Fix for Bug#19845752, COMMENT PARSING IS NOT PROPER IN CONNECTOR JDBC.

Change-Id: I1a55f55a2df46e8b42639606c2cca532c32294d6
mysql · Dec 4, 2023 · 12ef710 · 12ef710
1 parent 2685f05
commit 12ef710
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 7 deletions.
diff --git a/CHANGES b/CHANGES
@@ -3,6 +3,8 @@
 
 Version 8.3.0
 
+  - Fix for Bug#19845752, COMMENT PARSING IS NOT PROPER IN CONNECTOR JDBC.
+
   - Fix for Bug#112884 (Bug#36043166), Setting a large timeout leads to errors when executing SQL.
 
   - WL#16077, Upgrade 3rd party libraries and tools.

diff --git a/src/main/core-api/java/com/mysql/cj/util/EscapeTokenizer.java b/src/main/core-api/java/com/mysql/cj/util/EscapeTokenizer.java
@@ -34,15 +34,19 @@
  */
 public class EscapeTokenizer {
 
-    private static final char CHR_ESCAPE = '\\';
+    private static final char CHR_BACKSLASH = '\\';
+    private static final char CHR_SLASH = '/';
     private static final char CHR_SGL_QUOTE = '\'';
     private static final char CHR_DBL_QUOTE = '"';
     private static final char CHR_LF = '\n';
     private static final char CHR_CR = '\r';
-    private static final char CHR_COMMENT = '-';
+    private static final char CHR_DASH = '-';
+    private static final char CHR_HASH = '#';
+    private static final char CHR_STAR = '*';
     private static final char CHR_BEGIN_TOKEN = '{';
     private static final char CHR_END_TOKEN = '}';
     private static final char CHR_VARIABLE = '@';
+    private static final char CHR_SPACE = ' ';
 
     private String source = null;
     private int sourceLength = 0;
@@ -94,7 +98,7 @@ public synchronized String nextToken() {
             char c = this.source.charAt(this.pos);
 
             // process escape char: (\)
-            if (c == CHR_ESCAPE) {
+            if (c == CHR_BACKSLASH) {
                 tokenBuf.append(c);
                 backslashEscape = !backslashEscape;
                 continue;
@@ -128,11 +132,42 @@ public synchronized String nextToken() {
             }
 
             if (!this.inQuotes && !backslashEscape) {
+                // process slash-star comments: (/* */)
+                if (c == CHR_SLASH) {
+                    tokenBuf.append(c);
+                    // look ahead for asterisk
+                    if (this.pos + 1 < this.sourceLength && this.source.charAt(this.pos + 1) == CHR_STAR) {
+                        // consume following chars until end of comment
+                        while (++this.pos < this.sourceLength - 1) {
+                            c = this.source.charAt(this.pos);
+                            tokenBuf.append(c);
+                            if (c == CHR_STAR && this.source.charAt(this.pos + 1) == CHR_SLASH) {
+                                tokenBuf.append(CHR_SLASH);
+                                this.pos++;
+                                break;
+                            }
+                        }
+                    }
+                    continue;
+                }
+
+                // process hash comment char: (#)
+                if (c == CHR_HASH) {
+                    tokenBuf.append(c);
+                    // consume following chars until new line or end of string
+                    while (++this.pos < this.sourceLength && c != CHR_LF && c != CHR_CR) {
+                        c = this.source.charAt(this.pos);
+                        tokenBuf.append(c);
+                    }
+                    this.pos--;
+                    continue;
+                }
+
                 // process comments: (--)
-                if (c == CHR_COMMENT) {
+                if (c == CHR_DASH) {
                     tokenBuf.append(c);
-                    // look ahead for double hyphen
-                    if (this.pos + 1 < this.sourceLength && this.source.charAt(this.pos + 1) == CHR_COMMENT) {
+                    // look ahead for double hyphen and a space
+                    if (this.pos + 2 < this.sourceLength && this.source.charAt(this.pos + 1) == CHR_DASH && this.source.charAt(this.pos + 2) == CHR_SPACE) {
                         // consume following chars until new line or end of string
                         while (++this.pos < this.sourceLength && c != CHR_LF && c != CHR_CR) {
                             c = this.source.charAt(this.pos);

diff --git a/src/main/user-impl/java/com/mysql/cj/jdbc/EscapeProcessor.java b/src/main/user-impl/java/com/mysql/cj/jdbc/EscapeProcessor.java
@@ -188,7 +188,10 @@ public static final Object escapeSQL(String sql, TimeZone connectionTimeZone, bo
                             newSql.append(token); // it's just part of the query, push possible syntax errors onto server's shoulders
                         }
                     } else if (StringUtils.startsWithIgnoreCase(collapsedToken, "{fn")) {
-                        int startPos = token.toLowerCase().indexOf("fn ") + 3;
+                        int startPos = token.toLowerCase().indexOf("fn") + 2;
+                        if (token.charAt(startPos) == ' ') {
+                            startPos++;
+                        }
                         int endPos = token.length() - 1; // no }
 
                         String fnToken = token.substring(startPos, endPos);

diff --git a/src/test/java/testsuite/regression/EscapeProcessorRegressionTest.java b/src/test/java/testsuite/regression/EscapeProcessorRegressionTest.java
@@ -29,13 +29,16 @@
 
 package testsuite.regression;
 
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
+import java.sql.SQLException;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.util.TimeZone;
 
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
 import com.mysql.cj.MysqlConnection;
@@ -123,4 +126,54 @@ public void testBug60598() throws Exception {
         assertEquals(expected, output);
     }
 
+    /**
+     * Tests fix for Bug#19845752 - COMMENT PARSING IS NOT PROPER IN CONNECTOR JDBC.
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testBug19845752() throws Exception {
+        createProcedure("testBugProc19845752", "(IN param1 VARCHAR(10),INOUT param2 VARCHAR(10)) BEGIN SET param2 = 'data'; END");
+
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call/* abcd */ Proc2(?, ?) } ");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call /*{*/ Proc2(?, ?) } ");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call Proc2(?, ?) /*}*/} ");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call /* {call} */ Proc2(?, ?) } ");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call /* {ca\rll} */ Proc2(?, ?) } ");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call Proc2(?, ?) } #{call}");
+        });
+        assertDoesNotThrow(() -> {
+            this.conn.prepareCall("{call #{call}\n Proc2(?, ?) }");
+        });
+        assertDoesNotThrow(() -> {
+            this.stmt.executeQuery("select {fn/*Comment*/ abs(-1.5) }");
+        });
+        assertDoesNotThrow(() -> {
+            this.stmt.executeQuery("select {fn#Comment\n abs(-1.5) }");
+        });
+        assertDoesNotThrow(() -> {
+            this.stmt.executeQuery("select {fn-- Comment\n abs(-1.5) }");
+        });
+        Assertions.assertThrows(SQLException.class, () -> {
+            this.stmt.executeQuery("select {fn--Comment abs(-1.5) }");
+        });
+        Assertions.assertThrows(SQLException.class, () -> {
+            this.stmt.executeQuery("select {fn#Co\nmment abs(-1.5) }");
+        });
+        Assertions.assertThrows(SQLException.class, () -> {
+            this.stmt.executeQuery("select {fn/*Comment abs(-1.5) }");
+        });
+    }
+
 }