From: Alexander Barkov
Date: February 28 2011 9:08am
Subject: bzr commit into mysql-5.1 branch (alexander.barkov:3605) Bug#44332 Bug#59901
 Bug#11766725
List-Archive: http://lists.mysql.com/commits/132089
X-Bug: 44332,59901,11766725
Message-Id: <201102280908.p1S98VW4022566@bar.myoffice.izhnet.ru>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0074897558221790059=="

--===============0074897558221790059==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

#At file:///home/bar/mysql-bzr/mysql-5.1.b59901/ based on revid:build@stripped

 3605 Alexander Barkov	2011-02-28
      Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
      
      Problem: a byte behind the end of input string was read
      in case of a broken XML not having a quote or doublequote
      character closing a string value.
      
      Fix: changing condition not to read behind the end of input string
      
        @ mysql-test/r/xml.result
        @ mysql-test/t/xml.test
        Adding tests
      
        @ strings/xml.c
        When checking if the closing quote/doublequote was found,
        using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
        Comparing p->cur to p->beg instead.

    modified:
      mysql-test/r/xml.result
      mysql-test/t/xml.test
      strings/xml.c
=== modified file 'mysql-test/r/xml.result'
--- a/mysql-test/r/xml.result	2011-01-18 06:38:41 +0000
+++ b/mysql-test/r/xml.result	2011-02-28 09:02:46 +0000
@@ -1124,4 +1124,12 @@ Warning	1525	Incorrect XML value: 'parse
 SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
 NULL
+#
+# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
+#
+SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
+ExtractValue(CONVERT('<\"', BINARY(10)), 1)
+NULL
+Warnings:
+Warning	1525	Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
 End of 5.1 tests

=== modified file 'mysql-test/t/xml.test'
--- a/mysql-test/t/xml.test	2011-01-18 06:38:41 +0000
+++ b/mysql-test/t/xml.test	2011-02-28 09:02:46 +0000
@@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15,
 SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
 SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
+--echo #
+--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
+--echo #
+SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
+
 --echo End of 5.1 tests

=== modified file 'strings/xml.c'
--- a/strings/xml.c	2011-01-19 13:17:52 +0000
+++ b/strings/xml.c	2011-02-28 09:02:46 +0000
@@ -169,7 +169,8 @@ static int my_xml_scan(MY_XML_PARSER *p,
     for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
     {}
     a->end=p->cur;
-    if (a->beg[0] == p->cur[0])p->cur++;
+    if (p->cur < p->end) /* Closing quote has been found */
+      p->cur++;
     a->beg++;
     if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
       my_xml_norm_text(a);


--===============0074897558221790059==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
 name="bzr/alexander.barkov@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: alexander.barkov@stripped\
#   c95zwedyj030zbc4
# target_branch: file:///home/bar/mysql-bzr/mysql-5.1.b59901/
# testament_sha1: d64195cdbc7db122c4870eeee712082225f7bb7b
# timestamp: 2011-02-28 12:08:31 +0300
# base_revision_id: build@stripped
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWZEPujYAA17fgFAwWP///3uv
3+6////wYAdrtnvgyUI93ps9qg8jex10AyQp6U9R6NJjU9BiI0B6QGhkZpNogDTNQCUhMRpiAQKe
ptR6GU0G0gAAA0AGhwDCMJpiGAQDIAYRpkyYRgIaCRIEUyjw1JvVB6QNNMnqbU9QAGgAAADalMpq
baJpoJo0yDTQZBoBoAADQ0AJJEyAATTQTCaaaI0RpkabQgAAyNFY0hn3olaq7bMUV7dR1H0+KNoa
Lqrz0butEf0SVXLcClb5C0j24xYpxx8GCGChJ03Eq1tWzD4Km2jWItAzpzp+rHpVD4Rp4FiuNNsb
Gz7/MMN/VXJjqUje69JXNb+5OZETXPWoWKLRxlHjGchbdGBsNwTBwznEWNtWY2Si3VftSM9kRkKV
LopWsT7/5tVEXwiLZ5DameqmkcvlhUeOcEq2NuU+lwQaqTqBGzkVjzdDpyhbdwWzj6DhRvicw6zl
5kzc1HSnmEpMg3a6ZNQMMbHBcH4xsB6EVkYW9eqs1clHJSx6XslitqouWZqD4AFR8PilrDqEdfvU
3c1p8OJpPLJUajT3C0EPXNbhKhThKMDJDAenPYF9kQv5JtFDpQV7JmqDAdkLoQucnqAyFET2STCI
EC8+IiC2EwSBYSkCUZQeI0lqJF/cydERWJ/i5ZjD0xKe3t7VOj0shYn2K8934G84PsEFhMDe1PS2
uYWhOJfNvOV1TvFUhqtWqh6CzE5LPdpL08qgurSBoWV7F2qRqW2Uk0xx1j8R5ozUiRakLVGWtaaN
wiF5KELByeDKlXjCNbEkDCJIIjPSokpJW6URIb336HCoGUeETUUFN9c72b4zlRIUg9wjF92dAjHo
5ND4jnKVcPGFBi3VJxIpNUS0yw4cczHiucWOclch5WZa6y60vThxwVX+kgjbhWXZyrcWlhEMQ9Q2
NW8e6jIcpHF4Vz0zkCfjpK3BlMaFswNdJmxR8pLjAfqKrBE8L2ckOsWkpCUrMDIrHDluyDpSoWkp
psowRbeokL5SJRdsXgQwmVPAaZMW2Qe9kjW7NSZ6UqmhpIFRjowGsiTgV7SrRa1iovFmV5QOEGjm
rMCOAMWj9D7YJe3BhbQSHkBcqlKEUIVVysJTEGXDyotLAiKS0faolVMcbG847vZpSmV4ZVlvwVZs
rV2pCJwh1cwuFWzybXu7E9odPRlbbEW3Mhxr75rItNAvZh3CO0efR3kW5MUDJkzkKdihhAWPUrGw
tmGwajMaZcLyAB0qdNNplL/0fDWaiWVVlDKVDInjkp6ZKZSYe8jJ0pyIgUlQlTUhIWCYZ5VIFaYY
1CVS1RlOVDQyGHVkLYk2LHEEEa9bmjuDXFaZ4C8kz/W82ZC4kwrU8jbjmOYmuyJRgAQqsZ+QynFC
Ya73eCYZlCtjZACOBZB/AtjkCbf9hYgttuDcbhnySSZoqRBdBHiHxlF++utQg0jSPIfekVG5hycW
+gQ3gxkY3nPiI0nnPNVnmRNYiUtP1PmgVEGHDwGsz8m5vPKrTiEKRzkBoi01Rps1IcSiICh7nten
0Zutx4tZXOjAnQ51MEvBZTw4u8bR3SagSt4wpK7d226uYRcdvZezWGOClDk6al1mVAJ5jSUjfrOc
O4GKjmpunBqMzhOdVc6u714KozYwdirBXlB5yOnlWXHWpI7JcGbIRTy772fkHVZZs0Pbf+Pa8z8N
D+whv0h3pkTD9Iwludv4z7LeEQGagRqKRLKRKEexNqFKcB3I6EmzpsHg35EVOH0LisVvvcc2Owqf
ILcyWsXDjKa5ktql35HOg7VBciJ3LfzK9o1QDGJBGDOh5iMTYV1GYrwTOiUxMi7HqROC+R30x3hp
TagNKJaTribmTsyy1voYklg6CZ79muNkBMJiR3bz1uS/oEPAqDbScCgcX09QoR09mYl1lJbWqwYG
AmQ8XnLsJAt6CsQmFSvRyQtrauMvuZwXFcRX3DuvjaAXNoUFuwMuZ3ApYtEO/UOyPiHcU1sxNOwo
rqf46YlhxApiVocoEpNXZy8ZIo7NhVqGhrYQsYC0SKBwq+6xcQldmCK/SVNmsiIImI4OGLphWKMr
jfyKDESr8jHyY4daDaYkm5kyIfowbjjdq6+RkUZtyM62tImg47Na0IKuhyrGbWXmFkHOc7Q553OQ
vqZeChCKFYnuF5KTbIg9YafJAKSuiVgYSoSi46qIu1S7pVCClwRSZiC2ha0apvFv8OvVvSyVkpmW
xGDhiriGDFopFuwXaxkexbmZmZyC4RoutFsVzURK85DtY3Y6YyYEorVjNMoM/UuvVFThEy/QMJSh
BudnWGJYYpNM5FVOzE1bSRRUorFZanoe07kdhPtGPMeUpOq4UniHYYjLTYExeUIfowRIYnqlEnqJ
grNZ3UcBaFlAsJzkUqglagRzKDmdqiRyz1yiVxebFx5zDnOHOcRA96gvKbxGweXoNxVme0RaExfV
05mHeI/8XckU4UJCRD7o2A==


--===============0074897558221790059==--