MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds

Lex_input_stream::scan_ident_delimited() could go beyond the end of the input when a starting backtick (`) delimiter did not have a corresponding ending backtick. Fix: catch the case when yyGet() returns 0, which means either eof-of-query or straight 0x00 byte inside backticks, and make the parser fail on syntax error, displaying the left backtick as the syntax error place. In case of filename in a script like this: SET CHARACTER_SET_CLIENT=17; -- 17 is 'filename' SELECT doc.`Children`.0 FROM t1; the ending backtick was not recognized as such because my_charlen() returns 0 for a straight backtick (backticks must normally be encoded as @0060 in filename). The same fix works for 'filename': the execution skips the backtick and reaches the end of the query, then yyGet() returns 0. This fix is OK for now. But eventually 'filename' should either be disallowed as a parser character set, or fixed to handle encoded punctuation properly.
2025-07-29 05:21:33 +03:00 · 2020-08-04 09:49:44 +04:00
parent b3e9798ff3
commit d496765903
5 changed files with 43 additions and 1 deletions
--- a/mysql-test/main/parser.test
+++ b/mysql-test/main/parser.test
@ -1538,4 +1538,13 @@ SELECT @@GLOBAL.password;
 --error ER_UNKNOWN_SYSTEM_VARIABLE
 SELECT @@GLOBAL.role;

+--echo #
+--echo # MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds
+--echo #
+
+--error ER_PARSE_ERROR
+EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
+--error ER_PARSE_ERROR
+EXECUTE IMMEDIATE 'if(`systeminfo';
+
 --echo End of 10.3 tests