When escaping a string in a multi-byte character set, escape all bytes of

a character that appears to be a multi-byte character based on its first
byte, but is not actually a valid multi-byte character. (Bug #8378)


tests/mysql_client_test.c:
  Add test for Bug #8317
mysys/charset.c:
  Properly escape invalid multibyte characters.

2 files changed, 69 insertions, 0 deletions

diff --git a/mysys/charset.c b/mysys/charset.c
index cb2379f8723..934125ead4a 100644
--- a/mysys/charset.c
+++ b/mysys/charset.c
@@ -581,6 +581,26 @@ ulong escape_string_for_mysql(CHARSET_INFO *charset_info, char *to,
       from--;
       continue;
     }
+    /*
+     If the next character appears to begin a multi-byte character, we
+     escape all of the bytes of that apparent character. (The character just
+     looks like a multi-byte character -- if it were actually a multi-byte
+     character, it would have been passed through in the test above.)
+
+     Without this check, we can create a problem by converting an invalid
+     multi-byte character into a valid one. For example, 0xbf27 is not
+     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
+    */
+    if (use_mb_flag && (l= my_mbcharlen(charset_info, *from)) > 1)
+    {
+      while (l--)
+      {
+        *to++= '\\';
+	*to++= *from++;
+      }
+      from--;
+      continue;
+    }
 #endif
     switch (*from) {
     case 0:				/* Must be escaped for 'mysql' */
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
index 83f8f6ab143..b7e3e1b3469 100644
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@@ -11533,6 +11533,54 @@ static void test_bug6761(void)
 }
 
 /*
+ Test mysql_real_escape_string() with gbk charset
+
+ The important part is that 0x27 (') is the second-byte in a invvalid
+ two-byte GBK character here. But 0xbf5c is a valid GBK character, so
+ it needs to be escaped as 0x5cbf5c27
+*/
+#define TEST_BUG8317_IN  "\xef\xbb\xbf\x27"
+#define TEST_BUG8317_OUT "\xef\xbb\x5c\xbf\x5c\x27"
+
+static void test_bug8317()
+{
+  MYSQL *lmysql;
+  char out[9]; /* strlen(TEST_BUG8317)*2+1 */
+  int len;
+
+  myheader("test_bug8317");
+
+  if (!opt_silent)
+    fprintf(stdout, "\n Establishing a test connection ...");
+  if (!(lmysql= mysql_init(NULL)))
+  {
+    myerror("mysql_init() failed");
+    exit(1);
+  }
+  if (mysql_options(lmysql, MYSQL_SET_CHARSET_NAME, "gbk"))
+  {
+    myerror("mysql_options() failed");
+    exit(1);
+  }
+  if (!(mysql_real_connect(lmysql, opt_host, opt_user,
+                           opt_password, current_db, opt_port,
+                           opt_unix_socket, 0)))
+  {
+    myerror("connection failed");
+    exit(1);
+  }
+  if (!opt_silent)
+    fprintf(stdout, " OK");
+
+  len= mysql_real_escape_string(lmysql, out, TEST_BUG8317_IN, 4);
+
+  /* No escaping should have actually happened. */
+  DIE_UNLESS(memcmp(out, TEST_BUG8317_OUT, len) == 0);
+
+  mysql_close(lmysql);
+}
+
+/*
   Read and parse arguments and MySQL options from my.cnf
 */
 
@@ -11739,6 +11787,7 @@ static struct my_tests_st my_tests[]= {
   { "test_conversion", test_conversion },
   { "test_rewind", test_rewind },
   { "test_bug6761", test_bug6761 },
+  { "test_bug8317", test_bug8317 },
   { 0, 0 }
 };