diff options
-rw-r--r-- | mysql-test/suite/innodb_fts/r/basic.result | 21 | ||||
-rw-r--r-- | mysql-test/suite/innodb_fts/t/basic.test | 20 | ||||
-rw-r--r-- | mysql-test/suite/sys_vars/r/sysvars_innodb,32bit,xtradb.rdiff | 2 | ||||
-rw-r--r-- | mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff | 2 | ||||
-rw-r--r-- | mysql-test/suite/sys_vars/r/sysvars_innodb.result | 2 | ||||
-rw-r--r-- | storage/innobase/fts/fts0que.cc | 19 | ||||
-rw-r--r-- | storage/innobase/include/fts0ast.h | 15 | ||||
-rw-r--r-- | storage/innobase/include/univ.i | 2 | ||||
-rw-r--r-- | storage/xtradb/fts/fts0que.cc | 19 | ||||
-rw-r--r-- | storage/xtradb/include/fts0ast.h | 15 |
10 files changed, 79 insertions, 38 deletions
diff --git a/mysql-test/suite/innodb_fts/r/basic.result b/mysql-test/suite/innodb_fts/r/basic.result index ae23b93dc84..749787b8e1c 100644 --- a/mysql-test/suite/innodb_fts/r/basic.result +++ b/mysql-test/suite/innodb_fts/r/basic.result @@ -125,6 +125,27 @@ id title body 3 Optimizing MySQL In this tutorial we will show ... 4 1001 MySQL Tricks 1. Never run mysqld as root. 2. ... 5 MySQL vs. YourSQL In the following database comparison ... +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +ERROR HY000: Table handler out of memory +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +id title body +6 MySQL Security When configured properly, MySQL ... +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((vs))))))))))))))))))))))))))))))),(((to)))' + IN BOOLEAN MODE); +id title body +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +ERROR 42000: syntax error, unexpected $end +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +ERROR 42000: syntax error, unexpected $end SELECT * FROM articles WHERE MATCH (title,body) AGAINST ('+ MySQL + (>Well < stands)' IN BOOLEAN MODE); id title body diff --git a/mysql-test/suite/innodb_fts/t/basic.test b/mysql-test/suite/innodb_fts/t/basic.test index 58f36be08a5..3c6d64a6fce 100644 --- a/mysql-test/suite/innodb_fts/t/basic.test +++ b/mysql-test/suite/innodb_fts/t/basic.test @@ -99,6 +99,26 @@ SELECT * FROM articles WHERE MATCH (title,body) SELECT * FROM articles WHERE MATCH (title,body) AGAINST ('+ MySQL - (Well stands)' IN BOOLEAN MODE); +--error 128 +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((vs))))))))))))))))))))))))))))))),(((to)))' + IN BOOLEAN MODE); + +--error ER_PARSE_ERROR +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); +--error ER_PARSE_ERROR +SELECT * FROM articles WHERE MATCH (title,body) AGAINST +('(((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))' + IN BOOLEAN MODE); + # Test sub-expression boolean search. Find rows contain # "MySQL" and "Well" or "MySQL" and "stands". But rank the # doc with "Well" higher, and doc with "stands" lower. diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit,xtradb.rdiff b/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit,xtradb.rdiff index c8a0250504e..802932602af 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit,xtradb.rdiff +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit,xtradb.rdiff @@ -1214,7 +1214,7 @@ COMMAND_LINE_ARGUMENT OPTIONAL VARIABLE_NAME INNODB_VERSION SESSION_VALUE NULL --GLOBAL_VALUE 5.6.49 +-GLOBAL_VALUE 5.6.50 +GLOBAL_VALUE 5.6.49-89.0 GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE NULL diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff index af9060d7334..12aeecc58b4 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff @@ -684,7 +684,7 @@ COMMAND_LINE_ARGUMENT OPTIONAL VARIABLE_NAME INNODB_VERSION SESSION_VALUE NULL --GLOBAL_VALUE 5.6.49 +-GLOBAL_VALUE 5.6.50 +GLOBAL_VALUE 5.6.49-89.0 GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE NULL diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 3877164bde3..ec53b1d34db 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -2401,7 +2401,7 @@ READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL VARIABLE_NAME INNODB_VERSION SESSION_VALUE NULL -GLOBAL_VALUE 5.6.49 +GLOBAL_VALUE 5.6.50 GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE NULL VARIABLE_SCOPE GLOBAL diff --git a/storage/innobase/fts/fts0que.cc b/storage/innobase/fts/fts0que.cc index ce6151e63b8..f1a5b4ccbe4 100644 --- a/storage/innobase/fts/fts0que.cc +++ b/storage/innobase/fts/fts0que.cc @@ -1,7 +1,7 @@ /***************************************************************************** -Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2017, 2019, MariaDB Corporation. +Copyright (c) 2007, 2020, Oracle and/or its affiliates. All Rights Reserved. +Copyright (c) 2017, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -146,6 +146,8 @@ struct fts_query_t { fts_word_freq_t */ bool multi_exist; /*!< multiple FTS_EXIST oper */ + byte visiting_sub_exp; /*!< count of nested + fts_ast_visit_sub_exp() */ }; /** For phrase matching, first we collect the documents and the positions @@ -2836,6 +2838,8 @@ fts_query_get_token( return(new_ptr); } +static dberr_t fts_ast_visit_sub_exp(fts_ast_node_t*, fts_ast_callback, void*); + /*****************************************************************//** Visit every node of the AST. */ static @@ -2925,7 +2929,7 @@ Process (nested) sub-expression, create a new result set to store the sub-expression result by processing nodes under current sub-expression list. Merge the sub-expression result with that of parent expression list. @return DB_SUCCESS if all well */ -UNIV_INTERN +static dberr_t fts_ast_visit_sub_exp( /*==================*/ @@ -2945,6 +2949,14 @@ fts_ast_visit_sub_exp( ut_a(node->type == FTS_AST_SUBEXP_LIST); + /* To avoid stack overflow, we limit the mutual recursion + depth between fts_ast_visit(), fts_query_visitor() and + fts_ast_visit_sub_exp(). */ + if (query->visiting_sub_exp++ > 31) { + query->error = DB_OUT_OF_MEMORY; + DBUG_RETURN(query->error); + } + cur_oper = query->oper; /* Save current result set */ @@ -2967,6 +2979,7 @@ fts_ast_visit_sub_exp( /* Reinstate parent node state */ query->multi_exist = multi_exist; query->oper = cur_oper; + query->visiting_sub_exp--; /* Merge the sub-expression result with the parent result set. */ subexpr_doc_ids = query->doc_ids; diff --git a/storage/innobase/include/fts0ast.h b/storage/innobase/include/fts0ast.h index b7d467e0082..b7870cbc7bc 100644 --- a/storage/innobase/include/fts0ast.h +++ b/storage/innobase/include/fts0ast.h @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2016, 2018, MariaDB Corporation. +Copyright (c) 2016, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -204,19 +204,6 @@ fts_ast_visit( operator, currently we only ignore FTS_IGNORE operator */ MY_ATTRIBUTE((nonnull, warn_unused_result)); -/*****************************************************************//** -Process (nested) sub-expression, create a new result set to store the -sub-expression result by processing nodes under current sub-expression -list. Merge the sub-expression result with that of parent expression list. -@return DB_SUCCESS if all went well */ -UNIV_INTERN -dberr_t -fts_ast_visit_sub_exp( -/*==================*/ - fts_ast_node_t* node, /*!< in: instance to traverse*/ - fts_ast_callback visitor, /*!< in: callback */ - void* arg) /*!< in: callback arg */ - MY_ATTRIBUTE((nonnull, warn_unused_result)); /******************************************************************** Create a lex instance.*/ UNIV_INTERN diff --git a/storage/innobase/include/univ.i b/storage/innobase/include/univ.i index bb355e0fef5..77c01ccaa15 100644 --- a/storage/innobase/include/univ.i +++ b/storage/innobase/include/univ.i @@ -45,7 +45,7 @@ Created 1/20/1994 Heikki Tuuri #define INNODB_VERSION_MAJOR 5 #define INNODB_VERSION_MINOR 6 -#define INNODB_VERSION_BUGFIX 49 +#define INNODB_VERSION_BUGFIX 50 /* The following is the InnoDB version as shown in SELECT plugin_version FROM information_schema.plugins; diff --git a/storage/xtradb/fts/fts0que.cc b/storage/xtradb/fts/fts0que.cc index 8fce8efac2b..0c51e702907 100644 --- a/storage/xtradb/fts/fts0que.cc +++ b/storage/xtradb/fts/fts0que.cc @@ -1,7 +1,7 @@ /***************************************************************************** -Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2017, 2019, MariaDB Corporation. +Copyright (c) 2007, 2020, Oracle and/or its affiliates. All Rights Reserved. +Copyright (c) 2017, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -146,6 +146,8 @@ struct fts_query_t { fts_word_freq_t */ bool multi_exist; /*!< multiple FTS_EXIST oper */ + byte visiting_sub_exp; /*!< count of nested + fts_ast_visit_sub_exp() */ }; /** For phrase matching, first we collect the documents and the positions @@ -2856,6 +2858,8 @@ fts_query_get_token( return(new_ptr); } +static dberr_t fts_ast_visit_sub_exp(fts_ast_node_t*, fts_ast_callback, void*); + /*****************************************************************//** Visit every node of the AST. */ static @@ -2945,7 +2949,7 @@ Process (nested) sub-expression, create a new result set to store the sub-expression result by processing nodes under current sub-expression list. Merge the sub-expression result with that of parent expression list. @return DB_SUCCESS if all well */ -UNIV_INTERN +static dberr_t fts_ast_visit_sub_exp( /*==================*/ @@ -2965,6 +2969,14 @@ fts_ast_visit_sub_exp( ut_a(node->type == FTS_AST_SUBEXP_LIST); + /* To avoid stack overflow, we limit the mutual recursion + depth between fts_ast_visit(), fts_query_visitor() and + fts_ast_visit_sub_exp(). */ + if (query->visiting_sub_exp++ > 31) { + query->error = DB_OUT_OF_MEMORY; + DBUG_RETURN(query->error); + } + cur_oper = query->oper; /* Save current result set */ @@ -2987,6 +2999,7 @@ fts_ast_visit_sub_exp( /* Reinstate parent node state */ query->multi_exist = multi_exist; query->oper = cur_oper; + query->visiting_sub_exp--; /* Merge the sub-expression result with the parent result set. */ subexpr_doc_ids = query->doc_ids; diff --git a/storage/xtradb/include/fts0ast.h b/storage/xtradb/include/fts0ast.h index b7d467e0082..b7870cbc7bc 100644 --- a/storage/xtradb/include/fts0ast.h +++ b/storage/xtradb/include/fts0ast.h @@ -1,7 +1,7 @@ /***************************************************************************** Copyright (c) 2007, 2018, Oracle and/or its affiliates. All Rights Reserved. -Copyright (c) 2016, 2018, MariaDB Corporation. +Copyright (c) 2016, 2020, MariaDB Corporation. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -204,19 +204,6 @@ fts_ast_visit( operator, currently we only ignore FTS_IGNORE operator */ MY_ATTRIBUTE((nonnull, warn_unused_result)); -/*****************************************************************//** -Process (nested) sub-expression, create a new result set to store the -sub-expression result by processing nodes under current sub-expression -list. Merge the sub-expression result with that of parent expression list. -@return DB_SUCCESS if all went well */ -UNIV_INTERN -dberr_t -fts_ast_visit_sub_exp( -/*==================*/ - fts_ast_node_t* node, /*!< in: instance to traverse*/ - fts_ast_callback visitor, /*!< in: callback */ - void* arg) /*!< in: callback arg */ - MY_ATTRIBUTE((nonnull, warn_unused_result)); /******************************************************************** Create a lex instance.*/ UNIV_INTERN |