Bug#2703

"MySQL server does not detect if garbage chara at the end of query" Allow the parser to see the garbage characters. Garbage should cause the parser to report an error.
2004-02-12 12:01:27 +00:00 · 2004-02-12 12:01:27 +00:00 · a316e2f9e5
commit a316e2f9e5
parent 8e6a2e98ae
3 changed files with 9 additions and 28 deletions
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@ -886,8 +886,13 @@ int yylex(void *arg, void *yythd)
      }
      /* fall true */
    case MY_LEX_EOL:
-      lex->next_state=MY_LEX_END;	// Mark for next loop
-      return(END_OF_INPUT);
+      if (lex->ptr >= lex->end_of_query)
+      {
+	lex->next_state=MY_LEX_END;	// Mark for next loop
+	return(END_OF_INPUT);
+      }
+      state=MY_LEX_CHAR;
+      break;
    case MY_LEX_END:
      lex->next_state=MY_LEX_END;
      return(0);			// We found end of input last time
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -3854,23 +3854,7 @@ mysql_parse(THD *thd, char *inBuf, uint length)
  if (query_cache_send_result_to_client(thd, inBuf, length) <= 0)
  {
    LEX *lex=lex_start(thd, (uchar*) inBuf, length);
-    if (!yyparse((void *)thd) && ! thd->is_fatal_error &&
-        /*
-          If this is not a multiple query, ensure that it has been
-          successfully parsed until the last character. This is to prevent
-          against a wrong (too big) length passed to mysql_real_query(),
-          mysql_prepare()... which can generate garbage characters at the
-          end. If the query was initially multiple, found_colon will be false
-          only when we are in the last query; this last query had already
-          been end-spaces-stripped by alloc_query() in dispatch_command(); as
-          end spaces are the only thing we accept at the end of a query, and
-          they have been stripped already, here we can require that nothing
-          remains after parsing.
-        */
-        (thd->lex->found_colon ||
-         (char*)(thd->lex->ptr) == (thd->query+thd->query_length+1) ||
-         /* yyerror() will show the garbage chars to the user */
-         (yyerror("syntax error"), 0)))
+    if (!yyparse((void *)thd) && ! thd->is_fatal_error)
    {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
      if (mqh_used && thd->user_connect &&
--- a/sql/sql_prepare.cc
+++ b/sql/sql_prepare.cc
@ -909,15 +909,7 @@ bool mysql_stmt_prepare(THD *thd, char *packet, uint packet_length)
  lex->safe_to_cache_query= 0;
  lex->param_count= 0;

-  if (yyparse((void *)thd) || thd->is_fatal_error ||
-      /*
-        Check for wrong (too big) length passed to mysql_prepare() resulting in
-        garbage at the end of the query. There is a similar check in mysql_parse().
-      */
-      (!thd->lex->found_colon && 
-       (char*)(thd->lex->ptr) != (thd->query+thd->query_length+1) &&
-       /* yyerror() will show the garbage chars to the user */
-       (yyerror("syntax error"), 1)) || send_prepare_results(stmt))
+  if (yyparse((void *)thd) || thd->is_fatal_error || send_prepare_results(stmt))
    goto yyparse_err;

  lex_end(lex);