diff options
author | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-07-14 10:17:54 +0000 |
---|---|---|
committer | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-07-14 11:32:21 +0000 |
commit | e3814a74eee4f47b5d58997f90c8ee9742452681 (patch) | |
tree | fbe6d437d31244c555ce0c874ef6b42f7073a203 | |
parent | 78735dcaf757cd71c8f0ff3d21071b0f89018150 (diff) | |
download | mariadb-git-e3814a74eee4f47b5d58997f90c8ee9742452681.tar.gz |
MDEV-26139 Spider crashes with segmentation fault (signal 11) on CREATE TABLE when COMMENT does not contain embedded double quotes
The root cause of the bug MDEV-26139 is the lack of NULL checking
on the variable `dq`.
Comments on if (dq && (!sq || sq > dq)) {...} else {...}:
* The if block corresponds to the case where parameters are
quoted by double quotes. In that case, a single quote doesn't
appear at all or only appears in the middle of double quotes.
* The else block corresponds to the case where parameters are
quoted by single quotes. In that case, a double quote doesn't
appear at all or only appears in the middle of single quotes.
* If the program reaches the if-else statement, `sq || dq` holds.
Thus, the negation of `dq && (!sq || sq > dq)` is equivalent to
`sq && (!dq || sq <= dq)`.
-rw-r--r-- | storage/spider/mysql-test/spider/r/basic_sql.result | 6 | ||||
-rw-r--r-- | storage/spider/mysql-test/spider/t/basic_sql.test | 7 | ||||
-rw-r--r-- | storage/spider/spd_table.h | 5 |
3 files changed, 16 insertions, 2 deletions
diff --git a/storage/spider/mysql-test/spider/r/basic_sql.result b/storage/spider/mysql-test/spider/r/basic_sql.result index ba904b5f577..2443f3488bd 100644 --- a/storage/spider/mysql-test/spider/r/basic_sql.result +++ b/storage/spider/mysql-test/spider/r/basic_sql.result @@ -721,6 +721,12 @@ connection master_1; create table t2345678911234567892123456789312345678941234567895123234234(id int) ENGINE=SPIDER COMMENT='host "192.168.21.1", user "spider", password "password", database "test32738123123123"'; drop table t2345678911234567892123456789312345678941234567895123234234; +# +# MDEV-26139 Spider crashes with segmentation fault (signal 11) on CREATE TABLE when COMMENT does not contain embedded double quotes +# +create table mdev_26139 (id int) ENGINE=SPIDER +COMMENT="host '192.168.21.1', user 'spider', password 'password', database 'test'"; +drop table mdev_26139; deinit connection master_1; diff --git a/storage/spider/mysql-test/spider/t/basic_sql.test b/storage/spider/mysql-test/spider/t/basic_sql.test index a3184a14beb..1298b10f19a 100644 --- a/storage/spider/mysql-test/spider/t/basic_sql.test +++ b/storage/spider/mysql-test/spider/t/basic_sql.test @@ -2682,6 +2682,13 @@ create table t2345678911234567892123456789312345678941234567895123234234(id int) COMMENT='host "192.168.21.1", user "spider", password "password", database "test32738123123123"'; drop table t2345678911234567892123456789312345678941234567895123234234; +--echo # +--echo # MDEV-26139 Spider crashes with segmentation fault (signal 11) on CREATE TABLE when COMMENT does not contain embedded double quotes +--echo # +create table mdev_26139 (id int) ENGINE=SPIDER + COMMENT="host '192.168.21.1', user 'spider', password 'password', database 'test'"; +drop table mdev_26139; + --echo --echo deinit --disable_warnings diff --git a/storage/spider/spd_table.h b/storage/spider/spd_table.h index 6aaac2046e4..063f459ae8d 100644 --- a/storage/spider/spd_table.h +++ b/storage/spider/spd_table.h @@ -189,7 +189,8 @@ typedef struct st_spider_param_string_parse { DBUG_RETURN(print_param_error()); } - else if (!sq || sq > dq) + + if (dq && (!sq || sq > dq)) { while (1) { @@ -227,7 +228,7 @@ typedef struct st_spider_param_string_parse } } } - else + else /* sq && (!dq || sq <= dq) */ { while (1) { |