1
0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00

MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length' failed in Lex_input_stream::body_utf8_append

On parsing statements for which a starting backtick (`) delimiter doesn't have
a corresponding ending backtick, a current pointer to a position inside a
pre-processed buffer could go beyond the end of the buffer.

This bug report caused by the commit d496765903
  "MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds".

In order to fix the issue both pointers m_ptr and m_cpp_ptr must be
rolled back to previous position in raw input and pre-processed input streams
correspondingly in case end of query reached during parsing.
This commit is contained in:
Dmitry Shulga
2021-01-14 14:31:20 +07:00
parent fb9a9599bc
commit f130adbf35
3 changed files with 26 additions and 0 deletions

View File

@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd,
Return the quote character, to have the parser fail on syntax error.
*/
m_ptr= (char *) m_tok_start + 1;
if (m_echo)
m_cpp_ptr= (char *) m_cpp_tok_start + 1;
return quote_char;
}
int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query());