MDEV-23999 Potential stack overflow in InnoDB fulltext search

fts_query_t::nested_sub_exp: Keep track of nested fts_ast_visit_sub_exp() calls. fts_ast_visit_sub_exp(): Return DB_OUT_OF_MEMORY if the maximum recursion depth is exceeded. This is motivated by a change in MySQL 5.6.50: mysql/mysql-server@e2a46b4834 Bug #29929684 USING MANY NESTED ARGUMENTS WITH BOOLEAN FTS CAN LEAD TO TERMINATE SERVER
2025-07-29 05:21:33 +03:00 · 2020-10-21 10:04:44 +03:00
parent 0627c4ae21
commit c7552969d0
6 changed files with 75 additions and 34 deletions
--- a/mysql-test/suite/innodb_fts/t/basic.test
+++ b/mysql-test/suite/innodb_fts/t/basic.test
@ -99,6 +99,26 @@ SELECT * FROM articles WHERE MATCH (title,body)
 SELECT * FROM articles WHERE MATCH (title,body)
 	AGAINST ('+ MySQL - (Well stands)' IN BOOLEAN MODE);

+--error 128
+SELECT * FROM articles WHERE MATCH (title,body) AGAINST
+('(((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))))'
+ IN BOOLEAN MODE);
+SELECT * FROM articles WHERE MATCH (title,body) AGAINST
+('((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))'
+ IN BOOLEAN MODE);
+SELECT * FROM articles WHERE MATCH (title,body) AGAINST
+('(((((((((((((((((((((((((((((((vs))))))))))))))))))))))))))))))),(((to)))'
+ IN BOOLEAN MODE);
+
+--error ER_PARSE_ERROR
+SELECT * FROM articles WHERE MATCH (title,body) AGAINST
+('((((((((((((((((((((((((((((((((Security)))))))))))))))))))))))))))))))'
+ IN BOOLEAN MODE);
+--error ER_PARSE_ERROR
+SELECT * FROM articles WHERE MATCH (title,body) AGAINST
+('(((((((((((((((((((((((((((((((((Security))))))))))))))))))))))))))))))))'
+ IN BOOLEAN MODE);
+
 # Test sub-expression boolean search. Find rows contain
 # "MySQL" and "Well" or "MySQL" and "stands". But rank the 
 # doc with "Well" higher, and doc with "stands" lower.