Bug#21682356: STOP INJECTING DATA ITEMS IN AN ERROR MESSAGE

GENERATED BY THE EXP() FUNCTION When generating the error message for numeric overflow, pass a flag to Item::print() that prevents it from expanding constant expressions and parameters to the values they evaluate to. For consistency, also pass the flag to Item::print() when Item_func_spatial_collection::fix_length_and_dec() generates an error message. It doesn't make any difference at the moment, since constant expressions haven't been evaluated yet when this function is called.
2026-05-03 21:55:33 +02:00 · 2016-01-07 12:53:18 +01:00 · 2016-01-07 12:53:18 +01:00 · 95825fa28a
commit 95825fa28a
parent 79032a7ae1
6 changed files with 48 additions and 21 deletions
--- a/sql/mysqld.h
+++ b/sql/mysqld.h
@ -1,4 +1,4 @@
-/* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@ -431,7 +431,13 @@ enum enum_query_type
  /// In utf8.
  QT_TO_SYSTEM_CHARSET= (1 << 0),
  /// Without character set introducers.
-  QT_WITHOUT_INTRODUCERS= (1 << 1)
+  QT_WITHOUT_INTRODUCERS= (1 << 1),
+  /**
+    If an expression is constant, print the expression, not the value
+    it evaluates to. Should be used for error messages, so that they
+    don't reveal values.
+  */
+  QT_NO_DATA_EXPANSION= (1 << 9),
 };

 /* query_id */