Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37790

QueryCache returns wrong result when query_cache_strip_comments enabled

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.6.23
    • None
    • Query Cache
    • None
    • Tested under linux on MariaDB 10.6 - but code on GH shows, that probably every version is affected

    Description

      Summary
      When query_cache_strip_comments is enabled and you have queries like
      col = 'x\'y#ignored' you may get wrong queries, as the part after the # is ignored in QueryCache-Lookup

      How to reproduce

      -- enable query cache
      		 
      SET GLOBAL query_cache_type = 'ON';
      		 
      SET GLOBAL query_cache_strip_comments = 'ON';
      		 
       
      		 
      -- reconnect and validate if cache is on
      		 
      show variables like '%query_cache%' ;
      		 
      +------------------------------+---------+
      		 
      | Variable_name                | Value   |
      		 
      +------------------------------+---------+
      		 
      | have_query_cache             | YES     |
      		 
      | query_cache_limit            | 1048576 |
      		 
      | query_cache_min_res_unit     | 4096    |
      		 
      | query_cache_size             | 999424  |
      		 
      | query_cache_strip_comments   | ON      |
      		 
      | query_cache_type             | ON      |
      		 
      | query_cache_wlock_invalidate | OFF     |
      		 
      +------------------------------+---------+
      		 
       
      		 
      -- Create sample table
      		 
      create table test(col1 varchar(255));
      		 
      insert into test values ('it\'s #1');
      		 
      insert into test values ('" -- "')
      		 
       
      		 
      -- execute query
      		 
      select * from test where col1 = 'it\'s #1';
      		 
      +---------+
      		 
      | col1    |
      		 
      +---------+
      		 
      | it's #1 |
      		 
      +---------+
      		 
       
      		 
      -- execute different query
      		 
      select * from test where col1 = 'it\'s #2';
      		 
      +---------+
      		 
      | col1    |
      		 
      +---------+
      		 
      | it's #1 |
      		 
      +---------+
      		 
       
      		 
      -- execute other query (all produce the same result)
      		 
      select * from test where col1 = "\" -- \"";
      		 
      select * from test where col1 = "\" -- Foo\"";
      		 
      select * from test where col1 = "\" -- " THIS IS SYNTACTICALLY INCORRECT;
      		 
      +--------+
      		 
      | col1   |
      		 
      +--------+
      		 
      | " -- " |
      		 
      +--------+

      The issue is in make_base_query in sql_cache.cc (https://github.com/MariaDB/server/blob/main/sql/sql_cache.cc#L469)
      It handles backslash escaped quotes incorrectly

      Suggested fix
      the code

            *(buffer++)= current;                     // copy first quote
      		 
            while (query < query_end)
      		 
            {
      		 
              *(buffer++)= *query;
      		 
              if (*(query++) == current)              // found pair quote
      		 
                break;
      		 
            }

      must handle escaped quotes correctly (depending of NO_BACKSLASH_ESCAPES option)

      Attachments

        Activity

          People

            Unassigned Unassigned
            Roland Praml Roland Praml
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.