database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Bug#28779 (mysql_query() allows execution of statements with unbalanced

Browse Source 
comments)

Before this fix, the server would accept queries that contained comments,
even when the comments were not properly closed with a '*' '/' marker.

For example,
  select 1 /* + 2 <EOF>
would be accepted as
  select 1 /* + 2 */ <EOF>
and executed as
  select 1

With this fix, the server now rejects queries with unclosed comments
as syntax errors.
Both regular comments ('/' '*') and special comments ('/' '*' '!') must be
closed with '*' '/' to be parsed correctly.


mysql-test/r/comments.result:
  Unbalanced comments are a syntax error.
mysql-test/t/comments.test:
  Unbalanced comments are a syntax error.
sql/sql_lex.cc:
  Unbalanced comments are a syntax error.
This commit is contained in:
unknown
2007-08-29 14:50:32 -06:00
parent 3d5440505c
commit b0f899e977
3 changed files with 78 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
mysql-test/r/comments.result
View File

@ -26,3 +26,18 @@ select 1 # The rest of the row will be ignored
1
1
/* line with only comment */;
drop table if exists table_28779;
create table table_28779 (a int);
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' AND b = 'bar'' at line 1
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';*";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' AND b = 'bar';*' at line 1
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;*";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ';*' at line 1
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*!98765' AND b = 'bar'' at line 1
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';*";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*!98765' AND b = 'bar';*' at line 1
drop table table_28779;

33
mysql-test/t/comments.test
View File

@ -19,3 +19,36 @@ select 1 # The rest of the row will be ignored
/* line with only comment */;
# End of 4.1 tests
#
# Bug#28779 (mysql_query() allows execution of statements with unbalanced
# comments)
#
--disable_warnings
drop table if exists table_28779;
--enable_warnings
create table table_28779 (a int);
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';";
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';*";
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;";
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;*";
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';";
--error 1064
prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';*";
drop table table_28779;