Bug #20908: Crash if select @@""

Zero-length variables caused failures when using the length to look
up the name in a hash.  Instead, signal that no zero-length name can
ever be found and that to encounter one is a syntax error.
parent 951eb48a
...@@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes; ...@@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes'; show variables like 'log_queries_not_using_indexes';
Variable_name Value Variable_name Value
log_queries_not_using_indexes OFF log_queries_not_using_indexes OFF
select @@"";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""' at line 1
select @@&;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '&' at line 1
select @@@;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@' at line 1
End of 5.0 tests End of 5.0 tests
set global binlog_cache_size =@my_binlog_cache_size; set global binlog_cache_size =@my_binlog_cache_size;
set global connect_timeout =@my_connect_timeout; set global connect_timeout =@my_connect_timeout;
......
...@@ -585,6 +585,16 @@ show variables like 'ssl%'; ...@@ -585,6 +585,16 @@ show variables like 'ssl%';
select @@log_queries_not_using_indexes; select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes'; show variables like 'log_queries_not_using_indexes';
#
# Bug#20908: Crash if select @@""
#
--error ER_PARSE_ERROR
select @@"";
--error ER_PARSE_ERROR
select @@&;
--error ER_PARSE_ERROR
select @@@;
--echo End of 5.0 tests --echo End of 5.0 tests
# This is at the very after the versioned tests, since it involves doing # This is at the very after the versioned tests, since it involves doing
...@@ -620,3 +630,4 @@ set global server_id =@my_server_id; ...@@ -620,3 +630,4 @@ set global server_id =@my_server_id;
set global slow_launch_time =@my_slow_launch_time; set global slow_launch_time =@my_slow_launch_time;
set global storage_engine =@my_storage_engine; set global storage_engine =@my_storage_engine;
set global thread_cache_size =@my_thread_cache_size; set global thread_cache_size =@my_thread_cache_size;
...@@ -442,13 +442,16 @@ int main(int argc,char **argv) ...@@ -442,13 +442,16 @@ int main(int argc,char **argv)
if (get_options(argc,(char **) argv)) if (get_options(argc,(char **) argv))
exit(1); exit(1);
/* Broken up to indicate that it's not advice to you, gentle reader. */
printf("/*\n\n Do " "not " "edit " "this " "file " "directly!\n\n*/\n");
printf("/* Copyright (C) 2001-2004 MySQL AB\n\ printf("/* Copyright (C) 2001-2004 MySQL AB\n\
This software comes with ABSOLUTELY NO WARRANTY. This is free software,\n\ This software comes with ABSOLUTELY NO WARRANTY. This is free software,\n\
and you are welcome to modify and redistribute it under the GPL license\n\ and you are welcome to modify and redistribute it under the GPL license\n\
\n*/\n\n"); \n*/\n\n");
printf("/* This code is generated by gen_lex_hash.cc that seeks for\ printf("/* Do " "not " "edit " "this " "file! This is generated by "
a perfect\nhash function */\n\n"); "gen_lex_hash.cc\nthat seeks for a perfect hash function */\n\n");
printf("#include \"lex.h\"\n\n"); printf("#include \"lex.h\"\n\n");
calc_length(); calc_length();
...@@ -468,6 +471,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\ ...@@ -468,6 +471,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\
{\n\ {\n\
register uchar *hash_map;\n\ register uchar *hash_map;\n\
register const char *cur_str= s;\n\ register const char *cur_str= s;\n\
\n\
if (len == 0) {\n\
DBUG_PRINT(\"warning\", (\"get_hash_symbol() received a request for a zero-length symbol, which is probably a mistake.\"));\
return(NULL);\n\
}\
\n\
if (function){\n\ if (function){\n\
if (len>sql_functions_max_len) return 0;\n\ if (len>sql_functions_max_len) return 0;\n\
hash_map= sql_functions_map;\n\ hash_map= sql_functions_map;\n\
......
...@@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd) ...@@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd)
if (c == '.') if (c == '.')
lex->next_state=MY_LEX_IDENT_SEP; lex->next_state=MY_LEX_IDENT_SEP;
length= (uint) (lex->ptr - lex->tok_start)-1; length= (uint) (lex->ptr - lex->tok_start)-1;
if (length == 0)
return(ABORT_SYM); // Names must be nonempty.
if ((tokval= find_keyword(lex,length,0))) if ((tokval= find_keyword(lex,length,0)))
{ {
yyUnget(); // Put back 'c' yyUnget(); // Put back 'c'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment