New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate or transform string of DML queries so that engine internals doesn't receive malformed strings [CORE2724] #3120
Comments
Modified by: @asfernandesstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Alpha 1 [ 10331 ] assignee: Adriano dos Santos Fernandes [ asfernandes ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovQA Status: No test |
Commented by: @pavel-zotov Is it OK that when we specify charset = NONE and DDL trigger does contain text literals in multi-byte charset (utf8, sample see below) then result can contain _both_ unicode text and question marks ? Change port/path/filename in following scripts and apply them: 1. Preparing:
=== 2. Script for run (I gave it name = 'c2724-run.sql'):
=== 3. Run: isql -q -i c2724-run.sql 1>c2724-run-ch_none.log 2>&1 4. Result::ID 2 ID 3
|
Commented by: @asfernandes 'Τα πάντα ήταν επιτυχής' is string in UTF-8, you created it with this connection charset. The others are NONE strings, and right in the parser, all non-ascii characters are tranformed to question mark. |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Done successfully |
Submitted by: @asfernandes
It has been verified that malformed text of queries may come to engine internals and later be stored in BLOBs without validation.
This situation happened with DDL triggers, and possible happens with monitoring tables too.
The solution adopted depends on the attachment charset used:
- If it's NONE, non-ASCII characters are transformed to question marks
- Otherwise, the string is checked for malformed characters
This happens only for DML. For DDL, it will prevent the command to succeed as before.
Commits: 8c6f98e
The text was updated successfully, but these errors were encountered: