Commit f130adbf authored by Dmitry Shulga's avatar Dmitry Shulga

MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length'...

MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length' failed in Lex_input_stream::body_utf8_append

On parsing statements for which a starting backtick (`) delimiter doesn't have
a corresponding ending backtick, a current pointer to a position inside a
pre-processed buffer could go beyond the end of the buffer.

This bug report caused by the commit d4967659
  "MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds".

In order to fix the issue both pointers m_ptr and m_cpp_ptr must be
rolled back to previous position in raw input and pre-processed input streams
correspondingly in case end of query reached during parsing.
parent fb9a9599
...@@ -1784,4 +1784,13 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST'; ...@@ -1784,4 +1784,13 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo /FO LIST' at line 1 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo /FO LIST' at line 1
EXECUTE IMMEDIATE 'if(`systeminfo'; EXECUTE IMMEDIATE 'if(`systeminfo';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo' at line 1 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`systeminfo' at line 1
#
# MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append
#
SET @@sql_mode='ANSI_QUOTES';
EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"' at line 1
EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc';
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '"abc' at line 1
SET @@sql_mode=@save_sql_mode;
# End of 10.3 tests # End of 10.3 tests
...@@ -1561,4 +1561,19 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST'; ...@@ -1561,4 +1561,19 @@ EXECUTE IMMEDIATE 'if(`systeminfo /FO LIST';
--error ER_PARSE_ERROR --error ER_PARSE_ERROR
EXECUTE IMMEDIATE 'if(`systeminfo'; EXECUTE IMMEDIATE 'if(`systeminfo';
--echo #
--echo # MDEV-23666 Assertion failed in Lex_input_stream::body_utf8_append
--echo #
SET @@sql_mode='ANSI_QUOTES';
# Without a patch execution of the following statements results in assertion
# in Lex_input_stream::body_utf8_append on parsing the statement
--error ER_PARSE_ERROR
EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"';
--error ER_PARSE_ERROR
EXECUTE IMMEDIATE 'CREATE PROCEDURE p() UPDATE t SET c=\'\'"abc';
SET @@sql_mode=@save_sql_mode;
--echo # End of 10.3 tests --echo # End of 10.3 tests
...@@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd, ...@@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd,
Return the quote character, to have the parser fail on syntax error. Return the quote character, to have the parser fail on syntax error.
*/ */
m_ptr= (char *) m_tok_start + 1; m_ptr= (char *) m_tok_start + 1;
if (m_echo)
m_cpp_ptr= (char *) m_cpp_tok_start + 1;
return quote_char; return quote_char;
} }
int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query()); int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query());
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment