When escaping a string in a multi-byte character set, escape all bytes of

a character that appears to be a multi-byte character based on its first
byte, but is not actually a valid multi-byte character. (Bug #8378)

1 files changed, 20 insertions, 0 deletions

diff --git a/mysys/charset.c b/mysys/charset.c
index cb2379f8723..934125ead4a 100644
--- a/mysys/charset.c
+++ b/mysys/charset.c
@@ -581,6 +581,26 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
       from--;
       continue;
     }
+    /*
+     If the next character appears to begin a multi-byte character, we
+     escape all of the bytes of that apparent character. (The character just
+     looks like a multi-byte character -- if it were actually a multi-byte
+     character, it would have been passed through in the test above.)
+
+     Without this check, we can create a problem by converting an invalid
+     multi-byte character into a valid one. For example, 0xbf27 is not
+     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
+    */
+    if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
+    {
+      while (l--)
+      {
+        *to++= '\\';
+	*to++= *from++;
+      }
+      from--;
+      continue;
+    }
 #endif
     switch (*from) {
     case 0:				/* Must be escaped for 'mysql' */