MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query...

MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query execution makes the server crash

MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query...
MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query execution makes the server crash
b8f906dd · Alexander Barkov · 765452db · b8f906dd · b8f906dd · b8f906dd
Commit b8f906dd authored Nov 15, 2017 by Alexander Barkov
Showing with 39 additions and 0 deletions

mysql-test/suite/compat/oracle/r/ps.result mysql-test/suite/compat/oracle/r/ps.result +15 -0

mysql-test/suite/compat/oracle/t/ps.test mysql-test/suite/compat/oracle/t/ps.test +19 -0

sql/sql_lex.cc sql/sql_lex.cc +5 -0

No files found.
--- a/mysql-test/suite/compat/oracle/r/ps.result
+++ b/mysql-test/suite/compat/oracle/r/ps.result
@@ -247,3 +247,18 @@ DROP PROCEDURE p1;
 #
 # End of MDEV-10866 Extend PREPARE and EXECUTE IMMEDIATE to understand expressions
 #
+#
+# MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query execution makes the server crash
+#
+SELECT ? FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '? FROM DUAL' at line 1
+SELECT :a FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':a FROM DUAL' at line 1
+SELECT :1 FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':1 FROM DUAL' at line 1
+SELECT 1+? FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '? FROM DUAL' at line 1
+SELECT 1+:a FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':a FROM DUAL' at line 1
+SELECT 1+:1 FROM DUAL;
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':1 FROM DUAL' at line 1
--- a/mysql-test/suite/compat/oracle/t/ps.test
+++ b/mysql-test/suite/compat/oracle/t/ps.test
@@ -264,3 +264,22 @@ DROP PROCEDURE p1;
 --echo #
 --echo # End of MDEV-10866 Extend PREPARE and EXECUTE IMMEDIATE to understand expressions
 --echo #
+--echo #
+--echo # MDEV-12846 sql_mode=ORACLE: using Oracle-style placeholders in direct query execution makes the server crash
+--echo #
+--error ER_PARSE_ERROR
+SELECT ? FROM DUAL;
+--error ER_PARSE_ERROR
+SELECT :a FROM DUAL;
+--error ER_PARSE_ERROR
+SELECT :1 FROM DUAL;
+--error ER_PARSE_ERROR
+SELECT 1+? FROM DUAL;
+--error ER_PARSE_ERROR
+SELECT 1+:a FROM DUAL;
+--error ER_PARSE_ERROR
+SELECT 1+:1 FROM DUAL;
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -6438,6 +6438,11 @@ Item *LEX::create_and_link_Item_trigger_field(THD *thd,
 Item_param *LEX::add_placeholder(THD *thd, const LEX_CSTRING *name,
                                 const char *start, const char *end)
 {
+  if (!thd->m_parser_state->m_lip.stmt_prepare_mode)
+  {
+    thd->parse_error(ER_SYNTAX_ERROR, start);
+    return NULL;
+  }
  if (!parsing_options.allows_variable)
  {
    my_error(ER_VIEW_SELECT_VARIABLE, MYF(0));