From 75f80004b165363b10eeb9b63c342215356c98d0 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Sun, 25 Jun 2017 20:55:58 +0200
Subject: [PATCH] MDEV-12939 A query crashes MariaDB in
 Item_func_regex::cleanup

and
MDEV-13144 regexp on views - crashed mariadb server

implement Item_func_regex::build_clone()
---
 mysql-test/r/func_regexp_pcre.result |  2 ++
 mysql-test/t/func_regexp_pcre.test   |  5 +++++
 sql/item_cmpfunc.cc                  |  3 +--
 sql/item_cmpfunc.h                   | 20 ++++++++++++++------
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/mysql-test/r/func_regexp_pcre.result b/mysql-test/r/func_regexp_pcre.result
index 266ea6c5eef..0030fa53381 100644
--- a/mysql-test/r/func_regexp_pcre.result
+++ b/mysql-test/r/func_regexp_pcre.result
@@ -894,3 +894,5 @@ REGEXP_INSTR('a_kollision', '(oll)')
 SELECT REGEXP_INSTR('a_kollision', 'o([lm])\\1');
 REGEXP_INSTR('a_kollision', 'o([lm])\\1')
 4
+SELECT a FROM (SELECT "aa" a) t WHERE a REGEXP '[0-9]';
+a
diff --git a/mysql-test/t/func_regexp_pcre.test b/mysql-test/t/func_regexp_pcre.test
index 4b2c18e0674..4cbe893d9c4 100644
--- a/mysql-test/t/func_regexp_pcre.test
+++ b/mysql-test/t/func_regexp_pcre.test
@@ -439,3 +439,8 @@ SELECT 1 FROM dual WHERE ('Alpha,Bravo,Charlie,Delta,Echo,Foxtrot,StrataCentral,
 SELECT REGEXP_INSTR('a_kollision', 'oll');
 SELECT REGEXP_INSTR('a_kollision', '(oll)');
 SELECT REGEXP_INSTR('a_kollision', 'o([lm])\\1');
+
+#
+# MDEV-12939 A query crashes MariaDB in Item_func_regex::cleanup
+#
+SELECT a FROM (SELECT "aa" a) t WHERE a REGEXP '[0-9]';
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index f4fae535670..d203efa6305 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -5408,9 +5408,8 @@ bool Regexp_processor_pcre::compile(String *pattern, bool send_error)
   {
     if (!stringcmp(pattern, &m_prev_pattern))
       return false;
+    cleanup();
     m_prev_pattern.copy(*pattern);
-    pcre_free(m_pcre);
-    m_pcre= NULL;
   }
 
   if (!(pattern= convert_if_needed(pattern, &pattern_converter)))
diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h
index 2f98c68bb5f..8ff789d983a 100644
--- a/sql/item_cmpfunc.h
+++ b/sql/item_cmpfunc.h
@@ -2074,14 +2074,15 @@ public:
   {
     return subpattern_end(n) - subpattern_start(n);
   }
+  void reset()
+  {
+    m_pcre= NULL;
+    m_prev_pattern.length(0);
+  }
   void cleanup()
   {
-    if (m_pcre)
-    {
-      pcre_free(m_pcre);
-      m_pcre= NULL;
-    }
-    m_prev_pattern.length(0);
+    pcre_free(m_pcre);
+    reset();
   }
   bool is_compiled() const { return m_pcre != NULL; }
   bool is_const() const { return m_is_const; }
@@ -2110,6 +2111,13 @@ public:
   enum precedence precedence() const { return CMP_PRECEDENCE; }
   Item *get_copy(THD *thd, MEM_ROOT *mem_root)
   { return get_item_copy<Item_func_regex>(thd, mem_root, this); }
+  Item *build_clone(THD *thd, MEM_ROOT *mem_root)
+  {
+    Item_func_regex *clone= (Item_func_regex*) Item_bool_func::build_clone(thd, mem_root);
+    if (clone)
+      clone->re.reset();
+    return clone;
+  }
 
   void print(String *str, enum_query_type query_type)
   {