Commit e2291bdc authored by jimw@mysql.com's avatar jimw@mysql.com

Only escape the first character in a sequence of bytes that appears to be

a multibyte character, but was not a valid multibyte character. Refinement
of fix for Bug #8378.
parent 5bb39302
...@@ -583,9 +583,10 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to, ...@@ -583,9 +583,10 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
} }
/* /*
If the next character appears to begin a multi-byte character, we If the next character appears to begin a multi-byte character, we
escape all of the bytes of that apparent character. (The character just escape that first byte of that apparent multi-byte character. (The
looks like a multi-byte character -- if it were actually a multi-byte character just looks like a multi-byte character -- if it were actually
character, it would have been passed through in the test above.) a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not multi-byte character into a valid one. For example, 0xbf27 is not
...@@ -593,12 +594,8 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to, ...@@ -593,12 +594,8 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
*/ */
if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1) if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
{ {
while (l--) *to++= '\\';
{ *to++= *from;
*to++= '\\';
*to++= *from++;
}
from--;
continue; continue;
} }
#endif #endif
......
...@@ -11535,20 +11535,20 @@ static void test_bug6761(void) ...@@ -11535,20 +11535,20 @@ static void test_bug6761(void)
/* /*
Test mysql_real_escape_string() with gbk charset Test mysql_real_escape_string() with gbk charset
The important part is that 0x27 (') is the second-byte in a invvalid The important part is that 0x27 (') is the second-byte in a invalid
two-byte GBK character here. But 0xbf5c is a valid GBK character, so two-byte GBK character here. But 0xbf5c is a valid GBK character, so
it needs to be escaped as 0x5cbf5c27 it needs to be escaped as 0x5cbf27
*/ */
#define TEST_BUG8317_IN "\xef\xbb\xbf\x27" #define TEST_BUG8378_IN "\xef\xbb\xbf\x27\xbf\x10"
#define TEST_BUG8317_OUT "\xef\xbb\x5c\xbf\x5c\x27" #define TEST_BUG8378_OUT "\xef\xbb\x5c\xbf\x5c\x27\x5c\xbf\x10"
static void test_bug8317() static void test_bug8378()
{ {
MYSQL *lmysql; MYSQL *lmysql;
char out[9]; /* strlen(TEST_BUG8317)*2+1 */ char out[9]; /* strlen(TEST_BUG8378)*2+1 */
int len; int len;
myheader("test_bug8317"); myheader("test_bug8378");
if (!opt_silent) if (!opt_silent)
fprintf(stdout, "\n Establishing a test connection ..."); fprintf(stdout, "\n Establishing a test connection ...");
...@@ -11572,10 +11572,10 @@ static void test_bug8317() ...@@ -11572,10 +11572,10 @@ static void test_bug8317()
if (!opt_silent) if (!opt_silent)
fprintf(stdout, " OK"); fprintf(stdout, " OK");
len= mysql_real_escape_string(lmysql, out, TEST_BUG8317_IN, 4); len= mysql_real_escape_string(lmysql, out, TEST_BUG8378_IN, 4);
/* No escaping should have actually happened. */ /* No escaping should have actually happened. */
DIE_UNLESS(memcmp(out, TEST_BUG8317_OUT, len) == 0); DIE_UNLESS(memcmp(out, TEST_BUG8378_OUT, len) == 0);
mysql_close(lmysql); mysql_close(lmysql);
} }
...@@ -11787,7 +11787,7 @@ static struct my_tests_st my_tests[]= { ...@@ -11787,7 +11787,7 @@ static struct my_tests_st my_tests[]= {
{ "test_conversion", test_conversion }, { "test_conversion", test_conversion },
{ "test_rewind", test_rewind }, { "test_rewind", test_rewind },
{ "test_bug6761", test_bug6761 }, { "test_bug6761", test_bug6761 },
{ "test_bug8317", test_bug8317 }, { "test_bug8378", test_bug8378 },
{ 0, 0 } { 0, 0 }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment