MDEV-382: Incorrect quoting

Various places in the server replication code was incorrectly quoting strings, which could lead to incorrect SQL on the slave/mysqlbinlog.
2025-07-29 05:21:33 +03:00 · 2012-08-24 10:06:16 +02:00
parent 34f2f8ea41
commit cdeabcfd43
39 changed files with 1164 additions and 444 deletions
--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@ -612,7 +612,6 @@ int mysql_create_db(THD *thd, char *db, HA_CREATE_INFO *create_info,
                     bool silent)
 {
  char	 path[FN_REFLEN+16];
-  char	 tmp_query[FN_REFLEN+16];
  long result= 1;
  int error= 0;
  MY_STAT stat_info;
@ -719,17 +718,9 @@ not_silent:
    char *query;
    uint query_length;

-    if (!thd->query())                          // Only in replication
-    {
-      query= 	     tmp_query;
-      query_length= (uint) (strxmov(tmp_query,"create database `",
-                                    db, "`", NullS) - tmp_query);
-    }
-    else
-    {
-      query=        thd->query();
-      query_length= thd->query_length();
-    }
+    query=        thd->query();
+    query_length= thd->query_length();
+    DBUG_ASSERT(query);

    ha_binlog_log_query(thd, 0, LOGCOM_CREATE_DB,
                        query, query_length,
@ -989,18 +980,11 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent)
  {
    const char *query;
    ulong query_length;
-    if (!thd->query())
-    {
-      /* The client used the old obsolete mysql_drop_db() call */
-      query= path;
-      query_length= (uint) (strxmov(path, "drop database `", db, "`",
-                                     NullS) - path);
-    }
-    else
-    {
-      query= thd->query();
-      query_length= thd->query_length();
-    }
+
+    query= thd->query();
+    query_length= thd->query_length();
+    DBUG_ASSERT(query);
+
    if (mysql_bin_log.is_open())
    {
      thd->clear_error();
@ -1041,9 +1025,10 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent)
    for (tbl= dropped_tables; tbl; tbl= tbl->next_local)
    {
      uint tbl_name_len;
+      char quoted_name[FN_REFLEN+3];

-      /* 3 for the quotes and the comma*/
-      tbl_name_len= strlen(tbl->table_name) + 3;
+      my_snprintf(quoted_name, sizeof(quoted_name), "%`s", tbl->table_name);
+      tbl_name_len= strlen(quoted_name) + 1; /* +1 for the comma */
      if (query_pos + tbl_name_len + 1 >= query_end)
      {
        /* These DDL methods and logging protected with LOCK_mysql_create_db */
@ -1055,9 +1040,7 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent)
        query_pos= query_data_start;
      }

-      *query_pos++ = '`';
-      query_pos= strmov(query_pos,tbl->table_name);
-      *query_pos++ = '`';
+      query_pos= strmov(query_pos, quoted_name);
      *query_pos++ = ',';
    }