MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds

Lex_input_stream::scan_ident_delimited() could go beyond the end of the input when a starting backtick (`) delimiter did not have a corresponding ending backtick. Fix: catch the case when yyGet() returns 0, which means either eof-of-query or straight 0x00 byte inside backticks, and make the parser fail on syntax error, displaying the left backtick as the syntax error place. In case of filename in a script like this: SET CHARACTER_SET_CLIENT=17; -- 17 is 'filename' SELECT doc.`Children`.0 FROM t1; the ending backtick was not recognized as such because my_charlen() returns 0 for a straight backtick (backticks must normally be encoded as @0060 in filename). The same fix works for 'filename': the execution skips the backtick and reaches the end of the query, then yyGet() returns 0. This fix is OK for now. But eventually 'filename' should either be disallowed as a parser character set, or fixed to handle encoded punctuation properly.
2025-07-29 05:21:33 +03:00 · 2020-08-04 09:49:44 +04:00
parent b3e9798ff3
commit d496765903
5 changed files with 43 additions and 1 deletions
--- a/mysql-test/main/parser.result
+++ b/mysql-test/main/parser.result
@ -1760,4 +1760,11 @@ SELECT @@GLOBAL.password;
 ERROR HY000: Unknown system variable 'password'
 SELECT @@GLOBAL.role;
 ERROR HY000: Unknown system variable 'role'
+#
+# MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds
+#
+EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo /FO LIST' at line 1
+EXECUTE IMMEDIATE 'if(`systeminfo';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo' at line 1
 End of 10.3 tests