There is a huge code duplication in:
The latter seems to be buggy, as it does not handle bad bytes correctly.
This can be demonstrated in the following queries:
The former error message is wrong. The 0xC2 is errorneously scanned as a part of identifier, although it is not followed by a valid multi-byte tail.
The latter error message is correct. 0xFF cannot be a part of an UTF8 sequence, so the tokenizer scans 'session' as expected, then fails to get a token during the next lex_one_token() call.
The wrong method scan_ident_sysvar() should be removed, and scan_ident_start() should be used instead.