diff options
author | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-01-14 14:31:20 +0700 |
---|---|---|
committer | Dmitry Shulga <dmitry.shulga@mariadb.com> | 2021-01-14 14:31:20 +0700 |
commit | f130adbf35b5b8ef7ed091549ed764982801480c (patch) | |
tree | 222a28aa10b51fbde3b4289478cab7010b2ed744 /sql/sql_lex.cc | |
parent | fb9a9599bc9faed7b2f4860cb5e2bc8c597aacef (diff) | |
download | mariadb-git-f130adbf35b5b8ef7ed091549ed764982801480c.tar.gz |
MDEV-23666: Assertion `m_cpp_buf <= ptr && ptr <= m_cpp_buf + m_buf_length' failed in Lex_input_stream::body_utf8_append
On parsing statements for which a starting backtick (`) delimiter doesn't have
a corresponding ending backtick, a current pointer to a position inside a
pre-processed buffer could go beyond the end of the buffer.
This bug report caused by the commit d4967659032b18a5504198b41dd3d0a1813d79ef
"MDEV-22022 Various mangled SQL statements will crash 10.3 to 10.5 debug builds".
In order to fix the issue both pointers m_ptr and m_cpp_ptr must be
rolled back to previous position in raw input and pre-processed input streams
correspondingly in case end of query reached during parsing.
Diffstat (limited to 'sql/sql_lex.cc')
-rw-r--r-- | sql/sql_lex.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 6116dee6e7e..b8f6610e066 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -2215,6 +2215,8 @@ int Lex_input_stream::scan_ident_delimited(THD *thd, Return the quote character, to have the parser fail on syntax error. */ m_ptr= (char *) m_tok_start + 1; + if (m_echo) + m_cpp_ptr= (char *) m_cpp_tok_start + 1; return quote_char; } int var_length= my_charlen(cs, get_ptr() - 1, get_end_of_query()); |