Commit ae14393e authored by unknown's avatar unknown
Browse files

When escaping a string in a multi-byte character set, escape all bytes of 

a character that appears to be a multi-byte character based on its first
byte, but is not actually a valid multi-byte character. (Bug #8378)


tests/mysql_client_test.c:
  Add test for Bug #8317
mysys/charset.c:
  Properly escape invalid multibyte characters.
parent 37e2873f

mysys/charset.c

+20 −0
Original line number Diff line number Diff line
@@ -581,6 +581,26 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to, 
      from--;

      continue;

    }

    /*

     If the next character appears to begin a multi-byte character, we

     escape all of the bytes of that apparent character. (The character just

     looks like a multi-byte character -- if it were actually a multi-byte

     character, it would have been passed through in the test above.)



     Without this check, we can create a problem by converting an invalid

     multi-byte character into a valid one. For example, 0xbf27 is not

     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)

    */

    if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)

    {

      while (l--)

      {

        *to++= '\\';

	*to++= *from++;

      }

      from--;

      continue;

    }

#endif

    switch (*from) {

    case 0:				/* Must be escaped for 'mysql' */

tests/mysql_client_test.c

+49 −0
Original line number Diff line number Diff line
@@ -11532,6 +11532,54 @@ static void test_bug6761(void) 
  myquery(rc);

}



/*

 Test mysql_real_escape_string() with gbk charset



 The important part is that 0x27 (') is the second-byte in a invvalid

 two-byte GBK character here. But 0xbf5c is a valid GBK character, so

 it needs to be escaped as 0x5cbf5c27

*/

#define TEST_BUG8317_IN  "\xef\xbb\xbf\x27"

#define TEST_BUG8317_OUT "\xef\xbb\x5c\xbf\x5c\x27"



static void test_bug8317()

{

  MYSQL *lmysql;

  char out[9]; /* strlen(TEST_BUG8317)*2+1 */

  int len;



  myheader("test_bug8317");



  if (!opt_silent)

    fprintf(stdout, "\n Establishing a test connection ...");

  if (!(lmysql= mysql_init(NULL)))

  {

    myerror("mysql_init() failed");

    exit(1);

  }

  if (mysql_options(lmysql, MYSQL_SET_CHARSET_NAME, "gbk"))

  {

    myerror("mysql_options() failed");

    exit(1);

  }

  if (!(mysql_real_connect(lmysql, opt_host, opt_user,

                           opt_password, current_db, opt_port,

                           opt_unix_socket, 0)))

  {

    myerror("connection failed");

    exit(1);

  }

  if (!opt_silent)

    fprintf(stdout, " OK");



  len= mysql_real_escape_string(lmysql, out, TEST_BUG8317_IN, 4);



  /* No escaping should have actually happened. */

  DIE_UNLESS(memcmp(out, TEST_BUG8317_OUT, len) == 0);



  mysql_close(lmysql);

}



/*

  Read and parse arguments and MySQL options from my.cnf

*/
@@ -11739,6 +11787,7 @@ static struct my_tests_st my_tests[]= { 
  { "test_conversion", test_conversion },

  { "test_rewind", test_rewind },

  { "test_bug6761", test_bug6761 },

  { "test_bug8317", test_bug8317 },

  { 0, 0 }

};