Manual merge.

19b32549 · Davi Arnaut · 527e5fd3 · c7163c63 · 19b32549 · 19b32549
Commit 19b32549 authored Aug 10, 2009 by Davi Arnaut
Showing with 40 additions and 8 deletions

mysql-test/r/ctype_recoding.result mysql-test/r/ctype_recoding.result +1 -1

sql/sql_lex.cc sql/sql_lex.cc +6 -3

sql/sql_lex.h sql/sql_lex.h +4 -4

tests/mysql_client_test.c tests/mysql_client_test.c +29 -0

No files found.
--- a/mysql-test/r/ctype_recoding.result
+++ b/mysql-test/r/ctype_recoding.result
@@ -165,7 +165,7 @@ CREATE TABLE `good
 ERROR HY000: Invalid utf8 character string: ''
 SET NAMES utf8;
 CREATE TABLE `good` (a int);
-ERROR HY000: Invalid utf8 character string: '` (a int)'
+ERROR HY000: Invalid utf8 character string: ''
 set names latin1;
 create table t1 (a char(10) character set koi8r, b text character set koi8r);
 insert into t1 values ('test','test');

--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -1105,9 +1105,12 @@ int MYSQLlex(void *arg, void *yythd)
 	  }
 	}
 #ifdef USE_MB
-	else if (var_length < 1)
-	  break;				// Error
-        lip->skip_binary(var_length-1);
+        else if (use_mb(cs))
+        {
+          if ((var_length= my_ismbchar(cs, lip->get_ptr() - 1,
+                                       lip->get_end_of_query())))
+            lip->skip_binary(var_length-1);
+        }
 #endif
      }
      if (double_quotes)

--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -1190,7 +1190,7 @@ public:
    Get a character, and advance in the stream.
    @return the next character to parse.
  */
-  char yyGet()
+  unsigned char yyGet()
  {
    char c= *m_ptr++;
    if (m_echo)
@@ -1202,7 +1202,7 @@ public:
    Get the last character accepted.
    @return the last character accepted.
  */
-  char yyGetLast()
+  unsigned char yyGetLast()
  {
    return m_ptr[-1];
  }
@@ -1210,7 +1210,7 @@ public:
  /**
    Look at the next character to parse, but do not accept it.
  */
-  char yyPeek()
+  unsigned char yyPeek()
  {
    return m_ptr[0];
  }
@@ -1219,7 +1219,7 @@ public:
    Look ahead at some character to parse.
    @param n offset of the character to look up
  */
-  char yyPeekn(int n)
+  unsigned char yyPeekn(int n)
  {
    return m_ptr[n];
  }

--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -17947,6 +17947,34 @@ static void test_bug41078(void)
  DBUG_VOID_RETURN;
 }

+/**
+  Bug#45010: invalid memory reads during parsing some strange statements
+*/
+static void test_bug45010()
+{
+  int rc;
+  const char query1[]= "select a.\x80",
+             query2[]= "describe `table\xef";
+
+  DBUG_ENTER("test_bug45010");
+  myheader("test_bug45010");
+
+  rc= mysql_query(mysql, "set names utf8");
+  myquery(rc);
+
+  /* \x80 (-128) could be used as a index of ident_map. */
+  rc= mysql_real_query(mysql, query1, sizeof(query1) - 1);
+  DIE_UNLESS(rc);
+
+  /* \xef (-17) could be used to skip 3 bytes past the buffer end. */
+  rc= mysql_real_query(mysql, query2, sizeof(query2) - 1);
+  DIE_UNLESS(rc);
+
+  rc= mysql_query(mysql, "set names default");
+  myquery(rc);
+
+  DBUG_VOID_RETURN;
+}

 /**
  Bug#44495: Prepared Statement:
@@ -18301,6 +18329,7 @@ static struct my_tests_st my_tests[]= {
  { "test_change_user", test_change_user },
  { "test_bug30472", test_bug30472 },
  { "test_bug20023", test_bug20023 },
+  { "test_bug45010", test_bug45010 },
  { "test_bug31418", test_bug31418 },
  { "test_bug31669", test_bug31669 },
  { "test_bug28386", test_bug28386 },