Bug#28779 (mysql_query() allows execution of statements with unbalanced

comments) Before this fix, the server would accept queries that contained comments, even when the comments were not properly closed with a '*' '/' marker. For example, select 1 /* + 2 <EOF> would be accepted as select 1 /* + 2 */ <EOF> and executed as select 1 With this fix, the server now rejects queries with unclosed comments as syntax errors. Both regular comments ('/' '*') and special comments ('/' '*' '!') must be closed with '*' '/' to be parsed correctly. mysql-test/r/comments.result: Unbalanced comments are a syntax error. mysql-test/t/comments.test: Unbalanced comments are a syntax error. sql/sql_lex.cc: Unbalanced comments are a syntax error.
2026-04-27 02:35:29 +02:00 · 2007-08-29 14:50:32 -06:00 · 2007-08-29 14:50:32 -06:00 · b0f899e977
commit b0f899e977
parent 3d5440505c
3 changed files with 78 additions and 7 deletions
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@ -526,6 +526,7 @@ static inline uint int_token(const char *str,uint length)
 int MYSQLlex(void *arg, void *yythd)
 {
  reg1	uchar c;
+  bool comment_closed;
  int	tokval, result_state;
  uint length;
  enum my_lex_states state;
@ -961,15 +962,34 @@ int MYSQLlex(void *arg, void *yythd)
 	  break;
 	}
      }
-      while (lip->ptr != lip->end_of_query &&
-	     ((c=yyGet()) != '*' || yyPeek() != '/'))
+      /*
+        Discard:
+        - regular '/' '*' comments,
+        - special comments '/' '*' '!' for a future version,
+        by scanning until we find a closing '*' '/' marker.
+        Note: There is no such thing as nesting comments,
+        the first '*' '/' sequence seen will mark the end.
+      */
+      comment_closed= FALSE;
+      while (lip->ptr != lip->end_of_query)
      {
-	if (c == '\n')
-	  lip->yylineno++;
+        c= yyGet();
+        if (c == '*')
+        {
+          if (yyPeek() == '/')
+          {
+            yySkip();
+            comment_closed= TRUE;
+            state = MY_LEX_START;
+            break;
+          }
+        }
+        else if (c == '\n')
+          lip->yylineno++;
      }
-      if (lip->ptr != lip->end_of_query)
-	yySkip();			// remove last '/'
-      state = MY_LEX_START;		// Try again
+      /* Unbalanced comments with a missing '*' '/' are a syntax error */
+      if (! comment_closed)
+        return (ABORT_SYM);
      break;
    case MY_LEX_END_LONG_COMMENT:
      if (lex->in_comment && yyPeek() == '/')
@ -1009,6 +1029,9 @@ int MYSQLlex(void *arg, void *yythd)
      if (lip->ptr >= lip->end_of_query)
      {
 	lip->next_state=MY_LEX_END;	// Mark for next loop
+        /* Unbalanced comments with a missing '*' '/' are a syntax error */
+        if (lex->in_comment)
+          return (ABORT_SYM);
 	return(END_OF_INPUT);
      }
      state=MY_LEX_CHAR;