From ae14393e7487f3c8a97f3dc44cab7a2c19cdd0a9 Mon Sep 17 00:00:00 2001
From: unknown <jimw@mysql.com>
Date: Wed, 9 Feb 2005 16:14:13 -0800
Subject: [PATCH 1/2] When escaping a string in a multi-byte character set,
 escape all bytes of a character that appears to be a multi-byte character
 based on its first byte, but is not actually a valid multi-byte character.
 (Bug #8378)

tests/mysql_client_test.c:
  Add test for Bug #8317
mysys/charset.c:
  Properly escape invalid multibyte characters.
---
 mysys/charset.c           | 20 ++++++++++++++++
 tests/mysql_client_test.c | 49 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/mysys/charset.c b/mysys/charset.c
index cb2379f8723..934125ead4a 100644
--- a/mysys/charset.c
+++ b/mysys/charset.c
@@ -581,6 +581,26 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
       from--;
       continue;
     }
+    /*
+     If the next character appears to begin a multi-byte character, we
+     escape all of the bytes of that apparent character. (The character just
+     looks like a multi-byte character -- if it were actually a multi-byte
+     character, it would have been passed through in the test above.)
+
+     Without this check, we can create a problem by converting an invalid
+     multi-byte character into a valid one. For example, 0xbf27 is not
+     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
+    */
+    if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
+    {
+      while (l--)
+      {
+        *to++= '\\';
+	*to++= *from++;
+      }
+      from--;
+      continue;
+    }
 #endif
     switch (*from) {
     case 0:				/* Must be escaped for 'mysql' */
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
index 83f8f6ab143..b7e3e1b3469 100644
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -11532,6 +11532,54 @@ static void test_bug6761(void)
   myquery(rc);
 }
 
+/*
+ Test mysql_real_escape_string() with gbk charset
+
+ The important part is that 0x27 (') is the second-byte in a invvalid
+ two-byte GBK character here. But 0xbf5c is a valid GBK character, so
+ it needs to be escaped as 0x5cbf5c27
+*/
+#define TEST_BUG8317_IN  "\xef\xbb\xbf\x27"
+#define TEST_BUG8317_OUT "\xef\xbb\x5c\xbf\x5c\x27"
+
+static void test_bug8317()
+{
+  MYSQL *lmysql;
+  char out[9]; /* strlen(TEST_BUG8317)*2+1 */
+  int len;
+
+  myheader("test_bug8317");
+
+  if (!opt_silent)
+    fprintf(stdout, "\n Establishing a test connection ...");
+  if (!(lmysql= mysql_init(NULL)))
+  {
+    myerror("mysql_init() failed");
+    exit(1);
+  }
+  if (mysql_options(lmysql, MYSQL_SET_CHARSET_NAME, "gbk"))
+  {
+    myerror("mysql_options() failed");
+    exit(1);
+  }
+  if (!(mysql_real_connect(lmysql, opt_host, opt_user,
+                           opt_password, current_db, opt_port,
+                           opt_unix_socket, 0)))
+  {
+    myerror("connection failed");
+    exit(1);
+  }
+  if (!opt_silent)
+    fprintf(stdout, " OK");
+
+  len= mysql_real_escape_string(lmysql, out, TEST_BUG8317_IN, 4);
+
+  /* No escaping should have actually happened. */
+  DIE_UNLESS(memcmp(out, TEST_BUG8317_OUT, len) == 0);
+
+  mysql_close(lmysql);
+}
+
 /*
   Read and parse arguments and MySQL options from my.cnf
 */
@@ -11739,6 +11787,7 @@ static struct my_tests_st my_tests[]= {
   { "test_conversion", test_conversion },
   { "test_rewind", test_rewind },
   { "test_bug6761", test_bug6761 },
+  { "test_bug8317", test_bug8317 },
   { 0, 0 }
 };
 

From 9dad64a129a18e8b9d64edcd5947e9eba88f3c41 Mon Sep 17 00:00:00 2001
From: unknown <jimw@mysql.com>
Date: Tue, 15 Feb 2005 11:31:01 -0800
Subject: [PATCH 2/2] Only escape the first character in a sequence of bytes
 that appears to be a multibyte character, but was not a valid multibyte
 character. Refinement of fix for Bug #8378.

tests/mysql_client_test.c:
  Fix test (and fix number) for Bug #8378
mysys/charset.c:
  Fix to only escape the first character in a sequence that appears
  to be a multibyte character, but was not a valid one.
---
 mysys/charset.c           | 15 ++++++---------
 tests/mysql_client_test.c | 20 ++++++++++----------
 2 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/mysys/charset.c b/mysys/charset.c
index 934125ead4a..5587a6d685f 100644
--- a/mysys/charset.c
+++ b/mysys/charset.c
@@ -583,9 +583,10 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
     }
     /*
      If the next character appears to begin a multi-byte character, we
-     escape all of the bytes of that apparent character. (The character just
-     looks like a multi-byte character -- if it were actually a multi-byte
-     character, it would have been passed through in the test above.)
+     escape that first byte of that apparent multi-byte character. (The
+     character just looks like a multi-byte character -- if it were actually
+     a multi-byte character, it would have been passed through in the test
+     above.)
 
      Without this check, we can create a problem by converting an invalid
      multi-byte character into a valid one. For example, 0xbf27 is not
@@ -593,12 +594,8 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
     */
     if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
     {
-      while (l--)
-      {
-        *to++= '\\';
-	*to++= *from++;
-      }
-      from--;
+      *to++= '\\';
+      *to++= *from;
       continue;
     }
 #endif
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
index b7e3e1b3469..7886e0c1884 100644
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -11535,20 +11535,20 @@ static void test_bug6761(void)
 /*
  Test mysql_real_escape_string() with gbk charset
 
- The important part is that 0x27 (') is the second-byte in a invvalid
+ The important part is that 0x27 (') is the second-byte in a invalid
  two-byte GBK character here. But 0xbf5c is a valid GBK character, so
- it needs to be escaped as 0x5cbf5c27
+ it needs to be escaped as 0x5cbf27
 */
-#define TEST_BUG8317_IN  "\xef\xbb\xbf\x27"
-#define TEST_BUG8317_OUT "\xef\xbb\x5c\xbf\x5c\x27"
+#define TEST_BUG8378_IN  "\xef\xbb\xbf\x27\xbf\x10"
+#define TEST_BUG8378_OUT "\xef\xbb\x5c\xbf\x5c\x27\x5c\xbf\x10"
 
-static void test_bug8317()
+static void test_bug8378()
 {
   MYSQL *lmysql;
-  char out[9]; /* strlen(TEST_BUG8317)*2+1 */
+  char out[9]; /* strlen(TEST_BUG8378)*2+1 */
   int len;
 
-  myheader("test_bug8317");
+  myheader("test_bug8378");
 
   if (!opt_silent)
     fprintf(stdout, "\n Establishing a test connection ...");
@@ -11572,10 +11572,10 @@ static void test_bug8317()
   if (!opt_silent)
     fprintf(stdout, " OK");
 
-  len= mysql_real_escape_string(lmysql, out, TEST_BUG8317_IN, 4);
+  len= mysql_real_escape_string(lmysql, out, TEST_BUG8378_IN, 4);
 
   /* No escaping should have actually happened. */
-  DIE_UNLESS(memcmp(out, TEST_BUG8317_OUT, len) == 0);
+  DIE_UNLESS(memcmp(out, TEST_BUG8378_OUT, len) == 0);
 
   mysql_close(lmysql);
 }
@@ -11787,7 +11787,7 @@ static struct my_tests_st my_tests[]= {
   { "test_conversion", test_conversion },
   { "test_rewind", test_rewind },
   { "test_bug6761", test_bug6761 },
-  { "test_bug8317", test_bug8317 },
+  { "test_bug8378", test_bug8378 },
   { 0, 0 }
 };