Bug #12710 String unescaped incorrectly with character set 'gbk'
Submitted: 22 Aug 2005 3:33 Modified: 29 May 2006 11:13
Reporter: caizhong wu Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S1 (Critical)
Version:4.1.13a OS:Any (all)
Assigned to: Alexander Barkov CPU Architecture:Any

[22 Aug 2005 3:33] caizhong wu
Description:
MySQL Bugs: #8378
client fixed: http://lists.mysql.com/internals/21971
but the server can't unescaped the string.

How to repeat:
// character set: gbk

// Client process
char szInChar[] = "\x87\x27";  // this is not a valied gbk character
mysql_real_eascap_string() escapt it to:
char szOutChar[] = "\x5c\x87\x5c\x27";  // result is correct
then i send it in a query
sprintf(szQuery, "select * from test where s = \'%s\'",szOutChar);
//szQuery="SELECT s FROM test WHERE s != '\僜''"

// Server process
// source code: sql_lex.cpp, get_text(), line300-307 of 4.13a_win
// when in function, the string with quotes is "\x5c\x87\x5c\x27\x27"

first it get '\x5c'
then it skip '\x87\x5c'  // error,  because the client insert the 'x5c' to eascap the following '\x27', but it is be skip now.

so the server will return a error string:
#42000You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\僜''' at line 1"

Suggested fix:
when found a 'x5c', just skip a byte ,not a mutichar character
remove source code from line 298 to 307
#ifdef USE_MB
      int l;
      if (use_mb(cs) &&
          (l = my_ismbchar(cs,
                           (const char *)lex->ptr,
                           (const char *)lex->end_of_query))) {
          lex->ptr += l;
          continue;
      }
      else
#endif
[22 Aug 2005 3:40] caizhong wu
the example string is "\x83\x27", not "\x87\x27'
[29 May 2006 11:13] Alexander Barkov
This problem was fixed in  4.1.20, 5.0.22, 5.1.11
under terms of bug#8378

See here for more details.
http://bugs.mysql.com/bug.php?id=8378