Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
10.0.20
Description
regarding to CVE-2014-8964: pcre: heap buffer overflow
BEFORE UPDATE mariadb v16
MariaDB [(none)]> select 'a' RLIKE '((?=(?(?=(?(?=(?(?=())))*))))){2}';
|
+-----------------------------------------------+
|
| 'a' RLIKE '((?=(?(?=(?(?=(?(?=())))*))))){2}' |
|
+-----------------------------------------------+
|
| 1 |
|
+-----------------------------------------------+
|
1 row in set (0.00 sec)
|
|
|
MariaDB [(none)]> SELECT REGEXP_SUBSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}');
|
+--------------------------------------------------------+
|
| REGEXP_SUBSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}') |
|
+--------------------------------------------------------+
|
| |
|
+--------------------------------------------------------+
|
1 row in set (0.00 sec)
|
|
|
MariaDB [(none)]> SELECT REGEXP_INSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}');
|
+-------------------------------------------------------+
|
| REGEXP_INSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}') |
|
+-------------------------------------------------------+
|
| 1 |
|
+-------------------------------------------------------+
|
1 row in set (0.00 sec)
|
AFTER UPDATE mariadb v20
MariaDB [test]> SELECT REGEXP_SUBSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}');
|
ERROR 1139 (42000): Got error 'nothing to repeat at offset 24' from regexp
|
MariaDB [test]> SELECT REGEXP_INSTR('a','((?=(?(?=(?(?=(?(?=())))*))))){2}');
|
ERROR 1139 (42000): Got error 'nothing to repeat at offset 24' from regexp
|
MariaDB [test]> SELECT 'a' RLIKE '((?=(?(?=(?(?=(?(?=())))*))))){2}';
|
ERROR 1139 (42000): Got error 'nothing to repeat at offset 24' from regexp
|
This is probably ok, however we would like to be sure.
Other "normal" regexps are ok as well as regexp from test suite.