Commit 4ead3820 authored by Davi Arnaut's avatar Davi Arnaut

Merge from mysql-5.0-bugteam.

parents 889eea06 69fbbdc1
......@@ -165,7 +165,7 @@ CREATE TABLE `good
ERROR HY000: Invalid utf8 character string: ''
SET NAMES utf8;
CREATE TABLE `good` (a int);
ERROR HY000: Invalid utf8 character string: '` (a int)'
ERROR HY000: Invalid utf8 character string: ''
set names latin1;
create table t1 (a char(10) character set koi8r, b text character set koi8r);
insert into t1 values ('test','test');
......
......@@ -4006,15 +4006,28 @@ default_service_handling(char **argv,
const char *account_name)
{
char path_and_service[FN_REFLEN+FN_REFLEN+32], *pos, *end;
const char *opt_delim;
end= path_and_service + sizeof(path_and_service)-3;
/* We have to quote filename if it contains spaces */
pos= add_quoted_string(path_and_service, file_path, end);
if (*extra_opt)
{
/* Add (possible quoted) option after file_path */
/*
Add option after file_path. There will be zero or one extra option. It's
assumed to be --defaults-file=file but isn't checked. The variable (not
the option name) should be quoted if it contains a string.
*/
*pos++= ' ';
pos= add_quoted_string(pos, extra_opt, end);
if (opt_delim= strchr(extra_opt, '='))
{
size_t length= ++opt_delim - extra_opt;
strnmov(pos, extra_opt, length);
}
else
opt_delim= extra_opt;
pos= add_quoted_string(pos, opt_delim, end);
}
/* We must have servicename last */
*pos++= ' ';
......
......@@ -32,10 +32,10 @@ sys_var_long_ptr trg_new_row_fake_var(0, 0);
/* Macros to look like lex */
#define yyGet() *(lip->ptr++)
#define yyGetLast() lip->ptr[-1]
#define yyPeek() lip->ptr[0]
#define yyPeek2() lip->ptr[1]
#define yyGet() ((uchar)*(lip->ptr++))
#define yyGetLast() ((uchar)lip->ptr[-1])
#define yyPeek() ((uchar)lip->ptr[0])
#define yyPeek2() ((uchar)lip->ptr[1])
#define yyUnget() lip->ptr--
#define yySkip() lip->ptr++
#define yyLength() ((uint) (lip->ptr - lip->tok_start)-1)
......@@ -813,9 +813,11 @@ int MYSQLlex(void *arg, void *yythd)
}
}
#ifdef USE_MB
else if (var_length < 1)
break; // Error
lip->ptr+= var_length-1;
else if (use_mb(cs))
{
if ((var_length= my_ismbchar(cs, lip->ptr-1, lip->end_of_query)))
lip->ptr+= var_length-1;
}
#endif
}
if (double_quotes)
......
......@@ -16647,6 +16647,38 @@ static void test_bug41078(void)
DBUG_VOID_RETURN;
}
/**
Bug#45010: invalid memory reads during parsing some strange statements
*/
static void test_bug45010()
{
int rc;
const char query1[]= "select a.\x80",
query2[]= "describe `table\xef";
DBUG_ENTER("test_bug45010");
myheader("test_bug45010");
rc= mysql_query(mysql, "set names utf8");
myquery(rc);
/* \x80 (-128) could be used as a index of ident_map. */
rc= mysql_real_query(mysql, query1, sizeof(query1) - 1);
DIE_UNLESS(rc);
/* \xef (-17) could be used to skip 3 bytes past the buffer end. */
rc= mysql_real_query(mysql, query2, sizeof(query2) - 1);
DIE_UNLESS(rc);
rc= mysql_query(mysql, "set names default");
myquery(rc);
DBUG_VOID_RETURN;
}
/*
Read and parse arguments and MySQL options from my.cnf
*/
......@@ -16949,6 +16981,7 @@ static struct my_tests_st my_tests[]= {
#endif
{ "test_bug41078", test_bug41078 },
{ "test_bug20023", test_bug20023 },
{ "test_bug45010", test_bug45010 },
{ 0, 0 }
};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment