List:Commits« Previous MessageNext Message »
From:marc.alff Date:April 2 2008 10:48pm
Subject:bk commit into 5.0 tree (malff:1.2599) BUG#35658
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of malff.  When malff does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-04-02 14:48:27-06:00, malff@stripped. +3 -0
  Bug#35658 (An empty binary value leads to mysqld crash)
  
  Before this fix, the following tokens:
    x''
    b''
  were parser by the lexer as a HEX_NUM and BIN_NUM, but with a wrong value.
  This caused the parser to later crash when using the value string (for
  binary), or produce undocumented results (x'' was considered an hexadecimal
  value of 0).
  
  With this fix, these tokens are properly detected as mal formed hexadecimal and
  binary literals.

  mysql-test/r/varbinary.result@stripped, 2008-04-02 14:48:23-06:00,
malff@stripped. +29 -0
    Bug#35658 (An empty binary value leads to mysqld crash)

  mysql-test/t/varbinary.test@stripped, 2008-04-02 14:48:23-06:00,
malff@stripped. +30 -0
    Bug#35658 (An empty binary value leads to mysqld crash)

  sql/sql_lex.cc@stripped, 2008-04-02 14:48:23-06:00, malff@stripped. +3 -3
    Bug#35658 (An empty binary value leads to mysqld crash)

diff -Nrup a/mysql-test/r/varbinary.result b/mysql-test/r/varbinary.result
--- a/mysql-test/r/varbinary.result	2007-03-09 14:18:36 -07:00
+++ b/mysql-test/r/varbinary.result	2008-04-02 14:48:23 -06:00
@@ -78,3 +78,32 @@ alter table t1 modify a varchar(255);
 select length(a) from t1;
 length(a)
 6
+select 0b01000001;
+0b01000001
+A
+select 0x41;
+0x41
+A
+select b'01000001';
+b'01000001'
+A
+select x'41', 0+x'41';
+x'41'	0+x'41'
+A	65
+select N'abc', length(N'abc');
+abc	length(N'abc')
+abc	3
+select N'', length(N'');
+	length(N'')
+	0
+select '', length('');
+	length('')
+	0
+select b'';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'b''' at line 1
+select x'';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near 'x''' at line 1
+select 0x;
+ERROR 42S22: Unknown column '0x' in 'field list'
+select 0b;
+ERROR 42S22: Unknown column '0b' in 'field list'
diff -Nrup a/mysql-test/t/varbinary.test b/mysql-test/t/varbinary.test
--- a/mysql-test/t/varbinary.test	2006-12-21 16:38:31 -07:00
+++ b/mysql-test/t/varbinary.test	2008-04-02 14:48:23 -06:00
@@ -84,3 +84,33 @@ select length(a) from t1;
 alter table t1 modify a varchar(255);
 select length(a) from t1;
 
+#
+# Bug#35658 (An empty binary value leads to mysqld crash)
+#
+
+select 0b01000001;
+
+select 0x41;
+
+select b'01000001';
+
+select x'41', 0+x'41';
+
+select N'abc', length(N'abc');
+
+select N'', length(N'');
+
+select '', length('');
+
+--error ER_PARSE_ERROR
+select b'';
+
+--error ER_PARSE_ERROR
+select x'';
+
+--error ER_BAD_FIELD_ERROR
+select 0x;
+
+--error ER_BAD_FIELD_ERROR
+select 0b;
+
diff -Nrup a/sql/sql_lex.cc b/sql/sql_lex.cc
--- a/sql/sql_lex.cc	2007-08-30 17:23:37 -06:00
+++ b/sql/sql_lex.cc	2008-04-02 14:48:23 -06:00
@@ -855,7 +855,7 @@ int MYSQLlex(void *arg, void *yythd)
       yyGet();				// Skip '
       while (my_isxdigit(cs,(c = yyGet()))) ;
       length=(lip->ptr - lip->tok_start);	// Length of hexnum+3
-      if (!(length & 1) || c != '\'')
+      if ((length == 3) || (length % 2 == 0) || (c != '\''))
       {
 	return(ABORT_SYM);		// Illegal hex constant
       }
@@ -869,8 +869,8 @@ int MYSQLlex(void *arg, void *yythd)
       yyGet();                                // Skip '
       while ((c= yyGet()) == '0' || c == '1');
       length= (lip->ptr - lip->tok_start);    // Length of bin-num + 3
-      if (c != '\'')
-      return(ABORT_SYM);              // Illegal hex constant
+      if ((c != '\'') || (length == 3))
+        return(ABORT_SYM);            // Illegal bin constant
       yyGet();                        // get_token makes an unget
       yylval->lex_str= get_token(lip,
                                  2,         // skip b'
Thread
bk commit into 5.0 tree (malff:1.2599) BUG#35658marc.alff2 Apr