Bug : Crash if select @@""

Zero-length variables caused failures when using the length to look
up the name in a hash.  Instead, signal that no zero-length name can
ever be found and that to encounter one is a syntax error.


mysql-test/r/variables.result:
  Results for test.
mysql-test/t/variables.test:
  Insert tests to prove that zero-length variable names do not cause
  faults.
sql/gen_lex_hash.cc:
  If the length is zero, then there is nothing to look-up in the 
  hash.
sql/sql_lex.cc:
  Names of variables must not be empty.  Signal an error of that 
  happens.
This commit is contained in:
unknown 2006-08-15 18:41:21 +02:00
parent 75e40b161b
commit e0bffad3e8
4 changed files with 30 additions and 2 deletions

View file

@ -689,6 +689,12 @@ select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes';
Variable_name Value
log_queries_not_using_indexes OFF
select @@"";
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '""' at line 1
select @@&;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '&' at line 1
select @@@;
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@' at line 1
End of 5.0 tests
set global binlog_cache_size =@my_binlog_cache_size;
set global connect_timeout =@my_connect_timeout;

View file

@ -585,6 +585,16 @@ show variables like 'ssl%';
select @@log_queries_not_using_indexes;
show variables like 'log_queries_not_using_indexes';
#
# Bug#20908: Crash if select @@""
#
--error ER_PARSE_ERROR
select @@"";
--error ER_PARSE_ERROR
select @@&;
--error ER_PARSE_ERROR
select @@@;
--echo End of 5.0 tests
# This is at the very after the versioned tests, since it involves doing
@ -620,3 +630,4 @@ set global server_id =@my_server_id;
set global slow_launch_time =@my_slow_launch_time;
set global storage_engine =@my_storage_engine;
set global thread_cache_size =@my_thread_cache_size;

View file

@ -442,13 +442,16 @@ int main(int argc,char **argv)
if (get_options(argc,(char **) argv))
exit(1);
/* Broken up to indicate that it's not advice to you, gentle reader. */
printf("/*\n\n Do " "not " "edit " "this " "file " "directly!\n\n*/\n");
printf("/* Copyright (C) 2001-2004 MySQL AB\n\
This software comes with ABSOLUTELY NO WARRANTY. This is free software,\n\
and you are welcome to modify and redistribute it under the GPL license\n\
\n*/\n\n");
printf("/* This code is generated by gen_lex_hash.cc that seeks for\
a perfect\nhash function */\n\n");
printf("/* Do " "not " "edit " "this " "file! This is generated by "
"gen_lex_hash.cc\nthat seeks for a perfect hash function */\n\n");
printf("#include \"lex.h\"\n\n");
calc_length();
@ -468,6 +471,12 @@ static inline SYMBOL *get_hash_symbol(const char *s,\n\
{\n\
register uchar *hash_map;\n\
register const char *cur_str= s;\n\
\n\
if (len == 0) {\n\
DBUG_PRINT(\"warning\", (\"get_hash_symbol() received a request for a zero-length symbol, which is probably a mistake.\"));\
return(NULL);\n\
}\
\n\
if (function){\n\
if (len>sql_functions_max_len) return 0;\n\
hash_map= sql_functions_map;\n\

View file

@ -1042,6 +1042,8 @@ int MYSQLlex(void *arg, void *yythd)
if (c == '.')
lex->next_state=MY_LEX_IDENT_SEP;
length= (uint) (lex->ptr - lex->tok_start)-1;
if (length == 0)
return(ABORT_SYM); // Names must be nonempty.
if ((tokval= find_keyword(lex,length,0)))
{
yyUnget(); // Put back 'c'