[#MDEV-23999] Potential stack overflow in InnoDB fulltext search

[MDEV-23999] Potential stack overflow in InnoDB fulltext search Created: 2020-10-21 Updated: 2020-10-21 Resolved: 2020-10-21
Status:	Closed
Project:	MariaDB Server
Component/s:	Full-text Search, Storage Engine - InnoDB, Storage Engine - XtraDB
Affects Version/s:	10.0, 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s:	10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7

Type:

Bug

Priority:

Major

Reporter:

Marko Mäkelä

Assignee:

Marko Mäkelä

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Blocks
blocks	~~MDEV-23989~~	Merge new release of InnoDB 5.7.32 to...	Closed
blocks	~~MDEV-24004~~	2020 Q4 release merge	Closed

Description

With a complex MATCH...AGAINST string, the call stack inside the server could look like this:

10.1
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_ast_visit
...
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_ast_visit
fts_ast_visit_sub_exp
fts_query_visitor
fts_ast_visit
fts_query
ha_innobase::ft_init_ext
Item_func_match::init_search
init_ftfuncs
JOIN::optimize_inner
JOIN::optimize
mysql_select

On my platform (GCC 10.2.0 -Og AMD64 debug build), the stack usage is 464 bytes for each fts_ast_visit_sub_exp(), and further 9,248 bytes from Item_func_match::init_search() to the first fts_ast_visit_sub_exp().

To prevent stack overflow, we should return an error if too deep recursion is encountered.

Generated at Thu Feb 08 09:26:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-23999] Potential stack overflow in InnoDB fulltext search Created: 2020-10-21 Updated: 2020-10-21 Resolved: 2020-10-21