[MDEV-23999] Potential stack overflow in InnoDB fulltext search - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0, 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7
Component/s: Full-text Search, Storage Engine - InnoDB, Storage Engine - XtraDB
Labels:
None

Description

With a complex MATCH...AGAINST string, the call stack inside the server could look like this:

10.1
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_ast_visit
...
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_ast_visit
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_query
ha_innobase::ft_init_ext
Item_func_match::init_search
init_ftfuncs
JOIN::optimize_inner
JOIN::optimize
mysql_select

On my platform (GCC 10.2.0 -Og AMD64 debug build), the stack usage is 464 bytes for each fts_ast_visit_sub_exp(), and further 9,248 bytes from Item_func_match::init_search() to the first fts_ast_visit_sub_exp().

To prevent stack overflow, we should return an error if too deep recursion is encountered.

Attachments

Issue Links

blocks

MDEV-23989 Merge new release of InnoDB 5.7.32 to 10.2

Closed

MDEV-24004 2020 Q4 release merge

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Marko Mäkelä

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2020-10-21 06:46

Updated:: 2020-10-21 11:05

Resolved:: 2020-10-21 07:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.