diff options
| author | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-01-12 14:30:08 +0700 |
|---|---|---|
| committer | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-01-12 14:30:08 +0700 |
| commit | 787f7b11780e0248d9f5ef9cd31a3539e129964f (patch) | |
| tree | b61d039e5467e21587909a11abd7a53b4ef94efb | |
| parent | 5a1a7141870459cf66d8e441b443187f87a10d5d (diff) | |
| download | mariadb-git-bb-10.3-MDEV-23666.tar.gz | |
MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length' failed in Lex_input_stream::body_utf8_appendbb-10.3-MDEV-23666
On parsing statements for which a starting backtick (`) delimiter doesn't have
a corresponding ending backtick, a current pointer to a position inside a
pre-processed buffer could go beyond the end of the buffer.
This bug report caused by the commit d4967659032b18a5504198b41dd3d0a1813d79ef
"MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds".
In order to fix the issue both pointers m_ptr and m_cpp_ptr must be
rolled back to previous position in raw input and pre-processed input streams
correspondingly in case end of query reached during parsing.
| -rw-r--r-- | mysql-test/main/parser.result | 9 | ||||
| -rw-r--r-- | mysql-test/main/parser.test | 14 | ||||
| -rw-r--r-- | sql/sql_lex.cc | 2 |
3 files changed, 25 insertions, 0 deletions
diff --git a/mysql-test/main/parser.result b/mysql-test/main/parser.result index 1c58c7379e4..658c26ae3e2 100644 --- a/mysql-test/main/parser.result +++ b/mysql-test/main/parser.result @@ -1784,4 +1784,13 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST'; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo /FO LIST' at line 1 EXECUTE IMMEDIATE 'if(`systeminfo'; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo' at line 1 +# +# MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append +# +SET @@sql_mode='ANSI_QUOTES'; +EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"' at line 1 +EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc'; +ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"abc' at line 1 +SET @@sql_mode=@save_sql_mode; # End of 10.3 tests diff --git a/mysql-test/main/parser.test b/mysql-test/main/parser.test index 9fb68b92b8f..1a862427a2c 100644 --- a/mysql-test/main/parser.test +++ b/mysql-test/main/parser.test @@ -1561,4 +1561,18 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST'; --error ER_PARSE_ERROR EXECUTE IMMEDIATE 'if(`systeminfo'; +--echo # +--echo # MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append +--echo # +SET @@sql_mode='ANSI_QUOTES'; +# Without a patch execution of the following statement results in assertion +# in Lex_input_stream::body_utf8_append on parsing the statement +--error ER_PARSE_ERROR +EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"'; + +--error ER_PARSE_ERROR +EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc'; + +SET @@sql_mode=@save_sql_mode; + --echo # End of 10.3 tests diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 6116dee6e7e..b8f6610e066 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd, Return the quote character, to have the parser fail on syntax error. */ m_ptr= (char *) m_tok_start + 1; + if (m_echo) + m_cpp_ptr= (char *) m_cpp_tok_start + 1; return quote_char; } int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query()); |