Submitted by: Bruce Dubbs (bdubbs_at_linuxfromscratch_dot_org) Date: 2014-03-16 Initial Package Version: 8.34 Upstream Status: Committed Origin: Mageia (asked MariaDB to produce the patch) URL: https://bugs.mageia.org/show_bug.cgi?id=12665 Description: Eliminates the chance of anyone crashing MariaDB-10.0.9 server with a simple " SELECT a RLIKE REPEAT('(', 1000);" statement and fixes a build problem also of MariaDB-10.0.9 (pcre-8.34/pcre_compile.c:7997: undefined reference to `pcre_stack_guard') --- pcre-8.34/pcre_compile.c 2013-12-15 17:56:22.000000000 +0100 +++ pcre-8.34/pcre_compile.c 2014-02-07 19:43:10.759051139 +0100 @@ -7994,6 +7994,12 @@ unsigned int orig_bracount; unsigned int max_bracount; branch_chain bc; +if (PUBL(stack_guard) && PUBL(stack_guard)()) +{ + *errorcodeptr= ERR23; + return FALSE; +} + bc.outer = bcptr; bc.current_branch = code; --- pcre-8.34/pcre_globals.c 2012-01-05 18:07:07.000000000 +0100 +++ pcre-8.34/pcre_globals.c 2014-02-07 19:43:10.760051139 +0100 @@ -72,6 +72,7 @@ PCRE_EXP_DATA_DEFN void (*PUBL(free))(v PCRE_EXP_DATA_DEFN void *(*PUBL(stack_malloc))(size_t) = LocalPcreMalloc; PCRE_EXP_DATA_DEFN void (*PUBL(stack_free))(void *) = LocalPcreFree; PCRE_EXP_DATA_DEFN int (*PUBL(callout))(PUBL(callout_block) *) = NULL; +PCRE_EXP_DATA_DEFN int (*PUBL(stack_guard))(void) = NULL; #elif !defined VPCOMPAT PCRE_EXP_DATA_DEFN void *(*PUBL(malloc))(size_t) = malloc; @@ -79,6 +80,7 @@ PCRE_EXP_DATA_DEFN void (*PUBL(free))(v PCRE_EXP_DATA_DEFN void *(*PUBL(stack_malloc))(size_t) = malloc; PCRE_EXP_DATA_DEFN void (*PUBL(stack_free))(void *) = free; PCRE_EXP_DATA_DEFN int (*PUBL(callout))(PUBL(callout_block) *) = NULL; +PCRE_EXP_DATA_DEFN int (*PUBL(stack_guard))(void) = NULL; #endif /* End of pcre_globals.c */ --- pcre-8.34/pcre.h.in 2013-11-12 16:09:38.000000000 +0100 +++ pcre-8.34/pcre.h.in 2014-02-07 19:43:10.756051138 +0100 @@ -491,36 +491,42 @@ PCRE_EXP_DECL void (*pcre_free)(void *) PCRE_EXP_DECL void *(*pcre_stack_malloc)(size_t); PCRE_EXP_DECL void (*pcre_stack_free)(void *); PCRE_EXP_DECL int (*pcre_callout)(pcre_callout_block *); +PCRE_EXP_DECL int (*pcre_stack_guard)(void); PCRE_EXP_DECL void *(*pcre16_malloc)(size_t); PCRE_EXP_DECL void (*pcre16_free)(void *); PCRE_EXP_DECL void *(*pcre16_stack_malloc)(size_t); PCRE_EXP_DECL void (*pcre16_stack_free)(void *); PCRE_EXP_DECL int (*pcre16_callout)(pcre16_callout_block *); +PCRE_EXP_DECL int (*pcre16_stack_guard)(void); PCRE_EXP_DECL void *(*pcre32_malloc)(size_t); PCRE_EXP_DECL void (*pcre32_free)(void *); PCRE_EXP_DECL void *(*pcre32_stack_malloc)(size_t); PCRE_EXP_DECL void (*pcre32_stack_free)(void *); PCRE_EXP_DECL int (*pcre32_callout)(pcre32_callout_block *); +PCRE_EXP_DECL int (*pcre32_stack_guard)(void); #else /* VPCOMPAT */ PCRE_EXP_DECL void *pcre_malloc(size_t); PCRE_EXP_DECL void pcre_free(void *); PCRE_EXP_DECL void *pcre_stack_malloc(size_t); PCRE_EXP_DECL void pcre_stack_free(void *); PCRE_EXP_DECL int pcre_callout(pcre_callout_block *); +PCRE_EXP_DECL int pcre_stack_guard(void); PCRE_EXP_DECL void *pcre16_malloc(size_t); PCRE_EXP_DECL void pcre16_free(void *); PCRE_EXP_DECL void *pcre16_stack_malloc(size_t); PCRE_EXP_DECL void pcre16_stack_free(void *); PCRE_EXP_DECL int pcre16_callout(pcre16_callout_block *); +PCRE_EXP_DECL int (*pcre16_stack_guard)(void); PCRE_EXP_DECL void *pcre32_malloc(size_t); PCRE_EXP_DECL void pcre32_free(void *); PCRE_EXP_DECL void *pcre32_stack_malloc(size_t); PCRE_EXP_DECL void pcre32_stack_free(void *); PCRE_EXP_DECL int pcre32_callout(pcre32_callout_block *); +PCRE_EXP_DECL int (*pcre32_stack_guard)(void); #endif /* VPCOMPAT */ /* User defined callback which provides a stack just before the match starts. */