mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-08 07:36:57 +02:00
Fix ancient bug in parsing of BRE-mode regular expressions.
brenext(), when parsing a '*' quantifier, forgot to return any "value" for the token; per the equivalent case in next(), it should return value 1 to indicate that greedy rather than non-greedy behavior is wanted. The result is that the compiled regexp could behave like 'x*?' rather than the intended 'x*', if we were unlucky enough to have a zero in v->nextvalue at this point. That seems to happen with some reliability if we have '.*' at the beginning of a BRE-mode regexp, although that depends on the initial contents of a stack-allocated struct, so it's not guaranteed to fail. Found by Alexander Lakhin using valgrind testing. This bug seems to be aboriginal in Spencer's code, so back-patch all the way. Discussion: https://postgr.es/m/16814-6c5e3edd2bdf0d50@postgresql.org
This commit is contained in:
parent
5ba046948e
commit
49c928c0c0
@ -994,7 +994,7 @@ brenext(struct vars *v,
|
|||||||
case CHR('*'):
|
case CHR('*'):
|
||||||
if (LASTTYPE(EMPTY) || LASTTYPE('(') || LASTTYPE('^'))
|
if (LASTTYPE(EMPTY) || LASTTYPE('(') || LASTTYPE('^'))
|
||||||
RETV(PLAIN, c);
|
RETV(PLAIN, c);
|
||||||
RET('*');
|
RETV('*', 1);
|
||||||
break;
|
break;
|
||||||
case CHR('['):
|
case CHR('['):
|
||||||
if (HAVE(6) && *(v->now + 0) == CHR('[') &&
|
if (HAVE(6) && *(v->now + 0) == CHR('[') &&
|
||||||
|
Loading…
Reference in New Issue
Block a user