List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:November 18 2010 3:38pm
Subject:bzr commit into mysql-5.5-bugteam branch (bar:3135) Bug#58175
View as plain text  
#At file:///home/bar/mysql-bzr/mysql-5.5-bugteam.b58175/ based on revid:bar@stripped

 3135 Alexander Barkov	2010-11-18
      Bug#58175 xml functions read initialized bytes when conversions happen
      
      Problem:
      
      nr_of_decimals could read behind the end of the buffer
      in case of a non-null-terminated string, which caused
      valgring warnings.
      
      Fix:
      
      fixing nr_of_decimals not to read behind the "end" pointer.

    modified:
      mysql-test/r/xml.result
      mysql-test/t/xml.test
      sql/item.cc
=== modified file 'mysql-test/r/xml.result'
--- a/mysql-test/r/xml.result	2010-11-18 13:11:18 +0000
+++ b/mysql-test/r/xml.result	2010-11-18 15:35:50 +0000
@@ -1101,3 +1101,16 @@ ERROR 22007: Illegal double '11111111111
 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
 End of 5.1 tests
+#
+# Start of 5.5 tests
+#
+#
+# Bug#58175 xml functions read initialized bytes when conversions happen
+#
+SET NAMES latin1;
+SELECT UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0);
+UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0)
+NULL
+#
+# End of 5.5 tests
+#

=== modified file 'mysql-test/t/xml.test'
--- a/mysql-test/t/xml.test	2010-11-18 13:11:18 +0000
+++ b/mysql-test/t/xml.test	2010-11-18 15:35:50 +0000
@@ -628,3 +628,18 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15,
 
 
 --echo End of 5.1 tests
+
+
+--echo #
+--echo # Start of 5.5 tests
+--echo #
+
+--echo #
+--echo # Bug#58175 xml functions read initialized bytes when conversions happen
+--echo #
+SET NAMES latin1;
+SELECT UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0);
+
+--echo #
+--echo # End of 5.5 tests
+--echo #

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2010-11-18 13:35:15 +0000
+++ b/sql/item.cc	2010-11-18 15:35:50 +0000
@@ -5527,9 +5527,9 @@ static uint nr_of_decimals(const char *s
       break;
   }
   decimal_point= str;
-  for (; my_isdigit(system_charset_info, *str) ; str++)
+  for ( ; str < end && my_isdigit(system_charset_info, *str) ; str++)
     ;
-  if (*str == 'e' || *str == 'E')
+  if (str < end && (*str == 'e' || *str == 'E'))
     return NOT_FIXED_DEC;
   return (uint) (str - decimal_point);
 }


Attachment: [text/bzr-bundle] bzr/bar@mysql.com-20101118153550-cjk1e8trgp7qbytw.bundle
Thread
bzr commit into mysql-5.5-bugteam branch (bar:3135) Bug#58175Alexander Barkov18 Nov
  • Re: bzr commit into mysql-5.5-bugteam branch (bar:3135) Bug#58175Alexander Nozdrin19 Nov
    • Re: bzr commit into mysql-5.5-bugteam branch (bar:3135) Bug#58175Alexander Barkov19 Nov