summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mysql-test/r/sp-error.result19
-rw-r--r--mysql-test/t/sp-error.test27
-rw-r--r--sql/share/errmsg.txt2
-rw-r--r--sql/sp_head.cc17
-rw-r--r--sql/sp_head.h2
-rw-r--r--sql/sql_yacc.yy15
6 files changed, 82 insertions, 0 deletions
diff --git a/mysql-test/r/sp-error.result b/mysql-test/r/sp-error.result
index d7bed7e88a7..a784b59a6e5 100644
--- a/mysql-test/r/sp-error.result
+++ b/mysql-test/r/sp-error.result
@@ -1128,3 +1128,22 @@ ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function
drop function bug11555_1;
drop table t1;
drop view v1;
+drop procedure if exists ` bug15658`;
+create procedure ``() select 1;
+ERROR 42000: Incorrect routine name ''
+create procedure ` `() select 1;
+ERROR 42000: Incorrect routine name ' '
+create procedure `bug15658 `() select 1;
+ERROR 42000: Incorrect routine name 'bug15658 '
+create procedure ``.bug15658() select 1;
+ERROR 42000: Incorrect database name ''
+create procedure `x `.bug15658() select 1;
+ERROR 42000: Incorrect database name 'x '
+create procedure ` bug15658`() select 1;
+call ` bug15658`();
+1
+1
+show procedure status;
+Db Name Type Definer Modified Created Security_type Comment
+test bug15658 PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
+drop procedure ` bug15658`;
diff --git a/mysql-test/t/sp-error.test b/mysql-test/t/sp-error.test
index cf8f8dfc79c..25944144d21 100644
--- a/mysql-test/t/sp-error.test
+++ b/mysql-test/t/sp-error.test
@@ -1556,6 +1556,7 @@ drop procedure bug13012_1|
drop function bug13012_2|
delimiter ;|
+#
# BUG#11555 "Stored procedures: current SP tables locking make
# impossible view security". We should not expose names of tables
# which are implicitly used by view (via stored routines/triggers).
@@ -1616,7 +1617,33 @@ drop function bug11555_1;
drop table t1;
drop view v1;
+#
+# BUG#15658: Server crashes after creating function as empty string
+#
+--disable_warnings
+drop procedure if exists ` bug15658`;
+--enable_warnings
+
+--error ER_SP_WRONG_NAME
+create procedure ``() select 1;
+--error ER_SP_WRONG_NAME
+create procedure ` `() select 1;
+--error ER_SP_WRONG_NAME
+create procedure `bug15658 `() select 1;
+--error ER_WRONG_DB_NAME
+create procedure ``.bug15658() select 1;
+--error ER_WRONG_DB_NAME
+create procedure `x `.bug15658() select 1;
+# This should work
+create procedure ` bug15658`() select 1;
+call ` bug15658`();
+--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
+show procedure status;
+drop procedure ` bug15658`;
+
+
+#
# BUG#NNNN: New bug synopsis
#
#--disable_warnings
diff --git a/sql/share/errmsg.txt b/sql/share/errmsg.txt
index 185b4326c5c..63c75cdaddc 100644
--- a/sql/share/errmsg.txt
+++ b/sql/share/errmsg.txt
@@ -5605,3 +5605,5 @@ ER_SP_RECURSION_LIMIT
ger "Rekursionsgrenze %d (durch Variable max_sp_recursion_depth gegeben) wurde für Routine %.64s überschritten"
ER_SP_PROC_TABLE_CORRUPT
eng "Failed to load routine %s. The table mysql.proc is missing, corrupt, or contains bad data (internal code %d)"
+ER_SP_WRONG_NAME 42000
+ eng "Incorrect routine name '%-.64s'"
diff --git a/sql/sp_head.cc b/sql/sp_head.cc
index 12f9260e7b1..bf1de53acd6 100644
--- a/sql/sp_head.cc
+++ b/sql/sp_head.cc
@@ -384,6 +384,23 @@ sp_name_current_db_new(THD *thd, LEX_STRING name)
return qname;
}
+/*
+ * Check that the name 'ident' is ok. It's assumed to be an 'ident'
+ * from the parser, so we only have to check length and trailing spaces.
+ * The former is a standard requirement (and 'show status' assumes a
+ * non-empty name), the latter is a mysql:ism as trailing spaces are
+ * removed by get_field().
+ *
+ * RETURN
+ * TRUE - bad name
+ * FALSE - name is ok
+ */
+
+bool
+sp_name_check(LEX_STRING ident)
+{
+ return (!ident.str || !ident.str[0] || ident.str[ident.length-1] == ' ');
+}
/* ------------------------------------------------------------------ */
diff --git a/sql/sp_head.h b/sql/sp_head.h
index 2eebd35f6dc..30859ee8f8a 100644
--- a/sql/sp_head.h
+++ b/sql/sp_head.h
@@ -102,6 +102,8 @@ public:
sp_name *
sp_name_current_db_new(THD *thd, LEX_STRING name);
+bool
+sp_name_check(LEX_STRING name);
class sp_head :private Query_arena
{
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 25e10362ece..281e3e2eb5b 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1288,11 +1288,26 @@ clear_privileges:
sp_name:
ident '.' ident
{
+ if (!$1.str || check_db_name($1.str))
+ {
+ my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
+ YYABORT;
+ }
+ if (sp_name_check($3))
+ {
+ my_error(ER_SP_WRONG_NAME, MYF(0), $3.str);
+ YYABORT;
+ }
$$= new sp_name($1, $3);
$$->init_qname(YYTHD);
}
| ident
{
+ if (sp_name_check($1))
+ {
+ my_error(ER_SP_WRONG_NAME, MYF(0), $1.str);
+ YYABORT;
+ }
$$= sp_name_current_db_new(YYTHD, $1);
}
;