From afcc8772edcec687d87b6f762ca6113229af7291 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 8 Jan 2021 12:16:00 -0500 Subject: [PATCH] Fix ancient bug in parsing of BRE-mode regular expressions. brenext(), when parsing a '*' quantifier, forgot to return any "value" for the token; per the equivalent case in next(), it should return value 1 to indicate that greedy rather than non-greedy behavior is wanted. The result is that the compiled regexp could behave like 'x*?' rather than the intended 'x*', if we were unlucky enough to have a zero in v->nextvalue at this point. That seems to happen with some reliability if we have '.*' at the beginning of a BRE-mode regexp, although that depends on the initial contents of a stack-allocated struct, so it's not guaranteed to fail. Found by Alexander Lakhin using valgrind testing. This bug seems to be aboriginal in Spencer's code, so back-patch all the way. Discussion: https://postgr.es/m/16814-6c5e3edd2bdf0d50@postgresql.org --- src/backend/regex/regc_lex.c | 2 +- src/test/modules/test_regex/expected/test_regex.out | 8 ++++++++ src/test/modules/test_regex/sql/test_regex.sql | 2 ++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/backend/regex/regc_lex.c b/src/backend/regex/regc_lex.c index 38617b79fd..ca2bce4831 100644 --- a/src/backend/regex/regc_lex.c +++ b/src/backend/regex/regc_lex.c @@ -994,7 +994,7 @@ brenext(struct vars *v, case CHR('*'): if (LASTTYPE(EMPTY) || LASTTYPE('(') || LASTTYPE('^')) RETV(PLAIN, c); - RET('*'); + RETV('*', 1); break; case CHR('['): if (HAVE(6) && *(v->now + 0) == CHR('[') && diff --git a/src/test/modules/test_regex/expected/test_regex.out b/src/test/modules/test_regex/expected/test_regex.out index ed1b0cbdb9..0dc2265d8b 100644 --- a/src/test/modules/test_regex/expected/test_regex.out +++ b/src/test/modules/test_regex/expected/test_regex.out @@ -614,6 +614,14 @@ ERROR: invalid regular expression: quantifier operand invalid -- expectError 7.15 - a*+ BADRPT select * from test_regex('a*+', '', '-'); ERROR: invalid regular expression: quantifier operand invalid +-- test for ancient brenext() bug; not currently in Tcl +select * from test_regex('.*b', 'aaabbb', 'b'); + test_regex +------------ + {0} + {aaabbb} +(2 rows) + -- doing 8 "braces" -- expectMatch 8.1 NQ "a{0,1}" "" "" select * from test_regex('a{0,1}', '', 'NQ'); diff --git a/src/test/modules/test_regex/sql/test_regex.sql b/src/test/modules/test_regex/sql/test_regex.sql index 4676cd1a06..1a2bfa6235 100644 --- a/src/test/modules/test_regex/sql/test_regex.sql +++ b/src/test/modules/test_regex/sql/test_regex.sql @@ -214,6 +214,8 @@ select * from test_regex('a?*', '', '-'); select * from test_regex('a+*', '', '-'); -- expectError 7.15 - a*+ BADRPT select * from test_regex('a*+', '', '-'); +-- test for ancient brenext() bug; not currently in Tcl +select * from test_regex('.*b', 'aaabbb', 'b'); -- doing 8 "braces"