Bug#27572258 CRASH WITH REGEXP_SUBSTR...

If the pattern is NULL, there is no regular expression to
compile, and the pointer to it is nullptr. This is fine,
but we must check for that value and return (SQL) NULL.

Change-Id: Ib66c32f361fe50f4a56a5f99a3baae8309d27bab

Author: Martin Hansson

sql/regexp/regexp_engine.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -43,15 +43,14 @@ UBool QueryNotKilled(const void *thd, int32_t) {
 
 const char *icu_version_string() { return U_ICU_VERSION; }
 
-bool Regexp_engine::Reset(String *subject) {
+void Regexp_engine::Reset(String *subject) {
   auto usubject = pointer_cast<const UChar *>(subject->ptr());
   int length = subject->length() / sizeof(UChar);
 
   DBUG_ASSERT(is_aligned(usubject));
   DBUG_ASSERT(subject->charset() == regexp_lib_charset);
   uregex_setText(m_re, usubject, length, &m_error_code);
   m_current_subject = subject;
-  return false;
 }
 
 bool Regexp_engine::Matches(int start, int occurrence) {

sql/regexp/regexp_engine.h

@@ -1,7 +1,7 @@
 #ifndef SQL_REGEXP_REGEXP_ENGINE_H_
 #define SQL_REGEXP_REGEXP_ENGINE_H_
 
-/* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -110,7 +110,7 @@ class Regexp_engine {
     Resets the engine with a new subject string.
     @param subject The new string to match the regular expression against.
   */
-  bool Reset(String *subject);
+  virtual void Reset(String *subject);
 
   /**
     Tries to find match number `occurrence` in the string, starting on

sql/regexp/regexp_facade.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -55,15 +55,9 @@ String *EvalExprToCharset(Item *expr, String *out) {
 }
 
 bool Regexp_facade::SetPattern(Item *pattern_expr) {
-  /*
-    The pattern is NULL, but that's fine. Since it's the facade's job to
-    handle NULL values, we leverage the fact that any matching against NULL
-    will have the result NULL and don't involve the Regexp_engine class at
-    all.
-  */
   if (pattern_expr == nullptr) {
     m_engine = nullptr;
-    return false;
+    return true;
   }
   if (!pattern_expr->const_item() ||  // Non-constant pattern, see above.
       m_engine == nullptr) {          // Called for the first time.
@@ -117,7 +111,8 @@ String *Regexp_facade::Replace(Item *subject_expr, Item *replacement_expr,
 
 String *Regexp_facade::Substr(Item *subject_expr, int start, int occurrence,
                               String *result) {
-  if (Reset(subject_expr) || !m_engine->Matches(start - 1, occurrence)) {
+  if (Reset(subject_expr)) return nullptr;
+  if (!m_engine->Matches(start - 1, occurrence)) {
     m_engine->CheckError();
     return nullptr;
   }