From a21b43913fd97d0a97232764ad2f338da93a9561 Mon Sep 17 00:00:00 2001
From: chertus <chertus@gmail.com>
Date: Fri, 23 Aug 2019 21:40:42 +0300
Subject: [PATCH] fix crash in OptimizedRegularExpression

---
 dbms/src/Common/OptimizedRegularExpression.cpp               | 5 +++--
 .../0_stateless/00997_extract_all_crash_6627.reference       | 1 +
 .../queries/0_stateless/00997_extract_all_crash_6627.sql     | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.reference
 create mode 100644 dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.sql

diff --git a/dbms/src/Common/OptimizedRegularExpression.cpp b/dbms/src/Common/OptimizedRegularExpression.cpp
index c87d87fc2df..3a224709447 100644
--- a/dbms/src/Common/OptimizedRegularExpression.cpp
+++ b/dbms/src/Common/OptimizedRegularExpression.cpp
@@ -1,4 +1,5 @@
 #include <Common/Exception.h>
+#include <Common/PODArray.h>
 #include <Common/OptimizedRegularExpression.h>
 
 #define MIN_LENGTH_FOR_STRSTR 3
@@ -413,9 +414,9 @@ unsigned OptimizedRegularExpressionImpl<thread_safe>::match(const char * subject
                 return 0;
         }
 
-        StringPieceType pieces[MAX_SUBPATTERNS];
+        DB::PODArrayWithStackMemory<StringPieceType, sizeof(StringPieceType) * (MAX_SUBPATTERNS+1)> pieces(limit);
 
-        if (!re2->Match(StringPieceType(subject, subject_size), 0, subject_size, RegexType::UNANCHORED, pieces, limit))
+        if (!re2->Match(StringPieceType(subject, subject_size), 0, subject_size, RegexType::UNANCHORED, pieces.data(), pieces.size()))
             return 0;
         else
         {
diff --git a/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.reference b/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.reference
new file mode 100644
index 00000000000..acb53e80e6d
--- /dev/null
+++ b/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.reference
@@ -0,0 +1 @@
+['9']
diff --git a/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.sql b/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.sql
new file mode 100644
index 00000000000..06de4ec8afb
--- /dev/null
+++ b/dbms/tests/queries/0_stateless/00997_extract_all_crash_6627.sql
@@ -0,0 +1 @@
+SELECT extractAll('Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 YaBrowser/19.7.2.455 Yowser/2.5 Safari/537.36', '[Y][a-zA-Z]{8}/[1-9]([1-9]+)?(((.?)([0-9]+)?){0,4})?');