Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.0.8
-
None
-
None
Description
Under terms of MDEV-5304 we upgraded PCRE to 8.34
but did not add a CMake options to compile against an
external PCRE library.
We should eventually add a CMake option.
The problem is that using an external PCRE is dangerous
because of a possible stack overrun, which we fix in the bundled
PCRE with the patch pcre/maria-patches/pcre_stack_guard.diff.
There are some options:
a. wait for the PCRE team to add some built-in means to watch the stack
b. use the current PCRE version and check the pattern against
nested parenthesis every time we call pcre_compile().
Attachments
Issue Links
Activity
| Field | Original Value | New Value |
|---|---|---|
| Description |
Under terms of but did not add a CMake options to compile against an external PCRE library. We should eventually add a CMake option. The problem is that using an external PCRE is dangerous because of a possible stack overrun, which we fix in the bundled PCRE with the patch pcre/maria-patches/pcre_stack_guard.diff. There are some options: a. wait for the PCRE team to add some build-in means to watch the stack b. use the current version and check the pattern against nested parenthesis every time we call pcre_compile(). |
Under terms of but did not add a CMake options to compile against an external PCRE library. We should eventually add a CMake option. The problem is that using an external PCRE is dangerous because of a possible stack overrun, which we fix in the bundled PCRE with the patch pcre/maria-patches/pcre_stack_guard.diff. There are some options: a. wait for the PCRE team to add some built-in means to watch the stack b. use the current version and check the pattern against nested parenthesis every time we call pcre_compile(). |
| Description |
Under terms of but did not add a CMake options to compile against an external PCRE library. We should eventually add a CMake option. The problem is that using an external PCRE is dangerous because of a possible stack overrun, which we fix in the bundled PCRE with the patch pcre/maria-patches/pcre_stack_guard.diff. There are some options: a. wait for the PCRE team to add some built-in means to watch the stack b. use the current version and check the pattern against nested parenthesis every time we call pcre_compile(). |
Under terms of but did not add a CMake options to compile against an external PCRE library. We should eventually add a CMake option. The problem is that using an external PCRE is dangerous because of a possible stack overrun, which we fix in the bundled PCRE with the patch pcre/maria-patches/pcre_stack_guard.diff. There are some options: a. wait for the PCRE team to add some built-in means to watch the stack b. use the current PCRE version and check the pattern against nested parenthesis every time we call pcre_compile(). |
| Priority | Minor [ 4 ] | Major [ 3 ] |
| Remote Link | This issue links to "Mageia bug report about pcre_stack_guard (Web Link)" [ 14800 ] |
| Remote Link | This issue links to "Upstream commit link (Web Link)" [ 14801 ] |
| Priority | Major [ 3 ] | Critical [ 2 ] |
| Assignee | Alexander Barkov [ bar ] | Sergei Golubchik [ serg ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Resolution | Fixed [ 1 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
| Remote Link | This issue links to "Revision with a fix (Web Link)" [ 15401 ] |
| Workflow | defaullt [ 34206 ] | MariaDB v2 [ 42807 ] |
| Workflow | MariaDB v2 [ 42807 ] | MariaDB v3 [ 61817 ] |
| Workflow | MariaDB v3 [ 61817 ] | MariaDB v4 [ 147470 ] |