diff options
Diffstat (limited to 'storage/sequence/sequence.cc')
-rw-r--r-- | storage/sequence/sequence.cc | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/storage/sequence/sequence.cc b/storage/sequence/sequence.cc index ab22037d884..e1111bb0f7c 100644 --- a/storage/sequence/sequence.cc +++ b/storage/sequence/sequence.cc @@ -20,6 +20,7 @@ a engine that auto-creates tables with rows filled with sequential values */ +#include <ctype.h> #include <mysql_version.h> #include <handler.h> #include <table.h> @@ -265,14 +266,19 @@ static handler *create_handler(handlerton *hton, TABLE_SHARE *table, static bool parse_table_name(const char *name, size_t name_length, ulonglong *from, ulonglong *to, ulonglong *step) { - uint n1= 0, n2= 0; + uint n0=0, n1= 0, n2= 0; *step= 1; // the table is discovered if its name matches the pattern of seq_1_to_10 or // seq_1_to_10_step_3 - sscanf(name, "seq_%llu_to_%llu%n_step_%llu%n", - from, to, &n1, step, &n2); - return n1 != name_length && n2 != name_length; + sscanf(name, "seq_%llu_to_%n%llu%n_step_%llu%n", + from, &n0, to, &n1, step, &n2); + // I consider this a bug in sscanf() - when an unsigned number + // is requested, -5 should *not* be accepted. But is is :( + // hence the additional check below: + return + n0 == 0 || !isdigit(name[4]) || !isdigit(name[n0]) || // reject negative numbers + (n1 != name_length && n2 != name_length); } @@ -370,7 +376,7 @@ maria_declare_plugin(sequence) NULL, NULL, "0.1", - MariaDB_PLUGIN_MATURITY_EXPERIMENTAL + MariaDB_PLUGIN_MATURITY_GAMMA } maria_declare_plugin_end; |