From 95825fa28a7e84a2f5dbdef5241078f7055c5b04 Mon Sep 17 00:00:00 2001 From: Knut Anders Hatlen Date: Thu, 7 Jan 2016 12:53:18 +0100 Subject: Bug#21682356: STOP INJECTING DATA ITEMS IN AN ERROR MESSAGE GENERATED BY THE EXP() FUNCTION When generating the error message for numeric overflow, pass a flag to Item::print() that prevents it from expanding constant expressions and parameters to the values they evaluate to. For consistency, also pass the flag to Item::print() when Item_func_spatial_collection::fix_length_and_dec() generates an error message. It doesn't make any difference at the moment, since constant expressions haven't been evaluated yet when this function is called. --- sql/mysqld.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'sql/mysqld.h') diff --git a/sql/mysqld.h b/sql/mysqld.h index 0253c2a0b43..ee9f8c64840 100644 --- a/sql/mysqld.h +++ b/sql/mysqld.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -431,7 +431,13 @@ enum enum_query_type /// In utf8. QT_TO_SYSTEM_CHARSET= (1 << 0), /// Without character set introducers. - QT_WITHOUT_INTRODUCERS= (1 << 1) + QT_WITHOUT_INTRODUCERS= (1 << 1), + /** + If an expression is constant, print the expression, not the value + it evaluates to. Should be used for error messages, so that they + don't reveal values. + */ + QT_NO_DATA_EXPANSION= (1 << 9), }; /* query_id */ -- cgit v1.2.1