1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug #58900 query_get_value crashes when result begins with dollar sign

Browse Source 
Generalized fix for recursive backtick
Optional arg to eval_expr telling it not to interpret
This commit is contained in:
Bjorn Munch 2011-01-11 10:54:42 +01:00
parent a18cde4734
commit 0630418539
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
client/mysqltest.cc
View File

@ -474,7 +474,7 @@ VAR* var_init(VAR* v, const char *name, int name_len, const char *val,
void var_free(void* v); void var_free(void* v);
VAR* var_get(const char *var_name, const char** var_name_end, VAR* var_get(const char *var_name, const char** var_name_end,
my_bool raw, my_bool ignore_not_existing); my_bool raw, my_bool ignore_not_existing);
void eval_expr(VAR* v, const char *p, const char** p_end, bool backtick= true); void eval_expr(VAR* v, const char *p, const char** p_end, bool do_eval= true);
my_bool match_delimiter(int c, const char *delim, uint length); my_bool match_delimiter(int c, const char *delim, uint length);
void dump_result_to_reject_file(char *buf, int size); void dump_result_to_reject_file(char *buf, int size);
void dump_warning_messages(); void dump_warning_messages();
@ -2371,7 +2371,7 @@ void var_set_query_get_value(struct st_command *command, VAR *var)
break; break;
} }
} }
eval_expr(var, value, 0); eval_expr(var, value, 0, false);
} }
dynstr_free(&ds_query); dynstr_free(&ds_query);
mysql_free_result(res); mysql_free_result(res);
@ -2401,12 +2401,16 @@ void var_copy(VAR *dest, VAR *src)
} }
void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick) void eval_expr(VAR *v, const char *p, const char **p_end, bool do_eval)
{ {
DBUG_ENTER("eval_expr"); DBUG_ENTER("eval_expr");
DBUG_PRINT("enter", ("p: '%s'", p)); DBUG_PRINT("enter", ("p: '%s'", p));
/* Skip to treat as pure string if no evaluation */
if (! do_eval)
goto NO_EVAL;
if (*p == '$') if (*p == '$')
{ {
VAR *vp; VAR *vp;
@ -2426,7 +2430,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
if (*p == '`' && backtick) if (*p == '`')
{ {
var_query_set(v, p, p_end); var_query_set(v, p, p_end);
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
@ -2449,6 +2453,7 @@ void eval_expr(VAR *v, const char *p, const char **p_end, bool backtick)
} }
} }
NO_EVAL:
{ {
int new_val_len = (p_end && *p_end) ? int new_val_len = (p_end && *p_end) ?
(int) (*p_end - p) : (int) strlen(p); (int) (*p_end - p) : (int) strlen(p);

3
mysql-test/r/mysqltest.result
View File

@ -311,6 +311,9 @@ failing query in let
create table t1 (a varchar(100)); create table t1 (a varchar(100));
insert into t1 values ('`select 42`'); insert into t1 values ('`select 42`');
`select 42` `select 42`
insert into t1 values ('$dollar');
$dollar
`select 42`
drop table t1; drop table t1;
mysqltest: At line 1: Error running query 'failing query': 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'failing query' at line 1 mysqltest: At line 1: Error running query 'failing query': 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'failing query' at line 1
mysqltest: At line 1: Missing required argument 'filename' to command 'source' mysqltest: At line 1: Missing required argument 'filename' to command 'source'

6
mysql-test/t/mysqltest.test
View File

@ -859,6 +859,12 @@ insert into t1 values ('`select 42`');
let $a= `select * from t1`; let $a= `select * from t1`;
# This should output `select 42`, not evaluate it again to 42 # This should output `select 42`, not evaluate it again to 42
echo $a; echo $a;
insert into t1 values ('$dollar');
# These should also output the string without evaluating it.
let $a= query_get_value(select * from t1 order by a, a, 1);
echo $a;
let $a= query_get_value(select * from t1 order by a, a, 2);
echo $a;
drop table t1; drop table t1;
--error 1 --error 1