Merge branch 'scope-expect-panic' into fuzzing

LucaCappelletti94 · LucaCappelletti94 · commit 06ab5ffde83a · 2026-02-06T09:45:45.000+01:00
diff --git a/src/parser/mod.rs b/src/parser/mod.rs
@@ -14516,8 +14516,13 @@ impl<'a> Parser<'a> {
                 let value = self.parse_identifier()?;
                 SetSessionAuthorizationParamKind::User(value)
             };
+            let scope = scope.ok_or_else(|| {
+                ParserError::ParserError(
+                    "Expected a scope modifier (e.g. SESSION) before AUTHORIZATION".to_string(),
+                )
+            })?;
             return Ok(Set::SetSessionAuthorization(SetSessionAuthorizationParam {
-                scope: scope.expect("SET ... AUTHORIZATION must have a scope"),
+                scope,
                 kind: auth_value,
             })
             .into());
diff --git a/tests/sqlparser_common.rs b/tests/sqlparser_common.rs
@@ -18280,6 +18280,18 @@ fn test_parse_set_session_authorization() {
     );
 }
 
+#[test]
+fn test_set_authorization_without_scope_errors() {
+    // This should return a parser error, not panic.
+    let res = parse_sql_statements(
+        "\tSET\t\t\t\t\t\t\t\t\t\tAUTHORIZATION\tTIME\t\t\t\t\t\tTIME\u{fffd}\u{fffd}v\u{1}\0\0\t74843EUTI>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0USER_RNCLUDE_NULL\0\0\0\0\0\0\0\0\0\t\t\t\t^^^^^^^^\tWHI\t\tIN"
+    );
+    assert!(
+        res.is_err(),
+        "SET AUTHORIZATION without a scope modifier (e.g. SESSION) should error"
+    );
+}
+
 #[test]
 fn parse_select_parenthesized_wildcard() {
     // Test SELECT DISTINCT(*) which uses a parenthesized wildcard
