGrcIS7pWTrOBaMORzbeVevGap7c38YusKiomcLyotM/Uvq IXnQosqLzUI9hE7Gbe5AzO7OxJUpJi4fy2w04nLjuMFzXbSAQKxbaR/nzfa25jJpNuLTh4kqLWqJ iWABdkZyp9R7+RhS4ocuZM7VqSBY7DUGorFRacbXHKmKPoUXxw18iXQecSgOKJsH5W3KRU0j1Qkb gmEtq5gbwgJdl7zRUR+7qbZF8e4gJTOB9d6WkKQHG9zwoRgq084IYAwEBpyCYkaioKyY4l0IzKtS AlJiY43F6XHkkI7zXODFxwTGJIeVPJFBeRKg8zqi/S8lWCoNJkC6DL8xGrYIZG4RuR4B2nDSFJsK BFiZUkUOcMg3ozBpDM50PlOxT9m+kg/7aA3UbexDGxgGQFBATAIAORliVcuCNg8vagJqR80bg93i vEHN7Ig76GEpNhQBbDPQKrt0yj4MRfv2F+dQH3MpoD78MzAJUAolKQDGxXCFEoLwPZPVRsM1AINA H6u41o7DE96QvRxuVY83JgWbHyOfAoBBfMJpZM4rSnzSUbO02WuoAzR4EAKK7wb7PE5kSF1gMmZM CPsQ/cquG8A2iU9CBHsFQfhJFYPEsewO0bdvSR6rQEw8g5D0P4pB9QMkLuDiHJJGLMcb1QcUlpDW eus6gPBaUZlSvCsfaZgSAgJ7CIG0gkfa2BaYBjvwLlbFkHCgRsBpgCZAnE7cAfrRSkglcr9Q3AYi dKdJLYWY3KYXhAc/X04lJYPpYQJ25w8DJeCMweAXiNKUQtUUsg958D+Aa0gNRtvMTScQ9DQXhfEB i4FgSKwyn/g+s+1/p/5y6FbkdzDwe+KL0xTA1IxYcy0nCxaWlENJ97v0TTKEoxQx5pIlEFFLstEe OyRUnEnJUDwogkm3DD1OI0g6hQloPxckngvtU/PmihBkGVoBSBpM57JMqthnQwUoYoCIEml4exGo 1dHoTQOmuhqX0BVr1u+KdIrAhtVaIj/mYAzvYSSwABj2MUZBpUrAXoFg8rGxS/Uyeu8AUUk9YgMi GEBkwZ2iWOfxHgEJYUBACj459KhLUzr6YxEa0IM6J8eNAcDEMSaaLbAXWGeXfMwVIYipRbUOC4iW ESpbUbUZLcj4rM3qxeUjwDijmjMtEjoZHzmkjWC6gzM3EHH7DiPEEFCoGSSXqcwcsiSjtR7/MxR5 sFgybemQiD1CQWgurCWAfUTI/KorHgrSgYuApQ66UcJyUHU6S3W/FfBt23FwQKDCkJKLhpNCBjxR t3chqU5k2w76YA9lT4EvUmlsSRcUlUuPgZkzPs1CVMclpUVayZhSEP2pARpYGVg5hJwqiWZeE0IO Vps1BYCotC4hHEMyggiCBjIiIiIWdGlbh0IoxLQaUmMGuUE4A3LkNjbEuuJORlySYfaoyRvl+5vP EKFO6Lx2bxQOFRFiI9mRjHtD3nGSOiPMtH9CIk4RYWlR5ghiDJCyZRXakhlMRIgSDePKOJuqBzwQ 470WofkxopBxl8CRFuZsBxglXEmFzI5osL0lARNTOiSH2pILHCTiIZGILfWGo6gq1MNupS8kfTDL tIHov4jawDtPPxBgfpSQehtDTFbHqAHyb2CZ0C+W45HYk4ZHwRYaqQ+KS7kOAoKjcERSbahuAsBK ZwCRYVFYB1RZxq4LYbdqt901mhswV9weqNYHshyHrvW1cskLM0kkPQia2vRMNOUofBDg1pgFEEwU I2Iy5YAOZAjsW9G5Q5CF1UAvRMJBRkj3bKUg0oxRXO4QVrmh1IazLE1oxRWTC1bUakbaufUzN/xd yRThQkFmg9js --===============7259265008213336444==--