* marc.alff@stripped <marc.alff@stripped> [07/08/03 20:58]:
> ChangeSet@stripped, 2007-08-03 10:54:13-06:00, malff@weblab.(none) +3 -0
> Bug#28779 (msyql_query() allows execution of statements with unbalanced
> comments and quotes)
>
> INTERMEDIATE PATCH ONLY -- NOT READY FOR PRODUCTION
>
> This patch can not be merged as is before Bug 30164 is fixed.
> This is an intermediate patch only, for pre review.
The patch is OK to push (after providing changeset comments as
usual).
>
> - while (lip->ptr != lip->end_of_query &&
> - ((c=yyGet()) != '*' || yyPeek() != '/'))
> + comment_closed= FALSE;
> + while (lip->ptr != lip->end_of_query)
> {
> - if (c == '\n')
> - lip->yylineno++;
> + c= yyGet();
> + if (c == '*')
> + {
> + if (yyPeek() == '/')
> + {
> + yySkip();
> + comment_closed= TRUE;
> + state = MY_LEX_START;
> + break;
> + }
> + }
> + else if (c == '\n')
> + lip->yylineno++;
> }
This loop would benefit from a short description what it aims to
achieve (skip till the end of the comment; if end of query is
reached, return a lexical error).
> - if (lip->ptr != lip->end_of_query)
> - yySkip(); // remove last '/'
> - state = MY_LEX_START; // Try again
> + if (! comment_closed)
> + return (ABORT_SYM);
> break;
> case MY_LEX_END_LONG_COMMENT:
> if (lex->in_comment && yyPeek() == '/')
> @@ -1005,6 +1016,8 @@ int MYSQLlex(void *arg, void *yythd)
> if (lip->ptr >= lip->end_of_query)
> {
> lip->next_state=MY_LEX_END; // Mark for next loop
> + if (lex->in_comment)
> + return (ABORT_SYM);
> return(END_OF_INPUT);
Please work together with Alexey to approve and push the client
part this month.
--
-- Konstantin Osipov Software Developer, Moscow, Russia
-- MySQL AB, www.mysql.com The best DATABASE COMPANY in the GALAXY
