From d4967659032b18a5504198b41dd3d0a1813d79ef Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Tue, 4 Aug 2020 09:49:44 +0400 Subject: MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds Lex_input_stream::scan_ident_delimited() could go beyond the end of the input when a starting backtick (`) delimiter did not have a corresponding ending backtick. Fix: catch the case when yyGet() returns 0, which means either eof-of-query or straight 0x00 byte inside backticks, and make the parser fail on syntax error, displaying the left backtick as the syntax error place. In case of filename in a script like this: SET CHARACTER_SET_CLIENT=17; -- 17 is 'filename' SELECT doc.`Children`.0 FROM t1; the ending backtick was not recognized as such because my_charlen() returns 0 for a straight backtick (backticks must normally be encoded as @0060 in filename). The same fix works for 'filename': the execution skips the backtick and reaches the end of the query, then yyGet() returns 0. This fix is OK for now. But eventually 'filename' should either be disallowed as a parser character set, or fixed to handle encoded punctuation properly. --- mysql-test/main/parser.test | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'mysql-test/main/parser.test') diff --git a/mysql-test/main/parser.test b/mysql-test/main/parser.test index 4ee335dbbb4..5a2d0294171 100644 --- a/mysql-test/main/parser.test +++ b/mysql-test/main/parser.test @@ -1538,4 +1538,13 @@ SELECT @@GLOBAL.password; --error ER_UNKNOWN_SYSTEM_VARIABLE SELECT @@GLOBAL.role; +--echo # +--echo # MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds +--echo # + +--error ER_PARSE_ERROR +EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST'; +--error ER_PARSE_ERROR +EXECUTE IMMEDIATE 'if(`systeminfo'; + --echo End of 10.3 tests -- cgit v1.2.1