From: Alexander Barkov Date: January 18 2011 6:40am Subject: bzr push into mysql-5.1 branch (alexander.barkov:3558 to 3559) Bug#44332 List-Archive: http://lists.mysql.com/commits/129018 X-Bug: 44332 Message-Id: <201101180640.p0I6efYK002262@bar.myoffice.izhnet.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3559 Alexander Barkov 2011-01-18 Bug#44332 my_xml_scan reads behind the end of buffer Problem: the scanner function tested for strings "" without checking input string boundaries, which led to valgrind's "Conditional jump or move depends on uninitialised value(s)" error. Fix: Adding boundary checking. @ mysql-test/r/xml.result @ mysql-test/t/xml.test Adding test @ strings/xml.c Adding a helper function my_xml_parser_prefix_cmp(), with input string boundary check. modified: mysql-test/r/xml.result mysql-test/t/xml.test strings/xml.c 3558 Vinay Fisrekar 2011-01-18 BUG#58858 : sys_vars.innodb_max_dirty_pages_pct_func fails sporadically Committing After latest merge. Modified check_pct procedure to check return value of wait condition instead of calling "dirty_pct". Adding Review comments: 1) Added comment for success variable value 2) Procedure check_pct changed For Adding BOOLEAN input and SELECT QUERY Change modified: mysql-test/suite/sys_vars/r/innodb_max_dirty_pages_pct_func.result mysql-test/suite/sys_vars/t/innodb_max_dirty_pages_pct_func.test === modified file 'mysql-test/r/xml.result' --- a/mysql-test/r/xml.result 2010-11-22 09:21:10 +0000 +++ b/mysql-test/r/xml.result 2011-01-18 06:38:41 +0000 @@ -1113,4 +1113,15 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing +# +# Bug #44332 my_xml_scan reads behind the end of buffer +# +SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1'); +UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT unexpected (ident or '/' wanted)' +SELECT UPDATEXML(CONVERT(_latin1'", 3); p->cur++) - {} - if (!memcmp(p->cur, "-->", 3)) - p->cur+=3; + for (; p->cur < p->end; p->cur++) + { + if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("-->"))) + { + p->cur+= 3; + break; + } + } a->end=p->cur; lex=MY_XML_COMMENT; } - else if (!memcmp(p->cur, "cur+= 9; for (; p->cur < p->end - 2 ; p->cur++) No bundle (reason: useless for push emails).