Bug #58900 query_get_value crashes when result begins with dollar sign

Generalized fix for recursive backtick Optional arg to eval_expr telling it not to interpret
2011-01-11 10:54:42 +01:00 · 2011-01-11 10:54:42 +01:00 · 0630418539
commit 0630418539
parent a18cde4734
3 changed files with 18 additions and 4 deletions
--- a/client/mysqltest.cc
+++ b/client/mysqltest.cc
@ -474,7 +474,7 @@ VAR* var_init(VAR* v, const char *name, int name_len, const char *val,
 void var_free(void* v);
 VAR* var_get(const char *var_name, const char** var_name_end,
             my_bool raw, my_bool ignore_not_existing);
-void eval_expr(VAR* v, const char *p, const char** p_end, bool backtick= true);
+void eval_expr(VAR* v, const char *p, const char** p_end, bool do_eval= true);
 my_bool match_delimiter(int c, const char *delim, uint length);
 void dump_result_to_reject_file(char *buf, int size);
 void dump_warning_messages();
@ -2371,7 +2371,7 @@ void var_set_query_get_value(struct st_command *command, VAR *var)
        break;
      }
    }
-    eval_expr(var, value, 0);
+    eval_expr(var, value, 0, false);
  }
  dynstr_free(&ds_query);
  mysql_free_result(res);
@ -2401,12 +2401,16 @@ void var_copy(VAR *dest, VAR *src)
 }


-void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
+void eval_expr(VAR *v, const char *p, const char **p_end, bool do_eval)
 {

  DBUG_ENTER("eval_expr");
  DBUG_PRINT("enter", ("p: '%s'", p));

+  /* Skip to treat as pure string if no evaluation */
+  if (! do_eval)
+    goto NO_EVAL;
+  
  if (*p == '$')
  {
    VAR *vp;
@ -2426,7 +2430,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
    DBUG_VOID_RETURN;
  }

-  if (*p == '`' && backtick)
+  if (*p == '`')
  {
    var_query_set(v, p, p_end);
    DBUG_VOID_RETURN;
@ -2449,6 +2453,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
    }
  }

+ NO_EVAL:
  {
    int new_val_len = (p_end && *p_end) ?
      (int) (*p_end - p) : (int) strlen(p);
--- a/mysql-test/r/mysqltest.result
+++ b/mysql-test/r/mysqltest.result
@ -311,6 +311,9 @@ failing query in let
 create table t1 (a varchar(100));
 insert into t1 values ('`select 42`');
 `select 42`
+insert into t1 values ('$dollar');
+$dollar
+`select 42`
 drop table t1;
 mysqltest: At line 1: Error running query 'failing query': 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'failing query' at line 1
 mysqltest: At line 1: Missing required argument 'filename' to command 'source'
--- a/mysql-test/t/mysqltest.test
+++ b/mysql-test/t/mysqltest.test
@ -859,6 +859,12 @@ insert into t1 values ('`select 42`');
 let $a= `select * from t1`;
 # This should output `select 42`, not evaluate it again to 42
 echo $a;
+insert into t1 values ('$dollar');
+# These should also output the string without evaluating it.
+let $a= query_get_value(select * from t1 order by a, a, 1);
+echo $a;
+let $a= query_get_value(select * from t1 order by a, a, 2);
+echo $a;
 drop table t1;

 --error 1