MySQL Lists: commits: bzr commit into mysql-trunk branch (alexander.barkov:3525)

List:	Commits	« Previous Message Next Message »
From:	Alexander Barkov	Date:	January 18 2011 6:54am
Subject:	bzr commit into mysql-trunk branch (alexander.barkov:3525)
View as plain text
#At file:///home/bar/mysql-bzr/mysql-trunk/ based on revid:vinay.fisrekar@stripped

 3525 Alexander Barkov	2011-01-18 [merge]
      Merging from 5.5.

    modified:
      mysql-test/r/xml.result
      mysql-test/t/xml.test
      strings/xml.c
=== modified file 'mysql-test/r/xml.result'
--- a/mysql-test/r/xml.result	2010-11-24 15:25:25 +0000
+++ b/mysql-test/r/xml.result	2011-01-18 06:53:45 +0000
@@ -1113,6 +1113,17 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15,
 ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
+#
+# Bug #44332 	my_xml_scan reads behind the end of buffer
+#
+SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
+UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1')
+NULL
+Warnings:
+Warning	1525	Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT unexpected (ident or '/' wanted)'
+SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
+UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
+NULL
 End of 5.1 tests
 #
 # Start of 5.5 tests

=== modified file 'mysql-test/t/xml.test'
--- a/mysql-test/t/xml.test	2010-11-24 15:25:25 +0000
+++ b/mysql-test/t/xml.test	2011-01-18 06:53:45 +0000
@@ -640,6 +640,11 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15,
 --error ER_ILLEGAL_VALUE_FOR_TYPE
 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 
+--echo #
+--echo # Bug #44332 	my_xml_scan reads behind the end of buffer
+--echo #
+SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
+SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
 --echo End of 5.1 tests
 

=== modified file 'strings/xml.c'
--- a/strings/xml.c	2010-07-02 18:30:47 +0000
+++ b/strings/xml.c	2011-01-18 06:38:41 +0000
@@ -106,6 +106,13 @@ static void my_xml_norm_text(MY_XML_ATTR
 }
 
 
+static inline my_bool
+my_xml_parser_prefix_cmp(MY_XML_PARSER *p, const char *s, size_t slen)
+{
+  return (p->cur + slen > p->end) || memcmp(p->cur, s, slen);
+}
+
+
 static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a)
 {
   int lex;
@@ -123,16 +130,20 @@ static int my_xml_scan(MY_XML_PARSER *p,
   a->beg=p->cur;
   a->end=p->cur;
   
-  if ((p->end - p->cur > 3) && !memcmp(p->cur,"<!--",4))
+  if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("<!--")))
   {
-    for (; (p->cur < p->end) && memcmp(p->cur, "-->", 3); p->cur++)
-    {}
-    if (!memcmp(p->cur, "-->", 3))
-      p->cur+=3;
+    for (; p->cur < p->end; p->cur++)
+    {
+      if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("-->")))
+      {
+        p->cur+= 3;
+        break;
+      }
+    }
     a->end=p->cur;
     lex=MY_XML_COMMENT;
   }
-  else if (!memcmp(p->cur, "<![CDATA[",9))
+  else if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("<![CDATA[")))
   {
     p->cur+= 9;
     for (; p->cur < p->end - 2 ; p->cur++)

No bundle (reason: revision is a merge (you can force generation of a bundle with env var BZR_FORCE_BUNDLE=1)).
Thread
• bzr commit into mysql-trunk branch (alexander.barkov:3525)	Alexander Barkov	18 Jan