From 6e6fecf495386e8aebfdc71ad6998eceb9da45e3 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 18 Feb 2021 22:38:55 -0500 Subject: [PATCH] Fix another ancient bug in parsing of BRE-mode regular expressions. While poking at the regex code, I happened to notice that the bug squashed in commit afcc8772e had a sibling: next() failed to return a specific value associated with the '}' token for a "\{m,n\}" quantifier when parsing in basic RE mode. Again, this could result in treating the quantifier as non-greedy, which it never should be in basic mode. For that to happen, the last character before "\}" that sets "nextvalue" would have to set it to zero, or it'd have to have accidentally been zero from the start. The failure can be provoked repeatably with, for example, a bound ending in digit "0". Like the previous patch, back-patch all the way. --- src/backend/regex/regc_lex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/regex/regc_lex.c b/src/backend/regex/regc_lex.c index ca2bce4831..1666453164 100644 --- a/src/backend/regex/regc_lex.c +++ b/src/backend/regex/regc_lex.c @@ -389,7 +389,7 @@ next(struct vars *v) { v->now++; INTOCON(L_BRE); - RET('}'); + RETV('}', 1); } else FAILW(REG_BADBR);