MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length' failed in Lex_input_stream::body_utf8_append

On parsing statements for which a starting backtick (`) delimiter doesn't have a corresponding ending backtick, a current pointer to a position inside a pre-processed buffer could go beyond the end of the buffer. This bug report caused by the commit d496765903 "MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds". In order to fix the issue both pointers m_ptr and m_cpp_ptr must be rolled back to previous position in raw input and pre-processed input streams correspondingly in case end of query reached during parsing.
2025-07-27 18:02:13 +03:00 · 2021-01-14 14:31:20 +07:00
parent fb9a9599bc
commit f130adbf35
3 changed files with 26 additions and 0 deletions
--- a/mysql-test/main/parser.result
+++ b/mysql-test/main/parser.result
@ -1784,4 +1784,13 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo /FO LIST' at line 1
 EXECUTE IMMEDIATE 'if(`systeminfo';
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo' at line 1
+#
+# MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append
+#
+SET @@sql_mode='ANSI_QUOTES';
+EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"' at line 1
+EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"abc' at line 1
+SET @@sql_mode=@save_sql_mode;
 # End of 10.3 tests
--- a/mysql-test/main/parser.test
+++ b/mysql-test/main/parser.test
@ -1561,4 +1561,19 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
 --error ER_PARSE_ERROR
 EXECUTE IMMEDIATE 'if(`systeminfo';

+--echo #
+--echo # MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append
+--echo #
+SET @@sql_mode='ANSI_QUOTES';
+
+# Without a patch execution of the following statements results in assertion
+# in Lex_input_stream::body_utf8_append on parsing the statement
+--error ER_PARSE_ERROR
+EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"';
+
+--error ER_PARSE_ERROR
+EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc';
+
+SET @@sql_mode=@save_sql_mode;
+
 --echo # End of 10.3 tests
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd,
        Return the quote character, to have the parser fail on syntax error.
      */
      m_ptr= (char *) m_tok_start + 1;
+      if (m_echo)
+        m_cpp_ptr= (char *) m_cpp_tok_start + 1;
      return quote_char;
    }
    int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query());