Fix ancient bug in parsing of BRE-mode regular expressions. brenext(), when parsing a '*' quantifier, forgot to return any "value" for the token; per the equivalent case in next(), it should return value 1 to indicate that greedy rather than non-greedy behavior is wanted. The result is that the compiled regexp could behave like 'x*?' rather than the intended 'x*', if we were unlucky enough to have a zero in v->nextvalue at this point. That seems to happen with some reliability if we have '.*' at the beginning of a BRE-mode regexp, although that depends on the initial contents of a stack-allocated struct, so it's not guaranteed to fail.
Found by Alexander Lakhin using valgrind testing. This bug seems to be aboriginal in Spencer's code, so back-patch all the way. Discussion: https://postgr.es/m/[email protected] Branch ------ REL9_5_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/0c23f30fad2919eb53964fa348ede60e504b5c1e Modified Files -------------- src/backend/regex/regc_lex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
