From 012f841fd43a19c042aaec0af863f589b65f3f54 Mon Sep 17 00:00:00 2001 From: "malff/marcsql@weblab.(none)" <> Date: Fri, 27 Apr 2007 17:14:25 -0600 Subject: [PATCH] Bug#21513 (SP having body starting with quoted label rendered unusable) Before this fix, the parser would sometime change where a token starts by altering Lex_input_string::tok_start, which later confused the code in sql_yacc.yy that needs to capture the source code of a SQL statement, like to represent the body of a stored procedure. This line of code in sql_lex.cc : case MY_LEX_USER_VARIABLE_DELIMITER: lip->tok_start= lip->ptr; // Skip first ` would ... and cause the bug reported. In general, the responsibility of sql_lex.cc is to *find* where token are in the SQL text, but is *not* to make up fake or incomplete tokens. With a quoted label like `my_label`, the token starts on the first quote. Extracting the token value should not change that (it did). With this fix, the lexical analysis has been cleaned up to not change lip->tok_start (in the case found for this bug). The functions get_token() and get_quoted_token() now have an extra parameters, used when some characters from the beginning of the token need to be skipped when extracting a token value, like when extracting 'AB' from '0xAB', for example, for a HEX_NUM token. This exposed a bad assumption in Item_hex_string and Item_bin_string, which has been fixed: The assumption was that the string given, 'AB', was in fact preceded in memory by '0x', which might be false (it can be preceded by "x'" and followed by "'" -- or not be preceded by valid memory at all) If a name is needed for Item_hex_string or Item_bin_string, the name is taken from the original and true source code ('0xAB'), and assigned in the select_item rule, instead of relying on assumptions related to how memory is used. --- mysql-test/r/sp.result | 7 +++++ mysql-test/t/sp.test | 11 ++++++++ sql/item.cc | 2 -- sql/sql_lex.cc | 64 ++++++++++++++++++++---------------------- sql/sql_yacc.yy | 14 +++++---- 5 files changed, 56 insertions(+), 42 deletions(-) diff --git a/mysql-test/r/sp.result b/mysql-test/r/sp.result index 9ba6a356db2..b5b79af031e 100644 --- a/mysql-test/r/sp.result +++ b/mysql-test/r/sp.result @@ -6118,6 +6118,13 @@ Warning 1265 Data truncated for column 'bug5274_f1' at row 1 Warning 1265 Data truncated for column 'bug5274_f1' at row 1 DROP FUNCTION bug5274_f1| DROP FUNCTION bug5274_f2| +drop procedure if exists proc_21513| +create procedure proc_21513()`my_label`:BEGIN END| +show create procedure proc_21513| +Procedure sql_mode Create Procedure +proc_21513 CREATE DEFINER=`root`@`localhost` PROCEDURE `proc_21513`() +`my_label`:BEGIN END +drop procedure proc_21513| End of 5.0 tests. drop table t1,t2; CREATE TABLE t1 (a int auto_increment primary key) engine=MyISAM; diff --git a/mysql-test/t/sp.test b/mysql-test/t/sp.test index 64876ae0584..97677838d48 100644 --- a/mysql-test/t/sp.test +++ b/mysql-test/t/sp.test @@ -7054,6 +7054,17 @@ SELECT bug5274_f2()| DROP FUNCTION bug5274_f1| DROP FUNCTION bug5274_f2| +# +# Bug#21513 (SP having body starting with quoted label rendered unusable) +# +--disable_warnings +drop procedure if exists proc_21513| +--enable_warnings + +create procedure proc_21513()`my_label`:BEGIN END| +show create procedure proc_21513| + +drop procedure proc_21513| ### --echo End of 5.0 tests. diff --git a/sql/item.cc b/sql/item.cc index ed5bd67d096..a2a7d46edc3 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -4602,7 +4602,6 @@ inline uint char_val(char X) Item_hex_string::Item_hex_string(const char *str, uint str_length) { - name=(char*) str-2; // Lex makes this start with 0x max_length=(str_length+1)/2; char *ptr=(char*) sql_alloc(max_length+1); if (!ptr) @@ -4713,7 +4712,6 @@ Item_bin_string::Item_bin_string(const char *str, uint str_length) uchar bits= 0; uint power= 1; - name= (char*) str - 2; max_length= (str_length + 7) >> 3; char *ptr= (char*) sql_alloc(max_length + 1); if (!ptr) diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index ecdbb654ffd..fabd9a0e003 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -262,12 +262,12 @@ bool is_keyword(const char *name, uint len) /* make a copy of token before ptr and set yytoklen */ -static LEX_STRING get_token(Lex_input_stream *lip, uint length) +static LEX_STRING get_token(Lex_input_stream *lip, uint skip, uint length) { LEX_STRING tmp; yyUnget(); // ptr points now after last token char tmp.length=lip->yytoklen=length; - tmp.str= lip->m_thd->strmake(lip->tok_start, tmp.length); + tmp.str= lip->m_thd->strmake(lip->tok_start + skip, tmp.length); return tmp; } @@ -279,6 +279,7 @@ static LEX_STRING get_token(Lex_input_stream *lip, uint length) */ static LEX_STRING get_quoted_token(Lex_input_stream *lip, + uint skip, uint length, char quote) { LEX_STRING tmp; @@ -286,9 +287,10 @@ static LEX_STRING get_quoted_token(Lex_input_stream *lip, yyUnget(); // ptr points now after last token char tmp.length=lip->yytoklen=length; tmp.str=(char*) lip->m_thd->alloc(tmp.length+1); - for (from= (byte*) lip->tok_start, to= (byte*) tmp.str, end= to+length ; - to != end ; - ) + from= (byte*) lip->tok_start + skip; + to= (byte*) tmp.str; + end= to+length; + for ( ; to != end; ) { if ((*to++= *from++) == quote) from++; // Skip double quotes @@ -676,7 +678,7 @@ int MYSQLlex(void *arg, void *yythd) } yySkip(); // next state does a unget } - yylval->lex_str=get_token(lip, length); + yylval->lex_str=get_token(lip, 0, length); /* Note: "SELECT _bla AS 'alias'" @@ -718,7 +720,7 @@ int MYSQLlex(void *arg, void *yythd) { yySkip(); while (my_isdigit(cs,yyGet())) ; - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 0, yyLength()); return(FLOAT_NUM); } } @@ -730,10 +732,8 @@ int MYSQLlex(void *arg, void *yythd) while (my_isxdigit(cs,(c = yyGet()))) ; if ((lip->ptr - lip->tok_start) >= 4 && !ident_map[c]) { - yylval->lex_str=get_token(lip, yyLength()); - yylval->lex_str.str+=2; // Skip 0x - yylval->lex_str.length-=2; - lip->yytoklen-=2; + /* skip '0x' */ + yylval->lex_str=get_token(lip, 2, yyLength()-2); return (HEX_NUM); } yyUnget(); @@ -744,10 +744,8 @@ int MYSQLlex(void *arg, void *yythd) while (my_isxdigit(cs,(c = yyGet()))) ; if ((lip->ptr - lip->tok_start) >= 4 && !ident_map[c]) { - yylval->lex_str= get_token(lip, yyLength()); - yylval->lex_str.str+= 2; // Skip 0x - yylval->lex_str.length-= 2; - lip->yytoklen-= 2; + /* Skip '0b' */ + yylval->lex_str= get_token(lip, 2, yyLength()-2); return (BIN_NUM); } yyUnget(); @@ -782,14 +780,13 @@ int MYSQLlex(void *arg, void *yythd) if (c == '.' && ident_map[yyPeek()]) lip->next_state=MY_LEX_IDENT_SEP;// Next is '.' - yylval->lex_str= get_token(lip, yyLength()); + yylval->lex_str= get_token(lip, 0, yyLength()); return(result_state); case MY_LEX_USER_VARIABLE_DELIMITER: // Found quote char { uint double_quotes= 0; char quote_char= c; // Used char - lip->tok_start=lip->ptr; // Skip first ` while ((c=yyGet())) { int var_length; @@ -813,19 +810,20 @@ int MYSQLlex(void *arg, void *yythd) #endif } if (double_quotes) - yylval->lex_str=get_quoted_token(lip, yyLength() - double_quotes, + yylval->lex_str=get_quoted_token(lip, 1, + yyLength() - double_quotes -1, quote_char); else - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 1, yyLength() -1); if (c == quote_char) yySkip(); // Skip end ` lip->next_state= MY_LEX_START; return(IDENT_QUOTED); } - case MY_LEX_INT_OR_REAL: // Compleat int or incompleat real + case MY_LEX_INT_OR_REAL: // Complete int or incomplete real if (c != '.') { // Found complete integer number. - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 0, yyLength()); return int_token(yylval->lex_str.str,yylval->lex_str.length); } // fall through @@ -843,10 +841,10 @@ int MYSQLlex(void *arg, void *yythd) break; } while (my_isdigit(cs,yyGet())) ; - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 0, yyLength()); return(FLOAT_NUM); } - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 0, yyLength()); return(DECIMAL_NUM); case MY_LEX_HEX_NUMBER: // Found x'hexstring' @@ -858,10 +856,9 @@ int MYSQLlex(void *arg, void *yythd) return(ABORT_SYM); // Illegal hex constant } yyGet(); // get_token makes an unget - yylval->lex_str=get_token(lip, length); - yylval->lex_str.str+=2; // Skip x' - yylval->lex_str.length-=3; // Don't count x' and last ' - lip->yytoklen-=3; + yylval->lex_str=get_token(lip, + 2, // skip x' + length-3); // don't count x' and last ' return (HEX_NUM); case MY_LEX_BIN_NUMBER: // Found b'bin-string' @@ -871,11 +868,10 @@ int MYSQLlex(void *arg, void *yythd) if (c != '\'') return(ABORT_SYM); // Illegal hex constant yyGet(); // get_token makes an unget - yylval->lex_str= get_token(lip, length); - yylval->lex_str.str+= 2; // Skip b' - yylval->lex_str.length-= 3; // Don't count b' and last ' - lip->yytoklen-= 3; - return (BIN_NUM); + yylval->lex_str= get_token(lip, + 2, // skip b' + length-3); // don't count b' and last ' + return (BIN_NUM); case MY_LEX_CMP_OP: // Incomplete comparison operator if (state_map[yyPeek()] == MY_LEX_CMP_OP || @@ -1047,7 +1043,7 @@ int MYSQLlex(void *arg, void *yythd) for (c=yyGet() ; my_isalnum(cs,c) || c == '.' || c == '_' || c == '$'; c= yyGet()) ; - yylval->lex_str=get_token(lip, yyLength()); + yylval->lex_str=get_token(lip, 0, yyLength()); return(LEX_HOSTNAME); case MY_LEX_SYSTEM_VAR: yylval->lex_str.str=(char*) lip->ptr; @@ -1079,7 +1075,7 @@ int MYSQLlex(void *arg, void *yythd) yyUnget(); // Put back 'c' return(tokval); // Was keyword } - yylval->lex_str=get_token(lip, length); + yylval->lex_str=get_token(lip, 0, length); return(result_state); } } diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy index 82d148c4a1e..390a991c7b6 100644 --- a/sql/sql_yacc.yy +++ b/sql/sql_yacc.yy @@ -4439,21 +4439,23 @@ select_item_list: select_item: remember_name select_item2 remember_end select_alias { - if (add_item_to_list(YYTHD, $2)) + THD *thd= YYTHD; + DBUG_ASSERT($1 < $3); + + if (add_item_to_list(thd, $2)) MYSQL_YYABORT; if ($4.str) { $2->is_autogenerated_name= FALSE; $2->set_name($4.str, $4.length, system_charset_info); } - else if (!$2->name) { - char *str = $1; - if (str[-1] == '`') - str--; - $2->set_name(str,(uint) ($3 - str), YYTHD->charset()); + else if (!$2->name) + { + $2->set_name($1, (uint) ($3 - $1), thd->charset()); } }; + remember_name: { THD *thd= YYTHD;