Commit bb986a24 authored by unknown's avatar unknown

Bug #30164: Using client side macro inside server side comments generates broken queries

  
Problem:
  
In cases when a client-side macro appears inside a server-side comment, the add_line() function in mysql.cc discarded all characters until the next delimiter to remove macro arguments from the query string. This resulted in broken queries being sent to the server when the next delimiter character appeared past the comment's boundaries, because the comment closing sequence ('*/') was discarded.
  
Fix:
  
If a client-side macro appears inside a server-side comment, discard all characters in the comment after the macro (that is, until the end of the comment rather than the next delimiter).
This is a minimal fix to allow only simple cases used by the mysqlbinlog utility. Limitations that are worth documenting:
  
- Nested server-side and/or client-side comments are not supported by mysql.cc
- Using client-side macros in multi-line server-side comments is not supported
- All characters after a client-side macro in a server-side comment will be omitted from the query string (and thus, will not be sent to server).


client/mysql.cc:
  If a client-side macro appears inside a server-side comment, discard all characters in the comment after the macro.
mysql-test/r/mysql.result:
  Added a test case for bug #30164.
mysql-test/t/mysql.test:
  Added a test case for bug #30164.
parent 3d544050
......@@ -1245,6 +1245,7 @@ static bool add_line(String &buffer,char *line,char *in_string,
char buff[80], *pos, *out;
COMMANDS *com;
bool need_space= 0;
bool ss_comment= 0;
DBUG_ENTER("add_line");
if (!line[0] && buffer.is_empty())
......@@ -1293,22 +1294,36 @@ static bool add_line(String &buffer,char *line,char *in_string,
}
if ((com=find_command(NullS,(char) inchar)))
{
const String tmp(line,(uint) (out-line), charset_info);
buffer.append(tmp);
if ((*com->func)(&buffer,pos-1) > 0)
DBUG_RETURN(1); // Quit
if (com->takes_params)
{
for (pos++ ;
*pos && (*pos != *delimiter ||
!is_prefix(pos + 1, delimiter + 1)) ; pos++)
; // Remove parameters
if (!*pos)
pos--;
else
pos+= delimiter_length - 1; // Point at last delim char
}
out=line;
const String tmp(line,(uint) (out-line), charset_info);
buffer.append(tmp);
if ((*com->func)(&buffer,pos-1) > 0)
DBUG_RETURN(1); // Quit
if (com->takes_params)
{
if (ss_comment)
{
/*
If a client-side macro appears inside a server-side comment,
discard all characters in the comment after the macro (that is,
until the end of the comment rather than the next delimiter)
*/
for (pos++; *pos && (*pos != '*' || *(pos + 1) != '/'); pos++)
;
pos--;
}
else
{
for (pos++ ;
*pos && (*pos != *delimiter ||
!is_prefix(pos + 1, delimiter + 1)) ; pos++)
; // Remove parameters
if (!*pos)
pos--;
else
pos+= delimiter_length - 1; // Point at last delim char
}
}
out=line;
}
else
{
......@@ -1368,7 +1383,7 @@ static bool add_line(String &buffer,char *line,char *in_string,
out=line;
}
}
else if (*ml_comment && inchar == '*' && *(pos + 1) == '/')
else if (*ml_comment && !ss_comment && inchar == '*' && *(pos + 1) == '/')
{
pos++;
*ml_comment= 0;
......@@ -1376,6 +1391,11 @@ static bool add_line(String &buffer,char *line,char *in_string,
}
else
{ // Add found char to buffer
if (!*in_string && inchar == '/' && *(pos + 1) == '*' &&
*(pos + 2) == '!')
ss_comment= 1;
else if (!*in_string && ss_comment && inchar == '*' && *(pos + 1) == '/')
ss_comment= 0;
if (inchar == *in_string)
*in_string= 0;
else if (!*ml_comment && !*in_string &&
......
......@@ -176,4 +176,6 @@ ERROR at line 1: DELIMITER cannot contain a backslash character
ERROR at line 1: DELIMITER cannot contain a backslash character
1
1
1
1
End of 5.0 tests
......@@ -273,4 +273,9 @@ EOF
--exec $MYSQL --pager="540bytelengthstringxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -e "select 1" > /dev/null 2>&1
--exec $MYSQL --character-sets-dir="540bytelengthstringxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -e "select 1" 2>&1
#
# bug #30164: Using client side macro inside server side comments generates broken queries
#
--exec $MYSQL test -e '/*! \C latin1 */ select 1;'
--echo End of 5.0 tests
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment