Lint parser crashes on string foo=@b #12894

Closed
mvl22 opened this Issue Jan 14, 2017 · 2 comments

Projects

None yet

3 participants

@mvl22
mvl22 commented Jan 14, 2017 edited

Steps to reproduce

  1. Click on SQL tab at top level of application
  2. Type: select * from foobar where foo = @b . (No such table foobar needs to exist.)
  3. Migrate away to another tab, e.g. Status
  4. The "Some errors have been detected" box is shown, with a lint failure as shown below.

Note: In earlier versions of PhpMyAdmin, e.g. 4.6.0deb1.trusty~ppa.1, this causes an error 500, which causes all future requests also to give error 500, until cookies for the installation are cleared. At least this is now handled in later versions as a lint failure.

Expected behaviour

Lint parser should not crash.

Actual behaviour

Lint parser crashes at the typing of the letter after the @ character:

Notice in ./libraries/sql-parser/src/Lexer.php#863
 Uninitialized string offset: 34

Backtrace

./libraries/sql-parser/src/Lexer.php#257: SqlParser\Lexer->parseSymbol()
./libraries/sql-parser/src/Lexer.php#209: SqlParser\Lexer->lex()
./libraries/Linter.php#116: SqlParser\Lexer->__construct(string 'select * from foobar where foo = @')
./lint.php#48: PMA\libraries\Linter::lint(string 'select * from foobar where foo = @')

This is particularly problematic, because forgetting to quote a LIKE token match in a query such as LIKE '@bar' as you type causes this crash.

Server configuration

Operating system:
Ubuntu

Web server:
Apache

Database:
5.6.33

PHP version:
5.x

phpMyAdmin version:
4.6.5.2

Client configuration

Browser:
Chrome

Operating system:
Windows 7

@ibennetch
Contributor

Strangely, I'm unable to reproduce this with 4.6.5.2 or the development 'master' branch (or even 4.6.0).

Can you try clearing your browser cache and cookies again (or try a different browser or private mode)? Can you try it on the demo server at https://demo.phpmyadmin.net/QA_4_6 using username root and a blank password?

Maybe one of the other developers will have better luck reproducing it.

@nijel nijel added the question label Jan 18, 2017
@nijel nijel self-assigned this Jan 20, 2017
@nijel nijel added bug parser and removed question labels Jan 20, 2017
@nijel nijel added this to the 4.6.6 milestone Jan 20, 2017
@nijel nijel added a commit to phpmyadmin/sql-parser that referenced this issue Jan 20, 2017
@nijel nijel Fixed parsing of unterminated variables.
Fixes phpmyadmin/phpmyadmin#12894

Signed-off-by: Michal Čihař <michal@cihar.com>
0c5d875
@nijel nijel added a commit to phpmyadmin/sql-parser that closed this issue Jan 20, 2017
@nijel nijel Fixed parsing of unterminated variables.
Fixes phpmyadmin/phpmyadmin#12894

Signed-off-by: Michal Čihař <michal@cihar.com>
0c5d875
@nijel
Member
nijel commented Jan 20, 2017

Fixed in SQL parser, it actually chokes on select * from foobar where foo = @.

@nijel nijel added a commit that referenced this issue Jan 20, 2017
@nijel nijel Update SQL parser to 3.4.17
Fixes #12894

Signed-off-by: Michal Čihař <michal@cihar.com>
e7928e5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment