From 1a69b59f82ced4f740bc26f28c59524c96f0ffa8 Mon Sep 17 00:00:00 2001
From: Luca <cappelletti.luca94@gmail.com>
Date: Fri, 6 Feb 2026 09:43:48 +0100
Subject: [PATCH 1/2] Fixed set authorization expect crash

---
 src/parser/mod.rs         |  7 ++++++-
 tests/sqlparser_common.rs | 12 ++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/parser/mod.rs b/src/parser/mod.rs
index 5fa224f97..489fcb058 100644
--- a/src/parser/mod.rs
+++ b/src/parser/mod.rs
@@ -14396,8 +14396,13 @@ impl<'a> Parser<'a> {
                 let value = self.parse_identifier()?;
                 SetSessionAuthorizationParamKind::User(value)
             };
+            let scope = scope.ok_or_else(|| {
+                ParserError::ParserError(
+                    "Expected a scope modifier (e.g. SESSION) before AUTHORIZATION".to_string(),
+                )
+            })?;
             return Ok(Set::SetSessionAuthorization(SetSessionAuthorizationParam {
-                scope: scope.expect("SET ... AUTHORIZATION must have a scope"),
+                scope,
                 kind: auth_value,
             })
             .into());
diff --git a/tests/sqlparser_common.rs b/tests/sqlparser_common.rs
index e6a48c7b3..b9d68f218 100644
--- a/tests/sqlparser_common.rs
+++ b/tests/sqlparser_common.rs
@@ -18128,6 +18128,18 @@ fn test_parse_set_session_authorization() {
     );
 }
 
+#[test]
+fn test_set_authorization_without_scope_errors() {
+    // This should return a parser error, not panic.
+    let res = parse_sql_statements(
+        "\tSET\t\t\t\t\t\t\t\t\t\tAUTHORIZATION\tTIME\t\t\t\t\t\tTIME\u{fffd}\u{fffd}v\u{1}\0\0\t74843EUTI>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0USER_RNCLUDE_NULL\0\0\0\0\0\0\0\0\0\t\t\t\t^^^^^^^^\tWHI\t\tIN"
+    );
+    assert!(
+        res.is_err(),
+        "SET AUTHORIZATION without a scope modifier (e.g. SESSION) should error"
+    );
+}
+
 #[test]
 fn parse_select_parenthesized_wildcard() {
     // Test SELECT DISTINCT(*) which uses a parenthesized wildcard

From d30ebd10014d76ff7c8338f042f823d9535b5887 Mon Sep 17 00:00:00 2001
From: Luca <cappelletti.luca94@gmail.com>
Date: Tue, 10 Feb 2026 11:06:58 +0100
Subject: [PATCH 2/2] Now using `expected_at` and simplified crash case

---
 src/parser/mod.rs         | 14 +++++++++-----
 tests/sqlparser_common.rs |  4 +---
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/parser/mod.rs b/src/parser/mod.rs
index f00ab7cb9..8f3ae38fc 100644
--- a/src/parser/mod.rs
+++ b/src/parser/mod.rs
@@ -14546,17 +14546,21 @@ impl<'a> Parser<'a> {
             }
             .into());
         } else if self.parse_keyword(Keyword::AUTHORIZATION) {
+            let scope = match scope {
+                Some(s) => s,
+                None => {
+                    return self.expected_at(
+                        "SESSION, LOCAL, or other scope modifier before AUTHORIZATION",
+                        self.get_current_index(),
+                    )
+                }
+            };
             let auth_value = if self.parse_keyword(Keyword::DEFAULT) {
                 SetSessionAuthorizationParamKind::Default
             } else {
                 let value = self.parse_identifier()?;
                 SetSessionAuthorizationParamKind::User(value)
             };
-            let scope = scope.ok_or_else(|| {
-                ParserError::ParserError(
-                    "Expected a scope modifier (e.g. SESSION) before AUTHORIZATION".to_string(),
-                )
-            })?;
             return Ok(Set::SetSessionAuthorization(SetSessionAuthorizationParam {
                 scope,
                 kind: auth_value,
diff --git a/tests/sqlparser_common.rs b/tests/sqlparser_common.rs
index ea4b4c302..899dba8dd 100644
--- a/tests/sqlparser_common.rs
+++ b/tests/sqlparser_common.rs
@@ -18336,9 +18336,7 @@ fn test_parse_set_session_authorization() {
 #[test]
 fn test_set_authorization_without_scope_errors() {
     // This should return a parser error, not panic.
-    let res = parse_sql_statements(
-        "\tSET\t\t\t\t\t\t\t\t\t\tAUTHORIZATION\tTIME\t\t\t\t\t\tTIME\u{fffd}\u{fffd}v\u{1}\0\0\t74843EUTI>\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0USER_RNCLUDE_NULL\0\0\0\0\0\0\0\0\0\t\t\t\t^^^^^^^^\tWHI\t\tIN"
-    );
+    let res = parse_sql_statements("SET AUTHORIZATION TIME TIME");
     assert!(
         res.is_err(),
         "SET AUTHORIZATION without a scope modifier (e.g. SESSION) should error"