• Developer Zone
• Lists Home
• FAQ

Below is the list of changes that have just been committed into a local
5.0 repository of marcsql. When marcsql does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-08-03 10:54:13-06:00, malff@weblab.(none) +3 -0
  Bug#28779 (msyql_query() allows execution of statements with unbalanced
  comments and quotes)
  
  INTERMEDIATE PATCH ONLY -- NOT READY FOR PRODUCTION
  
  This patch can not be merged as is before Bug 30164 is fixed.
  This is an intermediate patch only, for pre review.

  mysql-test/r/marc_28779.result@stripped, 2007-08-03 10:54:07-06:00, malff@weblab.(none) +17
-0
    Bug#28779 (msyql_query() allows execution of statements with unbalanced
    comments and quotes)
    
    INTERMEDIATE PATCH ONLY -- NOT READY FOR PRODUCTION
    

  mysql-test/r/marc_28779.result@stripped, 2007-08-03 10:54:07-06:00, malff@weblab.(none) +0 -0

  mysql-test/t/marc_28779.test@stripped, 2007-08-03 10:54:07-06:00, malff@weblab.(none) +28 -0
    Bug#28779 (msyql_query() allows execution of statements with unbalanced
    comments and quotes)
    
    INTERMEDIATE PATCH ONLY -- NOT READY FOR PRODUCTION
    

  mysql-test/t/marc_28779.test@stripped, 2007-08-03 10:54:07-06:00, malff@weblab.(none) +0 -0

  sql/sql_lex.cc@stripped, 2007-08-03 10:54:07-06:00, malff@weblab.(none) +20 -7
    Bug#28779 (msyql_query() allows execution of statements with unbalanced
    comments and quotes)
    
    INTERMEDIATE PATCH ONLY -- NOT READY FOR PRODUCTION

diff -Nrup a/mysql-test/r/marc_28779.result b/mysql-test/r/marc_28779.result
--- /dev/null	Wed Dec 31 16:00:00 196900
+++ b/mysql-test/r/marc_28779.result	2007-08-03 10:54:07 -06:00
@@ -0,0 +1,17 @@
+drop table if exists table_28779;
+Warnings:
+Note	1051	Unknown table 'table_28779'
+create table table_28779 (a int);
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '/*' AND b = 'bar'' at line 1
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';*";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '/*' AND b = 'bar';*' at line
1
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '' at line 1
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;*";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near ';*' at line 1
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '/*!98765' AND b = 'bar'' at
line 1
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';*";
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '/*!98765' AND b = 'bar';*' at
line 1
+drop table table_28779;
diff -Nrup a/mysql-test/t/marc_28779.test b/mysql-test/t/marc_28779.test
--- /dev/null	Wed Dec 31 16:00:00 196900
+++ b/mysql-test/t/marc_28779.test	2007-08-03 10:54:07 -06:00
@@ -0,0 +1,28 @@
+
+--disable_warnings
+drop table if exists table_28779;
+--enable_warnings
+
+create table table_28779 (a int);
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';";
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*' AND b = 'bar';*";
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;";
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*! AND 2=2;*";
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';";
+
+--error 1064
+prepare bar from "DELETE FROM table_28779 WHERE a = 7 OR 1=1/*!98765' AND b = 'bar';*";
+
+drop table table_28779;
+
+
diff -Nrup a/sql/sql_lex.cc b/sql/sql_lex.cc
--- a/sql/sql_lex.cc	2007-07-29 06:05:01 -06:00
+++ b/sql/sql_lex.cc	2007-08-03 10:54:07 -06:00
@@ -524,6 +524,7 @@ static inline uint int_token(const char 
 int MYSQLlex(void *arg, void *yythd)
 {
   reg1	uchar c;
+  bool comment_closed;
   int	tokval, result_state;
   uint length;
   enum my_lex_states state;
@@ -957,15 +958,25 @@ int MYSQLlex(void *arg, void *yythd)
 	  break;
 	}
       }
-      while (lip->ptr != lip->end_of_query &&
-	     ((c=yyGet()) != '*' || yyPeek() != '/'))
+      comment_closed= FALSE;
+      while (lip->ptr != lip->end_of_query)
       {
-	if (c == '\n')
-	  lip->yylineno++;
+        c= yyGet();
+        if (c == '*')
+        {
+          if (yyPeek() == '/')
+          {
+            yySkip();
+            comment_closed= TRUE;
+            state = MY_LEX_START;
+            break;
+          }
+        }
+        else if (c == '\n')
+          lip->yylineno++;
       }
-      if (lip->ptr != lip->end_of_query)
-	yySkip();			// remove last '/'
-      state = MY_LEX_START;		// Try again
+      if (! comment_closed)
+        return (ABORT_SYM);
       break;
     case MY_LEX_END_LONG_COMMENT:
       if (lex->in_comment && yyPeek() == '/')
@@ -1005,6 +1016,8 @@ int MYSQLlex(void *arg, void *yythd)
       if (lip->ptr >= lip->end_of_query)
       {
 	lip->next_state=MY_LEX_END;	// Mark for next loop
+        if (lex->in_comment)
+          return (ABORT_SYM);
 	return(END_OF_INPUT);
       }
       state=MY_LEX_CHAR;