mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 03:52:35 +01:00
c7163c630a
The problem is that the lexer could inadvertently skip over the end of a query being parsed if it encountered a malformed multibyte character. A specially crated query string could cause the lexer to jump up to six bytes past the end of the query buffer. Another problem was that the laxer could use unfiltered user input as a signed array index for the parser maps (having upper and lower bounds 0 and 256 respectively). The solution is to ensure that the lexer only skips over well-formed multibyte characters and that the index value of the parser maps is always a unsigned value. mysql-test/r/ctype_recoding.result: Update test case result: ending backtick is not skipped over anymore. sql/sql_lex.cc: Characters being analyzed must be unsigned as they can be used as indexes for the parser maps. Only skip over if the string is a valid multi-byte sequence. tests/mysql_client_test.c: Add test case for Bug#45010 |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| auto_increment.res | ||
| auto_increment.tst | ||
| big_record.pl | ||
| bug25714.c | ||
| CMakeLists.txt | ||
| connect_test.c | ||
| deadlock_test.c | ||
| drop_test.pl | ||
| export.pl | ||
| fork2_test.pl | ||
| fork_big.pl | ||
| fork_big2.pl | ||
| function.res | ||
| function.tst | ||
| grant.pl | ||
| grant.res | ||
| index_corrupt.pl | ||
| insert_and_repair.pl | ||
| insert_test.c | ||
| list_test.c | ||
| lock_test.pl | ||
| lock_test.res | ||
| mail_to_db.pl | ||
| Makefile.am | ||
| myisam-big-rows.tst | ||
| mysql_client_test.c | ||
| pmail.pl | ||
| rename_test.pl | ||
| restore-lock.smack | ||
| select_test.c | ||
| showdb_test.c | ||
| ssl_test.c | ||
| table_types.pl | ||
| test_delayed_insert.pl | ||
| thread_test.c | ||
| truncate.pl | ||