Commit e0bffad3 authored by unknown's avatar unknown
Browse files

Bug #20908: Crash if select @@"" 

Zero-length variables caused failures when using the length to look
up the name in a hash.  Instead, signal that no zero-length name can
ever be found and that to encounter one is a syntax error.


mysql-test/r/variables.result:
  Results for test.
mysql-test/t/variables.test:
  Insert tests to prove that zero-length variable names do not cause
  faults.
sql/gen_lex_hash.cc:
  If the length is zero, then there is nothing to look-up in the 
  hash.
sql/sql_lex.cc:
  Names of variables must not be empty.  Signal an error of that 
  happens.
parent 75e40b16

mysql-test/r/variables.result

+6 −0
Original line number Diff line number Diff line
@@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes; 
show variables like 'log_queries_not_using_indexes';

Variable_name	Value

log_queries_not_using_indexes	OFF

select @@"";

ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""' at line 1

select @@&;

ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '&' at line 1

select @@@;

ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@' at line 1

End of 5.0 tests

set global binlog_cache_size         =@my_binlog_cache_size;

set global connect_timeout           =@my_connect_timeout;

mysql-test/t/variables.test

+11 −0
Original line number Diff line number Diff line
@@ -585,6 +585,16 @@ show variables like 'ssl%'; 
select @@log_queries_not_using_indexes;

show variables like 'log_queries_not_using_indexes';



#

# Bug#20908: Crash if select @@""

#

--error ER_PARSE_ERROR

select @@"";

--error ER_PARSE_ERROR

select @@&;

--error ER_PARSE_ERROR

select @@@;



--echo End of 5.0 tests



# This is at the very after the versioned tests, since it involves doing
@@ -620,3 +630,4 @@ set global server_id =@my_server_id; 
set global slow_launch_time          =@my_slow_launch_time;

set global storage_engine            =@my_storage_engine;

set global thread_cache_size         =@my_thread_cache_size;

sql/gen_lex_hash.cc

+11 −2
Original line number Diff line number Diff line
@@ -442,13 +442,16 @@ int main(int argc,char **argv) 
  if (get_options(argc,(char **) argv))

    exit(1);



  /* Broken up to indicate that it's not advice to you, gentle reader. */

  printf("/*\n\n  Do " "not " "edit " "this " "file " "directly!\n\n*/\n");



  printf("/* Copyright (C) 2001-2004 MySQL AB\n\

   This software comes with ABSOLUTELY NO WARRANTY. This is free software,\n\

   and you are welcome to modify and redistribute it under the GPL license\n\

   \n*/\n\n");



  printf("/* This code is generated by gen_lex_hash.cc that seeks for\

 a perfect\nhash function */\n\n");

  printf("/* Do " "not " "edit " "this " "file!  This is generated by "

         "gen_lex_hash.cc\nthat seeks for a perfect hash function */\n\n");

  printf("#include \"lex.h\"\n\n");



  calc_length();
@@ -468,6 +471,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\ 
{\n\

  register uchar *hash_map;\n\

  register const char *cur_str= s;\n\

\n\

  if (len == 0) {\n\

    DBUG_PRINT(\"warning\", (\"get_hash_symbol() received a request for a zero-length symbol, which is probably a mistake.\"));\

    return(NULL);\n\

  }\

\n\

  if (function){\n\

    if (len>sql_functions_max_len) return 0;\n\

    hash_map= sql_functions_map;\n\

sql/sql_lex.cc

+2 −0
Original line number Diff line number Diff line
@@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd) 
      if (c == '.')

	lex->next_state=MY_LEX_IDENT_SEP;

      length= (uint) (lex->ptr - lex->tok_start)-1;

      if (length == 0) 

        return(ABORT_SYM);              // Names must be nonempty.

      if ((tokval= find_keyword(lex,length,0)))

      {

	yyUnget();				// Put back 'c'