MDEV-33468: Crash due to missing stack overrun check in two recursive functions

Thanks to Yury Chaikou for finding this problem (and the fix). Reviewed-by: Monty <monty@mariadb.org> Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
2025-07-27 18:02:13 +03:00 · 2024-02-15 10:41:23 +01:00
parent fdaa7a96ed
commit 5707f1efda
2 changed files with 11 additions and 1 deletions
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@ -17662,6 +17662,12 @@ Item_cond::remove_eq_conds(THD *thd, Item::cond_result *cond_value,
  bool and_level= functype() == Item_func::COND_AND_FUNC;
  List<Item> *cond_arg_list= argument_list();

+  if (check_stack_overrun(thd, STACK_MIN_SIZE, NULL))
+  {
+    *cond_value= Item::COND_FALSE;
+    return (COND*) 0;                           // Fatal error flag is set!
+  }
+
  if (and_level)
  {
    /*