]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f2c4ffc) | patch
Add recursion depth protections to regular expression matching.
authorTom Lane <tgl@sss.pgh.pa.us>
Fri, 2 Oct 2015 18:51:58 +0000 (14:51 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Fri, 2 Oct 2015 18:51:58 +0000 (14:51 -0400)
commitb63fc28776c5d2efdb4de326ad0f0b5b88f82220
tree74bf395229d6c60aa24463714340ce1e41fdfc14tree | snapshot
parentf2c4ffc3307cab6619a28e77da9211416c8b1d83commit | diff
Add recursion depth protections to regular expression matching.

Some of the functions in regex compilation and execution recurse, and
therefore could in principle be driven to stack overflow.  The Tcl crew
has seen this happen in practice in duptraverse(), though their fix was
to put in a hard-wired limit on the number of recursive levels, which is
not too appetizing --- fortunately, we have enough infrastructure to check
the actually available stack.  Greg Stark has also seen it in other places
while fuzz testing on a machine with limited stack space.  Let's put guards
in to prevent crashes in all these places.

Since the regex code would leak memory if we simply threw elog(ERROR),
we have to introduce an API that checks for stack depth without throwing
such an error.  Fortunately that's not difficult.
src/backend/regex/regc_nfa.c diff | blob | history
src/backend/regex/regcomp.c diff | blob | history
src/backend/regex/rege_dfa.c diff | blob | history
src/backend/regex/regexec.c diff | blob | history
src/backend/tcop/postgres.c diff | blob | history
src/include/miscadmin.h diff | blob | history
src/include/regex/regguts.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.