From 1e8dcbe01f463abac7845abe5bbeebb49251a5bd Mon Sep 17 00:00:00 2001
From: unknown <acurtis@pcgem.rdg.cyberkinetica.com>
Date: Thu, 12 Feb 2004 12:01:27 +0000
Subject: [PATCH] Bug#2703 "MySQL server does not detect if garbage chara at
 the end of query"

Allow the parser to see the garbage characters.
Garbage should cause the parser to report an error.


sql/sql_lex.cc:
  Return END_OF_INPUT when at the end of the input buffer.
  Allows the parser to determine if there is junk after a \0 character.
sql/sql_parse.cc:
  Undo 1.314.1.1 04/02/11 12:32:42 guilhem@mysql.com
sql/sql_prepare.cc:
  Undo 1.73 04/02/11 12:32:42 guilhem@mysql.com
---
 sql/sql_lex.cc     |  9 +++++++--
 sql/sql_parse.cc   | 18 +-----------------
 sql/sql_prepare.cc | 10 +---------
 3 files changed, 9 insertions(+), 28 deletions(-)

diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index 70c69bb738..90e5b0300f 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -886,8 +886,13 @@ int yylex(void *arg, void *yythd)
       }
       /* fall true */
     case MY_LEX_EOL:
-      lex->next_state=MY_LEX_END;	// Mark for next loop
-      return(END_OF_INPUT);
+      if (lex->ptr >= lex->end_of_query)
+      {
+	lex->next_state=MY_LEX_END;	// Mark for next loop
+	return(END_OF_INPUT);
+      }
+      state=MY_LEX_CHAR;
+      break;
     case MY_LEX_END:
       lex->next_state=MY_LEX_END;
       return(0);			// We found end of input last time
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 81d6b80678..51e1ebee4a 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -3854,23 +3854,7 @@ mysql_parse(THD *thd, char *inBuf, uint length)
   if (query_cache_send_result_to_client(thd, inBuf, length) <= 0)
   {
     LEX *lex=lex_start(thd, (uchar*) inBuf, length);
-    if (!yyparse((void *)thd) && ! thd->is_fatal_error &&
-        /*
-          If this is not a multiple query, ensure that it has been
-          successfully parsed until the last character. This is to prevent
-          against a wrong (too big) length passed to mysql_real_query(),
-          mysql_prepare()... which can generate garbage characters at the
-          end. If the query was initially multiple, found_colon will be false
-          only when we are in the last query; this last query had already
-          been end-spaces-stripped by alloc_query() in dispatch_command(); as
-          end spaces are the only thing we accept at the end of a query, and
-          they have been stripped already, here we can require that nothing
-          remains after parsing.
-        */
-        (thd->lex->found_colon ||
-         (char*)(thd->lex->ptr) == (thd->query+thd->query_length+1) ||
-         /* yyerror() will show the garbage chars to the user */
-         (yyerror("syntax error"), 0)))
+    if (!yyparse((void *)thd) && ! thd->is_fatal_error)
     {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
       if (mqh_used && thd->user_connect &&
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
index cf723e18d8..2cf0000d97 100644
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@@ -909,15 +909,7 @@ bool mysql_stmt_prepare(THD *thd, char *packet, uint packet_length)
   lex->safe_to_cache_query= 0;
   lex->param_count= 0;
 
-  if (yyparse((void *)thd) || thd->is_fatal_error ||
-      /*
-        Check for wrong (too big) length passed to mysql_prepare() resulting in
-        garbage at the end of the query. There is a similar check in mysql_parse().
-      */
-      (!thd->lex->found_colon && 
-       (char*)(thd->lex->ptr) != (thd->query+thd->query_length+1) &&
-       /* yyerror() will show the garbage chars to the user */
-       (yyerror("syntax error"), 1)) || send_prepare_results(stmt))
+  if (yyparse((void *)thd) || thd->is_fatal_error || send_prepare_results(stmt))
     goto yyparse_err;
 
   lex_end(lex);
-- 
2.30.9