mirror of
https://github.com/MariaDB/server.git
synced 2025-08-01 03:47:19 +03:00
Fix for BUG#8351 (5.0) - Double quote in Boolean Fulltext query causes crash
This commit is contained in:
svoj@mysql.com
@ -69,6 +69,7 @@ struct st_ftb_expr
|
|||||||
float weight;
|
float weight;
|
||||||
float cur_weight;
|
float cur_weight;
|
||||||
byte *quot, *qend;
|
byte *quot, *qend;
|
||||||
|
LIST *phrase; /* phrase words */
|
||||||
uint yesses; /* number of "yes" words matched */
|
uint yesses; /* number of "yes" words matched */
|
||||||
uint nos; /* number of "no" words matched */
|
uint nos; /* number of "no" words matched */
|
||||||
uint ythresh; /* number of "yes" words in expr */
|
uint ythresh; /* number of "yes" words in expr */
|
||||||
@ -139,6 +140,8 @@ static void _ftb_parse_query(FTB *ftb, byte **start, byte *end,
|
|||||||
FT_WORD w;
|
FT_WORD w;
|
||||||
FTB_WORD *ftbw;
|
FTB_WORD *ftbw;
|
||||||
FTB_EXPR *ftbe;
|
FTB_EXPR *ftbe;
|
||||||
|
FT_WORD *phrase_word;
|
||||||
|
LIST *phrase_list;
|
||||||
uint extra=HA_FT_WLEN+ftb->info->s->rec_reflength; /* just a shortcut */
|
uint extra=HA_FT_WLEN+ftb->info->s->rec_reflength; /* just a shortcut */
|
||||||
|
|
||||||
if (ftb->state != UNINITIALIZED)
|
if (ftb->state != UNINITIALIZED)
|
||||||
@ -146,6 +149,7 @@ static void _ftb_parse_query(FTB *ftb, byte **start, byte *end,
|
|||||||
|
|
||||||
param.prev=' ';
|
param.prev=' ';
|
||||||
param.quot=up->quot;
|
param.quot=up->quot;
|
||||||
|
up->phrase= NULL;
|
||||||
while ((res=ft_get_word(ftb->charset,start,end,&w,¶m)))
|
while ((res=ft_get_word(ftb->charset,start,end,&w,¶m)))
|
||||||
{
|
{
|
||||||
int r=param.plusminus;
|
int r=param.plusminus;
|
||||||
@ -172,6 +176,14 @@ static void _ftb_parse_query(FTB *ftb, byte **start, byte *end,
|
|||||||
if (param.yesno > 0) up->ythresh++;
|
if (param.yesno > 0) up->ythresh++;
|
||||||
queue_insert(& ftb->queue, (byte *)ftbw);
|
queue_insert(& ftb->queue, (byte *)ftbw);
|
||||||
ftb->with_scan|=(param.trunc & FTB_FLAG_TRUNC);
|
ftb->with_scan|=(param.trunc & FTB_FLAG_TRUNC);
|
||||||
|
case 4:
|
||||||
|
if (! up->quot) break;
|
||||||
|
phrase_word= (FT_WORD *)alloc_root(&ftb->mem_root, sizeof(FT_WORD));
|
||||||
|
phrase_list= (LIST *)alloc_root(&ftb->mem_root, sizeof(LIST));
|
||||||
|
phrase_word->pos= w.pos;
|
||||||
|
phrase_word->len= w.len;
|
||||||
|
phrase_list->data= (void *)phrase_word;
|
||||||
|
up->phrase= list_add(up->phrase, phrase_list);
|
||||||
break;
|
break;
|
||||||
case 2: /* left bracket */
|
case 2: /* left bracket */
|
||||||
ftbe=(FTB_EXPR *)alloc_root(&ftb->mem_root, sizeof(FTB_EXPR));
|
ftbe=(FTB_EXPR *)alloc_root(&ftb->mem_root, sizeof(FTB_EXPR));
|
||||||
@ -188,7 +200,11 @@ static void _ftb_parse_query(FTB *ftb, byte **start, byte *end,
|
|||||||
param.quot=0;
|
param.quot=0;
|
||||||
break;
|
break;
|
||||||
case 3: /* right bracket */
|
case 3: /* right bracket */
|
||||||
if (up->quot) up->qend=param.quot;
|
if (up->quot)
|
||||||
|
{
|
||||||
|
up->qend= param.quot;
|
||||||
|
up->phrase= list_reverse(up->phrase);
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -433,27 +449,31 @@ err:
|
|||||||
|
|
||||||
/* returns 1 if str0 ~= /\bstr1\b/ */
|
/* returns 1 if str0 ~= /\bstr1\b/ */
|
||||||
static int _ftb_strstr(const byte *s0, const byte *e0,
|
static int _ftb_strstr(const byte *s0, const byte *e0,
|
||||||
const byte *s1, const byte *e1,
|
LIST *phrase, CHARSET_INFO *cs)
|
||||||
CHARSET_INFO *cs)
|
|
||||||
{
|
{
|
||||||
const byte *p0= s0;
|
FT_WORD h_word;
|
||||||
my_bool s_after= true_word_char(cs, s1[0]);
|
const byte *h_start= s0;
|
||||||
my_bool e_before= true_word_char(cs, e1[-1]);
|
DBUG_ENTER("_ftb_strstr");
|
||||||
uint p0_len;
|
|
||||||
my_match_t m[2];
|
|
||||||
|
|
||||||
while (p0 < e0)
|
if (! phrase) DBUG_RETURN(0);
|
||||||
|
|
||||||
|
while (ft_simple_get_word(cs, (byte **)&h_start, e0, &h_word, FALSE))
|
||||||
{
|
{
|
||||||
if (cs->coll->instr(cs, p0, e0 - p0, s1, e1 - s1, m, 2) != 2)
|
FT_WORD *n_word;
|
||||||
return(0);
|
LIST *phrase_element= phrase;
|
||||||
if ((!s_after || p0 + m[1].beg == s0 || !true_word_char(cs, p0[m[1].beg-1])) &&
|
const byte *h_start1= h_start;
|
||||||
(!e_before || p0 + m[1].end == e0 || !true_word_char(cs, p0[m[1].end])))
|
for (;;)
|
||||||
return(1);
|
{
|
||||||
p0+= m[1].beg;
|
n_word= (FT_WORD *)phrase_element->data;
|
||||||
p0+= (p0_len= my_mbcharlen(cs, *(uchar *)p0)) ? p0_len : 1;
|
if (my_strnncoll(cs, h_word.pos, h_word.len, n_word->pos, n_word->len))
|
||||||
|
break;
|
||||||
|
if (! (phrase_element= phrase_element->next))
|
||||||
|
DBUG_RETURN(1);
|
||||||
|
if (! ft_simple_get_word(cs, (byte **)&h_start1, e0, &h_word, FALSE))
|
||||||
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return(0);
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -494,7 +514,7 @@ static void _ftb_climb_the_tree(FTB *ftb, FTB_WORD *ftbw, FT_SEG_ITERATOR *ftsi_
|
|||||||
if (!ftsi.pos)
|
if (!ftsi.pos)
|
||||||
continue;
|
continue;
|
||||||
not_found = ! _ftb_strstr(ftsi.pos, ftsi.pos+ftsi.len,
|
not_found = ! _ftb_strstr(ftsi.pos, ftsi.pos+ftsi.len,
|
||||||
ftbe->quot, ftbe->qend, ftb->charset);
|
ftbe->phrase, ftb->charset);
|
||||||
}
|
}
|
||||||
if (not_found) break;
|
if (not_found) break;
|
||||||
} /* ftbe->quot */
|
} /* ftbe->quot */
|
||||||
@ -642,8 +662,8 @@ float ft_boolean_find_relevance(FT_INFO *ftb, byte *record, uint length)
|
|||||||
continue;
|
continue;
|
||||||
|
|
||||||
end=ftsi.pos+ftsi.len;
|
end=ftsi.pos+ftsi.len;
|
||||||
while (ft_simple_get_word(ftb->charset,
|
while (ft_simple_get_word(ftb->charset, (byte **) &ftsi.pos,
|
||||||
(byte **) &ftsi.pos, (byte *) end, &word))
|
(byte *) end, &word, TRUE))
|
||||||
{
|
{
|
||||||
int a, b, c;
|
int a, b, c;
|
||||||
for (a=0, b=ftb->queue.elements, c=(a+b)/2; b-a>1; c=(a+b)/2)
|
for (a=0, b=ftb->queue.elements, c=(a+b)/2; b-a>1; c=(a+b)/2)
|
||||||
|
|||||||
@ -98,6 +98,7 @@ my_bool ft_boolean_check_syntax_string(const byte *str)
|
|||||||
* 1 - word found
|
* 1 - word found
|
||||||
* 2 - left bracket
|
* 2 - left bracket
|
||||||
* 3 - right bracket
|
* 3 - right bracket
|
||||||
|
* 4 - stopword found
|
||||||
*/
|
*/
|
||||||
byte ft_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
byte ft_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
||||||
FT_WORD *word, FTB_PARAM *param)
|
FT_WORD *word, FTB_PARAM *param)
|
||||||
@ -161,6 +162,11 @@ byte ft_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
|||||||
*start=doc;
|
*start=doc;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
else if (length)
|
||||||
|
{
|
||||||
|
*start= doc;
|
||||||
|
return 4;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (param->quot)
|
if (param->quot)
|
||||||
{
|
{
|
||||||
@ -170,17 +176,18 @@ byte ft_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
byte ft_simple_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
byte ft_simple_get_word(CHARSET_INFO *cs, byte **start, const byte *end,
|
||||||
FT_WORD *word)
|
FT_WORD *word, my_bool skip_stopwords)
|
||||||
{
|
{
|
||||||
byte *doc= *start;
|
byte *doc= *start;
|
||||||
uint mwc, length, mbl;
|
uint mwc, length, mbl;
|
||||||
DBUG_ENTER("ft_simple_get_word");
|
DBUG_ENTER("ft_simple_get_word");
|
||||||
|
|
||||||
while (doc<end)
|
do
|
||||||
{
|
{
|
||||||
for (;doc<end;doc++)
|
for (;; doc++)
|
||||||
{
|
{
|
||||||
|
if (doc >= end) DBUG_RETURN(0);
|
||||||
if (true_word_char(cs, *doc)) break;
|
if (true_word_char(cs, *doc)) break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -193,13 +200,15 @@ byte ft_simple_get_word(CHARSET_INFO *cs, byte **start, byte *end,
|
|||||||
|
|
||||||
word->len= (uint)(doc-word->pos) - mwc;
|
word->len= (uint)(doc-word->pos) - mwc;
|
||||||
|
|
||||||
if (length >= ft_min_word_len && length < ft_max_word_len &&
|
if (skip_stopwords == FALSE ||
|
||||||
!is_stopword(word->pos, word->len))
|
(length >= ft_min_word_len && length < ft_max_word_len &&
|
||||||
|
!is_stopword(word->pos, word->len)))
|
||||||
{
|
{
|
||||||
*start= doc;
|
*start= doc;
|
||||||
DBUG_RETURN(1);
|
DBUG_RETURN(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
while (doc < end);
|
||||||
DBUG_RETURN(0);
|
DBUG_RETURN(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -217,7 +226,7 @@ int ft_parse(TREE *wtree, byte *doc, int doclen, my_bool with_alloc)
|
|||||||
FT_WORD w;
|
FT_WORD w;
|
||||||
DBUG_ENTER("ft_parse");
|
DBUG_ENTER("ft_parse");
|
||||||
|
|
||||||
while (ft_simple_get_word(wtree->custom_arg, &doc,end,&w))
|
while (ft_simple_get_word(wtree->custom_arg, &doc, end, &w, TRUE))
|
||||||
{
|
{
|
||||||
if (with_alloc)
|
if (with_alloc)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -81,7 +81,7 @@ int ft_init_stopwords()
|
|||||||
goto err0;
|
goto err0;
|
||||||
len=my_read(fd, buffer, len, MYF(MY_WME));
|
len=my_read(fd, buffer, len, MYF(MY_WME));
|
||||||
end=start+len;
|
end=start+len;
|
||||||
while (ft_simple_get_word(default_charset_info, &start, end, &w))
|
while (ft_simple_get_word(default_charset_info, &start, end, &w, TRUE))
|
||||||
{
|
{
|
||||||
if (ft_add_stopword(my_strdup_with_length(w.pos, w.len, MYF(0))))
|
if (ft_add_stopword(my_strdup_with_length(w.pos, w.len, MYF(0))))
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|||||||
@ -112,7 +112,8 @@ int is_stopword(char *word, uint len);
|
|||||||
uint _ft_make_key(MI_INFO *, uint , byte *, FT_WORD *, my_off_t);
|
uint _ft_make_key(MI_INFO *, uint , byte *, FT_WORD *, my_off_t);
|
||||||
|
|
||||||
byte ft_get_word(CHARSET_INFO *, byte **, byte *, FT_WORD *, FTB_PARAM *);
|
byte ft_get_word(CHARSET_INFO *, byte **, byte *, FT_WORD *, FTB_PARAM *);
|
||||||
byte ft_simple_get_word(CHARSET_INFO *, byte **, byte *, FT_WORD *);
|
byte ft_simple_get_word(CHARSET_INFO *, byte **, const byte *,
|
||||||
|
FT_WORD *, my_bool);
|
||||||
|
|
||||||
typedef struct _st_ft_seg_iterator {
|
typedef struct _st_ft_seg_iterator {
|
||||||
uint num, len;
|
uint num, len;
|
||||||
|
|||||||
Reference in New Issue
Block a user