Bug#30528450: SPECIAL SYMBOL NAMED COLUMN NOT HONORED IN A SELECT

This patch is for 5.7.

Issue 1
=======

A quoted identifier name consisting of a single asterisk character
could recognized as an unquoted asterisk, i.e.

  SELECT `*` ...

was parsed as

  SELECT * ...

Issue 2
=======

A qualified quoted identifier with a name starting with the asterisk character
could recognized as as unquoted asterisk if the same select list contained an
unquoted asterisk symbol, i.e.

  SELECT a.`*`, ... b.* ...

was parsed as

  SELECT a.*, ... b.`*` ...

Analysis for issue 1
====================

After the WL7200, a special processing of qualified [<schema>].table.*
and unqualified * in a select list has diverged: the unqualified one has
went to Item_field::itemize(), but the qualified has become PTI_table_wild.

As well as it's impossible to mistake quoted and unquoted asterisk inside
PTI_table_wild, it is also impossible (too late) to distinguish quoted
and unquoted names inside Item_field::itemize().
Thus, the code for the unqualified asterisk in Item_field::itemize() has
failed to recognize identifiers like a back-quoted `*` as identifiers.

Analysis for issue 2
====================

From the beginning, the resolver (see setup_wild()) has been designed to
recognize asterisks in a select list with a help of:

  1. an Item_field placeholder objects with "*" in place of their column names,

  2. a counter of asterisk select list items in SELECT_LIST::with_wild local
     to each query block,

Thus, a loop in setup_wild() has searched over all select list items
checking all Item_field objects (including either placeholders for * or
regular column reference items) for the 1st character of Item_field::field_name
until it reached SELECT_LIST::with_wild of such objects.

So, if a select list contained unquoted asterisk items before column names
containing "*" at their start, everything worked fine.
However, if there was a column name starting with "*" before an unquoted
asterisk in a select list, the former recognized as an unquoted asterisk,
while the latest recognized as a quoted column name.

Solution
========

1. The code branch in Item_field::itemize() that processed asterisks has
   been removed.

2. The Item_asterisk class has been introduced to replace PTI_table_wild.
   Reasoning:

     * unlike PTI_table_wild, that disappears after the
       PTI_table_wild::itemize() call leaving Item_field in
       its place, the new Item_asterisk class can survive till
       the setup_wild() call to be distinguished there from
       other Item_field objects those represent regular
       column references.

     * minus one MEM_ROOT allocation

     * the new name Item_asterisk is closer to the standard

3. All direct allocations of Item_field for the unquoted asterisk thing
   have been replaced with allocations of Item_asterisk.

4. setup_wild() has been updated to recognize asterisk items using
   Item_field::is_asterisk() instead of looking into Item_field::field_name.

Change-Id: Id0e5eea03608ed6140901e32d840dc3190a67bee

Author: GlebShchepa

Diff for: mysql-test/r/parser.result

@@ -1239,3 +1239,18 @@ Bug #27714748: @@PARSER_MAX_MEM_SIZE DOES NOT WORK FOR ROUTINES
 SET parser_max_mem_size = 10000000;
 ERROR HY000: Memory capacity of 10000000 bytes for 'parser_max_mem_size' exceeded. Parser bailed out for this query.
 SET parser_max_mem_size = default;
+#
+# Bug#30528450: SPECIAL SYMBOL NAMED COLUMN NOT HONORED IN A SELECT
+#
+CREATE TABLE t1 (c1 INT, `*` INT, c3 INT);
+INSERT INTO t1 VALUES (1, 2, 3);
+SELECT `*` FROM t1;
+*
+2
+SELECT t1.`*`, t1.* FROM t1;
+*	c1	*	c3
+2	1	2	3
+SELECT test.t1.`*`, test.t1.* FROM t1;
+*	c1	*	c3
+2	1	2	3
+DROP TABLE t1;

Diff for: mysql-test/t/parser.test

@@ -1376,3 +1376,16 @@ SET parser_max_mem_size = 10000000; # minimum allowed value
 --eval CREATE PROCEDURE p() SELECT 1 FROM (SELECT '$s') a
 --enable_query_log
 SET parser_max_mem_size = default;
+
+--echo #
+--echo # Bug#30528450: SPECIAL SYMBOL NAMED COLUMN NOT HONORED IN A SELECT
+--echo #
+
+CREATE TABLE t1 (c1 INT, `*` INT, c3 INT);
+INSERT INTO t1 VALUES (1, 2, 3);
+
+SELECT `*` FROM t1;
+SELECT t1.`*`, t1.* FROM t1;
+SELECT test.t1.`*`, test.t1.* FROM t1;
+
+DROP TABLE t1;

Diff for: sql/item.cc

@@ -2748,9 +2748,6 @@ bool Item_field::itemize(Parse_context *pc, Item **res)
   if (select->parsing_place != CTX_HAVING)
     select->select_n_where_fields++;
 
-  if (select->parsing_place == CTX_SELECT_LIST &&
-      field_name && field_name[0] == '*' && field_name[1] == 0)
-    select->with_wild++;
   return false;
 }
 
@@ -11019,3 +11016,26 @@ bool Item_field::repoint_const_outer_ref(uchar *arg)
   *is_outer_ref= false;
   return false;
 }
+
+
+Item_asterisk::Item_asterisk(Name_resolution_context *context_arg,
+                             const char *opt_schema_name,
+                             const char *opt_table_name)
+    : super(context_arg, opt_schema_name, opt_table_name, "*")
+{
+  context_arg->select_lex->with_wild++;
+}
+
+
+bool Item_asterisk::itemize(Parse_context *pc, Item **res)
+{
+  DBUG_ASSERT(pc->select->parsing_place == CTX_SELECT_LIST);
+
+  if (skip_itemize(res))
+    return false;
+  if (super::itemize(pc, res))
+    return true;
+
+  pc->select->with_wild++;
+  return false;
+}

Diff for: sql/item.h

@@ -1,7 +1,7 @@
 #ifndef ITEM_INCLUDED
 #define ITEM_INCLUDED
 
-/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2020, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -3042,6 +3042,61 @@ class Item_field :public Item_ident
   }
 
   bool repoint_const_outer_ref(uchar *arg);
+
+
+  /**
+    Checks if the current object represents an asterisk select list item
+
+    @returns false if a regular column reference, true if an asterisk
+             select list item.
+  */
+  virtual bool is_asterisk() const { return false; }
+};
+
+/**
+  Represents [schema.][table.]* in a select list
+
+  Item_asterisk is used to insert placeholder objects for the special
+  select list item * (asterisk) into AST.
+  Those placeholder objects are to be substituted later with e.g. a list of real
+  table columns by a resolver (@see setup_wild).
+
+  @todo The parent class Item_field is redundant. Refactor setup_wild() to
+        replace Item_field with a simpler one.
+*/
+class Item_asterisk : public Item_field
+{
+  typedef Item_field super;
+
+public:
+  /**
+    Constructor
+
+    @param context_arg          Name resolution context.
+    @param opt_schema_name      Schema name or NULL.
+    @param opt_table_name       Table name or NULL.
+  */
+
+  Item_asterisk(Name_resolution_context *context_arg,
+                const char *opt_schema_name, const char *opt_table_name);
+
+  /**
+    Constructor
+
+    @param pos                  Location of the * (asterisk) lexeme.
+    @param opt_schema_name      Schema name or NULL.
+    @param opt_table_name       Table name or NULL.
+  */
+  Item_asterisk(const POS &pos, const char *opt_schema_name,
+                const char *opt_table_name)
+      : super(pos, opt_schema_name, opt_table_name, "*") {}
+
+  virtual bool itemize(Parse_context *pc, Item **res);
+  virtual bool fix_fields(THD *, Item **) {
+    DBUG_ASSERT(false);  // should never happen: see setup_wild()
+    return true;
+  }
+  virtual bool is_asterisk() const { return true; }
 };
 
 class Item_null :public Item_basic_constant

Diff for: sql/parse_tree_items.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2013, 2020, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -101,21 +101,6 @@ static Item* handle_sql2003_note184_exception(Parse_context *pc, Item* left,
 }
 
 
-bool PTI_table_wild::itemize(Parse_context *pc, Item **item)
-{
-  if (super::itemize(pc, item))
-    return true;
-
-  schema=
-    pc->thd->get_protocol()->has_client_capability(CLIENT_NO_SCHEMA) ? NullS : schema;
-  *item= new (pc->mem_root) Item_field(POS(), schema, table, "*");
-  if (*item == NULL || (*item)->itemize(pc, item))
-    return true;
-  pc->select->with_wild++;
-  return false;
-}
-
-
 bool PTI_comp_op::itemize(Parse_context *pc, Item **res)
 {
   if (super::itemize(pc, res) ||

Diff for: sql/parse_tree_items.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2013, 2020, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -32,23 +32,6 @@
 #include "sp_head.h"            // sp_head
 #include "sql_parse.h"          // negate_expression
 
-class PTI_table_wild : public Parse_tree_item
-{
-  typedef Parse_tree_item super;
-
-  const char *schema;
-  const char *table;
-
-public:
-  explicit PTI_table_wild(const POS &pos,
-                          const char *schema_arg, const char *table_arg)
-  : super(pos), schema(schema_arg), table(table_arg)
-  {}
-
-  virtual bool itemize(Parse_context *pc, Item **item);
-};
-
-
 class PTI_negate_expression : public Parse_tree_item
 {
   typedef Parse_tree_item super;

Diff for: sql/sql_handler.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2001, 2020, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -513,8 +513,8 @@ bool Sql_cmd_handler_read::execute(THD *thd)
   offset_limit_cnt= unit->offset_limit_cnt;
 
   select_lex->context.resolve_in_table_list_only(tables);
-  list.push_front(new Item_field(&select_lex->context,
-                                 NULL, NULL, "*"));
+  list.push_front(new Item_asterisk(&select_lex->context,
+                                    NULL, NULL));
   List_iterator<Item> it(list);
   it++;
 

Diff for: sql/sql_resolver.cc

@@ -1111,11 +1111,10 @@ bool SELECT_LEX::setup_wild(THD *thd)
   {
     Item_field *item_field;
     if (item->type() == Item::FIELD_ITEM &&
-        (item_field= (Item_field *) item) &&
-        item_field->field_name &&
-        item_field->field_name[0] == '*' &&
-        !item_field->field)
+        (item_field= down_cast<Item_field *>(item)) &&
+        item_field->is_asterisk())
     {
+      DBUG_ASSERT(item_field->field == NULL);
       const uint elem= fields_list.elements;
       const bool any_privileges= item_field->any_privileges;
       Item_subselect *subsel= master_unit()->item;

Diff for: sql/sql_show_status.cc

@@ -1,4 +1,4 @@
-/* Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2015, 2020 Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -90,7 +90,7 @@ build_query(const POS &pos,
 
 
   /* * */
-  Item *star= new (thd->mem_root) Item_field(pos, NULL, NULL, "*");
+  Item *star= new (thd->mem_root) Item_asterisk(pos, NULL, NULL);
 
   PT_select_item_list *item_list2;
   item_list2= new (thd->mem_root) PT_select_item_list();

Diff for: sql/sql_yacc.yy

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2020, Oracle and/or its affiliates.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2.0,
@@ -35,6 +35,7 @@ Note: YYTHD is passed as an argument to yyparse(), and subsequently to yylex().
 #define YYLIP (& YYTHD->m_parser_state->m_lip)
 #define YYPS (& YYTHD->m_parser_state->m_yacc)
 #define YYCSCL (YYLIP->query_charset)
+#define YYCLIENT_NO_SCHEMA (YYTHD->get_protocol()->has_client_capability(CLIENT_NO_SCHEMA))
 
 #define YYINITDEPTH 100
 #define YYMAXDEPTH 3200                        /* Because of 64K stack */
@@ -9216,9 +9217,9 @@ select_item_list:
           }
         | '*'
           {
-            Item *item= NEW_PTN Item_field(@$, NULL, NULL, "*");
+            Item *item = NEW_PTN Item_asterisk(@$, NULL, NULL);
             $$= NEW_PTN PT_select_item_list;
-            if ($$ == NULL || $$->push_back(item))
+            if ($$ == NULL || item == NULL || $$->push_back(item))
               MYSQL_YYABORT;
           }
         ;
@@ -12960,11 +12961,12 @@ insert_ident:
 table_wild:
           ident '.' '*'
           {
-            $$= NEW_PTN PTI_table_wild(@$, NULL, $1.str);
+            $$= NEW_PTN Item_asterisk(@$, NULL, $1.str);
           }
         | ident '.' ident '.' '*'
           {
-            $$= NEW_PTN PTI_table_wild(@$, $1.str, $3.str);
+            const char *schema_name = YYCLIENT_NO_SCHEMA ? NULL : $1.str;
+            $$= NEW_PTN Item_asterisk(@$, schema_name, $3.str);
           }
         ;
 
@@ -13065,11 +13067,9 @@ table_ident:
           }
         | ident '.' ident
           {
-            if (YYTHD->get_protocol()->has_client_capability(CLIENT_NO_SCHEMA))
-              $$= NEW_PTN Table_ident(to_lex_cstring($3));
-            else {
-              $$= NEW_PTN Table_ident(to_lex_cstring($1), to_lex_cstring($3));
-            }
+            LEX_CSTRING schema_name= YYCLIENT_NO_SCHEMA ? LEX_CSTRING()
+                                                        : to_lex_cstring($1);
+            $$= NEW_PTN Table_ident(schema_name, to_lex_cstring($3));
             if ($$ == NULL)
               MYSQL_YYABORT;
           }