Bug #20908: Crash if select @@""

Zero-length variables caused failures when using the length to look
up the name in a hash.  Instead, signal that no zero-length name can
ever be found and that to encounter one is a syntax error.
parent 951eb48a
...@@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes; ...@@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes'; show variables like 'log_queries_not_using_indexes';
Variable_name Value Variable_name Value
log_queries_not_using_indexes OFF log_queries_not_using_indexes OFF
select @@"";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""' at line 1
select @@&;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '&' at line 1
select @@@;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@' at line 1
End of 5.0 tests End of 5.0 tests
set global binlog_cache_size =@my_binlog_cache_size; set global binlog_cache_size =@my_binlog_cache_size;
set global connect_timeout =@my_connect_timeout; set global connect_timeout =@my_connect_timeout;
......
...@@ -585,6 +585,16 @@ show variables like 'ssl%'; ...@@ -585,6 +585,16 @@ show variables like 'ssl%';
select @@log_queries_not_using_indexes; select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes'; show variables like 'log_queries_not_using_indexes';
#
# Bug#20908: Crash if select @@""
#
--error ER_PARSE_ERROR
select @@"";
--error ER_PARSE_ERROR
select @@&;
--error ER_PARSE_ERROR
select @@@;
--echo End of 5.0 tests --echo End of 5.0 tests
# This is at the very after the versioned tests, since it involves doing # This is at the very after the versioned tests, since it involves doing
...@@ -620,3 +630,4 @@ set global server_id =@my_server_id; ...@@ -620,3 +630,4 @@ set global server_id =@my_server_id;
set global slow_launch_time =@my_slow_launch_time; set global slow_launch_time =@my_slow_launch_time;
set global storage_engine =@my_storage_engine; set global storage_engine =@my_storage_engine;
set global thread_cache_size =@my_thread_cache_size; set global thread_cache_size =@my_thread_cache_size;
...@@ -447,8 +447,9 @@ int main(int argc,char **argv) ...@@ -447,8 +447,9 @@ int main(int argc,char **argv)
and you are welcome to modify and redistribute it under the GPL license\n\ and you are welcome to modify and redistribute it under the GPL license\n\
\n*/\n\n"); \n*/\n\n");
printf("/* This code is generated by gen_lex_hash.cc that seeks for\ /* Broken up to indicate that it's not advice to you, gentle reader. */
a perfect\nhash function */\n\n"); printf("/* Do " "not " "edit " "this " "file! This is generated by "
"gen_lex_hash.cc\nthat seeks for a perfect hash function */\n\n");
printf("#include \"lex.h\"\n\n"); printf("#include \"lex.h\"\n\n");
calc_length(); calc_length();
...@@ -468,6 +469,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\ ...@@ -468,6 +469,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\
{\n\ {\n\
register uchar *hash_map;\n\ register uchar *hash_map;\n\
register const char *cur_str= s;\n\ register const char *cur_str= s;\n\
\n\
if (len == 0) {\n\
DBUG_PRINT(\"warning\", (\"get_hash_symbol() received a request for a zero-length symbol, which is probably a mistake.\"));\
return(NULL);\n\
}\
\n\
if (function){\n\ if (function){\n\
if (len>sql_functions_max_len) return 0;\n\ if (len>sql_functions_max_len) return 0;\n\
hash_map= sql_functions_map;\n\ hash_map= sql_functions_map;\n\
......
...@@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd) ...@@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd)
if (c == '.') if (c == '.')
lex->next_state=MY_LEX_IDENT_SEP; lex->next_state=MY_LEX_IDENT_SEP;
length= (uint) (lex->ptr - lex->tok_start)-1; length= (uint) (lex->ptr - lex->tok_start)-1;
if (length == 0)
return(ABORT_SYM); // Names must be nonempty.
if ((tokval= find_keyword(lex,length,0))) if ((tokval= find_keyword(lex,length,0)))
{ {
yyUnget(); // Put back 'c' yyUnget(); // Put back 'c'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment