Commit 06304185 authored by Bjorn Munch's avatar Bjorn Munch

Bug #58900 query_get_value crashes when result begins with dollar sign

Generalized fix for recursive backtick
Optional arg to eval_expr telling it not to interpret
parent a18cde47
......@@ -474,7 +474,7 @@ VAR* var_init(VAR* v, const char *name, int name_len, const char *val,
void var_free(void* v);
VAR* var_get(const char *var_name, const char** var_name_end,
my_bool raw, my_bool ignore_not_existing);
void eval_expr(VAR* v, const char *p, const char** p_end, bool backtick= true);
void eval_expr(VAR* v, const char *p, const char** p_end, bool do_eval= true);
my_bool match_delimiter(int c, const char *delim, uint length);
void dump_result_to_reject_file(char *buf, int size);
void dump_warning_messages();
......@@ -2371,7 +2371,7 @@ void var_set_query_get_value(struct st_command *command, VAR *var)
break;
}
}
eval_expr(var, value, 0);
eval_expr(var, value, 0, false);
}
dynstr_free(&ds_query);
mysql_free_result(res);
......@@ -2401,12 +2401,16 @@ void var_copy(VAR *dest, VAR *src)
}
void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
void eval_expr(VAR *v, const char *p, const char **p_end, bool do_eval)
{
DBUG_ENTER("eval_expr");
DBUG_PRINT("enter", ("p: '%s'", p));
/* Skip to treat as pure string if no evaluation */
if (! do_eval)
goto NO_EVAL;
if (*p == '$')
{
VAR *vp;
......@@ -2426,7 +2430,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
DBUG_VOID_RETURN;
}
if (*p == '`' && backtick)
if (*p == '`')
{
var_query_set(v, p, p_end);
DBUG_VOID_RETURN;
......@@ -2449,6 +2453,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
}
}
NO_EVAL:
{
int new_val_len = (p_end && *p_end) ?
(int) (*p_end - p) : (int) strlen(p);
......
......@@ -311,6 +311,9 @@ failing query in let
create table t1 (a varchar(100));
insert into t1 values ('`select 42`');
`select 42`
insert into t1 values ('$dollar');
$dollar
`select 42`
drop table t1;
mysqltest: At line 1: Error running query 'failing query': 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'failing query' at line 1
mysqltest: At line 1: Missing required argument 'filename' to command 'source'
......
......@@ -859,6 +859,12 @@ insert into t1 values ('`select 42`');
let $a= `select * from t1`;
# This should output `select 42`, not evaluate it again to 42
echo $a;
insert into t1 values ('$dollar');
# These should also output the string without evaluating it.
let $a= query_get_value(select * from t1 order by a, a, 1);
echo $a;
let $a= query_get_value(select * from t1 order by a, a, 2);
echo $a;
drop table t1;
--error 1
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment