diff options
| author | unknown <malff/marcsql@weblab.(none)> | 2007-08-30 12:57:05 -0600 |
|---|---|---|
| committer | unknown <malff/marcsql@weblab.(none)> | 2007-08-30 12:57:05 -0600 |
| commit | 41a2f1c8de766224771d31884b3ca3b067f0a50e (patch) | |
| tree | d0addd7155640c91924f7446014d5088978c0976 /sql/sql_lex.cc | |
| parent | db56cb5b862cc9c4bd9b548bc59a39b9dd214d86 (diff) | |
| download | mariadb-git-41a2f1c8de766224771d31884b3ca3b067f0a50e.tar.gz | |
Bug#28779 (mysql_query() allows execution of statements with unbalanced
comments)
This change set is for 5.1 (manually merged)
Before this fix, the server would accept queries that contained comments,
even when the comments were not properly closed with a '*' '/' marker.
For example,
select 1 /* + 2 <EOF>
would be accepted as
select 1 /* + 2 */ <EOF>
and executed as
select 1
With this fix, the server now rejects queries with unclosed comments
as syntax errors.
Both regular comments ('/' '*') and special comments ('/' '*' '!') must be
closed with '*' '/' to be parsed correctly.
mysql-test/r/comments.result:
Unbalanced comments are a syntax error.
mysql-test/t/comments.test:
Unbalanced comments are a syntax error.
sql/sql_lex.cc:
Unbalanced comments are a syntax error.
Diffstat (limited to 'sql/sql_lex.cc')
| -rw-r--r-- | sql/sql_lex.cc | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index 7fe2ed04d51..02837b5f0df 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -719,6 +719,7 @@ static inline uint int_token(const char *str,uint length) int MYSQLlex(void *arg, void *yythd) { reg1 uchar c; + bool comment_closed; int tokval, result_state; uint length; enum my_lex_states state; @@ -1211,7 +1212,10 @@ int MYSQLlex(void *arg, void *yythd) /* The special comment format is very strict: '/' '*' '!', followed by exactly - 2 digits (major), then 3 digits (minor). + 1 digit (major), 2 digits (minor), then 2 digits (dot). + 32302 -> 3.23.02 + 50032 -> 5.0.32 + 50114 -> 5.1.14 */ char version_str[6]; version_str[0]= lip->yyPeekn(0); @@ -1230,7 +1234,7 @@ int MYSQLlex(void *arg, void *yythd) ulong version; version=strtol(version_str, NULL, 10); - /* Accept 'M' 'M' 'm' 'm' 'm' */ + /* Accept 'M' 'm' 'm' 'd' 'd' */ lip->yySkipn(5); if (version <= MYSQL_VERSION_ID) @@ -1254,16 +1258,36 @@ int MYSQLlex(void *arg, void *yythd) lip->yySkip(); // Accept / lip->yySkip(); // Accept * } - - while (! lip->eof() && - ((c=lip->yyGet()) != '*' || lip->yyPeek() != '/')) + /* + Discard: + - regular '/' '*' comments, + - special comments '/' '*' '!' for a future version, + by scanning until we find a closing '*' '/' marker. + Note: There is no such thing as nesting comments, + the first '*' '/' sequence seen will mark the end. + */ + comment_closed= FALSE; + while (! lip->eof()) { - if (c == '\n') + c= lip->yyGet(); + if (c == '*') + { + if (lip->yyPeek() == '/') + { + lip->yySkip(); + comment_closed= TRUE; + state = MY_LEX_START; + break; + } + } + else if (c == '\n') lip->yylineno++; } - if (! lip->eof()) - lip->yySkip(); // remove last '/' + /* Unbalanced comments with a missing '*' '/' are a syntax error */ + if (! comment_closed) + return (ABORT_SYM); state = MY_LEX_START; // Try again + lip->in_comment= NO_COMMENT; lip->set_echo(TRUE); break; case MY_LEX_END_LONG_COMMENT: @@ -1315,6 +1339,9 @@ int MYSQLlex(void *arg, void *yythd) lip->set_echo(FALSE); lip->yySkip(); lip->set_echo(TRUE); + /* Unbalanced comments with a missing '*' '/' are a syntax error */ + if (lip->in_comment != NO_COMMENT) + return (ABORT_SYM); lip->next_state=MY_LEX_END; // Mark for next loop return(END_OF_INPUT); } |