Bug#21682356: STOP INJECTING DATA ITEMS IN AN ERROR MESSAGE

GENERATED BY THE EXP() FUNCTION When generating the error message for numeric overflow, pass a flag to Item::print() that prevents it from expanding constant expressions and parameters to the values they evaluate to. For consistency, also pass the flag to Item::print() when Item_func_spatial_collection::fix_length_and_dec() generates an error message. It doesn't make any difference at the moment, since constant expressions haven't been evaluated yet when this function is called.
2016-01-07 12:53:18 +01:00 · 2016-01-07 12:53:18 +01:00 · 95825fa28a
commit 95825fa28a
parent 79032a7ae1
6 changed files with 48 additions and 21 deletions
--- a/mysql-test/r/func_math.result
+++ b/mysql-test/r/func_math.result
@ -632,9 +632,9 @@ ERROR 22003: BIGINT UNSIGNED value is out of range in '(18446744073709551615 DIV
 CREATE TABLE t1(a BIGINT, b BIGINT UNSIGNED);
 INSERT INTO t1 VALUES(-9223372036854775808, 9223372036854775809);
 SELECT -a FROM t1;
-ERROR 22003: BIGINT value is out of range in '-('-9223372036854775808')'
+ERROR 22003: BIGINT value is out of range in '-(`test`.`t1`.`a`)'
 SELECT -b FROM t1;
-ERROR 22003: BIGINT value is out of range in '-('9223372036854775809')'
+ERROR 22003: BIGINT value is out of range in '-(`test`.`t1`.`b`)'
 DROP TABLE t1;
 SET @a:=999999999999999999999999999999999999999999999999999999999999999999999999999999999;
 SELECT @a + @a;
--- a/sql/item.cc
+++ b/sql/item.cc
@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -3456,7 +3456,7 @@ Item_param::eq(const Item *arg, bool binary_cmp) const
 void Item_param::print(String *str, enum_query_type query_type)
 {
-  if (state == NO_VALUE)
+  if (state == NO_VALUE || query_type & QT_NO_DATA_EXPANSION)
  {
    str->append('?');
  }
@ -6197,7 +6197,8 @@ Item *Item_field::update_value_transformer(uchar *select_arg)
 void Item_field::print(String *str, enum_query_type query_type)
 {
-  if (field && field->table->const_table)
+  if (field && field->table->const_table &&
      !(query_type & QT_NO_DATA_EXPANSION))
  {
    char buff[MAX_FIELD_WIDTH];
    String tmp(buff,sizeof(buff),str->charset());
--- a/sql/item_func.h
+++ b/sql/item_func.h
@ -1,7 +1,7 @@
 #ifndef ITEM_FUNC_INCLUDED
 #define ITEM_FUNC_INCLUDED
-/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -217,7 +217,7 @@ public:
    char buf[256];
    String str(buf, sizeof(buf), system_charset_info);
    str.length(0);
-    print(&str, QT_ORDINARY);
+    print(&str, QT_NO_DATA_EXPANSION);
    my_error(ER_DATA_OUT_OF_RANGE, MYF(0), type_name, str.c_ptr_safe());
  }
  inline double raise_float_overflow()
--- a/sql/item_geofunc.h
+++ b/sql/item_geofunc.h
@ -1,7 +1,7 @@
 #ifndef ITEM_GEOFUNC_INCLUDED
 #define ITEM_GEOFUNC_INCLUDED
-/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -187,7 +187,7 @@ public:
      if (args[i]->fixed && args[i]->field_type() != MYSQL_TYPE_GEOMETRY)
      {
        String str;
-        args[i]->print(&str, QT_ORDINARY);
+        args[i]->print(&str, QT_NO_DATA_EXPANSION);
        str.append('\0');
        my_error(ER_ILLEGAL_VALUE_FOR_TYPE, MYF(0), "non geometric",
                 str.ptr());
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@ -1,4 +1,4 @@
-/* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -431,7 +431,13 @@ enum enum_query_type
  /// In utf8.
  QT_TO_SYSTEM_CHARSET= (1 << 0),
  /// Without character set introducers.
-  QT_WITHOUT_INTRODUCERS= (1 << 1)
+  QT_WITHOUT_INTRODUCERS= (1 << 1),
  /**
    If an expression is constant, print the expression, not the value
    it evaluates to. Should be used for error messages, so that they
    don't reveal values.
  */
  QT_NO_DATA_EXPANSION= (1 << 9),
 };
 /* query_id */
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -17427,26 +17427,46 @@ static void print_join(THD *thd,
  /* List is reversed => we should reverse it before using */
  List_iterator_fast<TABLE_LIST> ti(*tables);
  TABLE_LIST **table;
-  uint non_const_tables= 0;
+
  /*
    If the QT_NO_DATA_EXPANSION flag is specified, we print the
    original table list, including constant tables that have been
    optimized away, as the constant tables may be referenced in the
    expression printed by Item_field::print() when this flag is given.
    Otherwise, only non-const tables are printed.
    Example:
    Original SQL:
    select * from (select 1) t
    Printed without QT_NO_DATA_EXPANSION:
    select '1' AS `1` from dual
    Printed with QT_NO_DATA_EXPANSION:
    select `t`.`1` from (select 1 AS `1`) `t`
  */
  const bool print_const_tables= (query_type & QT_NO_DATA_EXPANSION);
  size_t tables_to_print= 0;
  for (TABLE_LIST *t= ti++; t ; t= ti++)
-    if (!t->optimized_away)
+    if (print_const_tables || !t->optimized_away)
-      non_const_tables++;
+      tables_to_print++;
-  if (!non_const_tables)
+  if (tables_to_print == 0)
  {
    str->append(STRING_WITH_LEN("dual"));
    return; // all tables were optimized away
  }
  ti.rewind();
-  if (!(table= (TABLE_LIST **)thd->alloc(sizeof(TABLE_LIST*) *
+  if (!(table= static_cast<TABLE_LIST **>(thd->alloc(sizeof(TABLE_LIST*) *
-                                                non_const_tables)))
+                                                     tables_to_print))))
    return;  // out of memory
-  TABLE_LIST *tmp, **t= table + (non_const_tables - 1);
+  TABLE_LIST *tmp, **t= table + (tables_to_print - 1);
  while ((tmp= ti++))
  {
-    if (tmp->optimized_away)
+    if (tmp->optimized_away && !print_const_tables)
      continue;
    *t--= tmp;
  }
@ -17454,7 +17474,7 @@ static void print_join(THD *thd,
  DBUG_ASSERT(tables->elements >= 1);
  (*table)->print(thd, str, query_type);
-  TABLE_LIST **end= table + non_const_tables;
+  TABLE_LIST **end= table + tables_to_print;
  for (TABLE_LIST **tbl= table + 1; tbl < end; tbl++)
  {
    TABLE_LIST *curr= *tbl;