List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:March 1 2011 12:30pm
Subject:bzr commit into mysql-5.1 branch (alexander.barkov:3605) Bug#44332 Bug#59901
Bug#11766725
View as plain text  
#At file:///home/bar/mysql-bzr/mysql-5.1.b59901/ based on revid:build@stripped

 3605 Alexander Barkov	2011-03-01
      Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
      
      Problem: a byte behind the end of input string was read
      in case of a broken XML not having a quote or doublequote
      character closing a string value.
      
      Fix: changing condition not to read behind the end of input string
      
        @ mysql-test/r/xml.result
        @ mysql-test/t/xml.test
        Adding tests
      
        @ strings/xml.c
        When checking if the closing quote/doublequote was found,
        using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
        Comparing p->cur to p->beg instead.

    modified:
      mysql-test/r/xml.result
      mysql-test/t/xml.test
      strings/xml.c
=== modified file 'mysql-test/r/xml.result'
--- a/mysql-test/r/xml.result	2011-01-18 06:38:41 +0000
+++ b/mysql-test/r/xml.result	2011-03-01 12:30:18 +0000
@@ -1124,4 +1124,12 @@ Warning	1525	Incorrect XML value: 'parse
 SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
 NULL
+#
+# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
+#
+SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
+ExtractValue(CONVERT('<\"', BINARY(10)), 1)
+NULL
+Warnings:
+Warning	1525	Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
 End of 5.1 tests

=== modified file 'mysql-test/t/xml.test'
--- a/mysql-test/t/xml.test	2011-01-18 06:38:41 +0000
+++ b/mysql-test/t/xml.test	2011-03-01 12:30:18 +0000
@@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15,
 SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
 SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
+--echo #
+--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
+--echo #
+SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
+
 --echo End of 5.1 tests

=== modified file 'strings/xml.c'
--- a/strings/xml.c	2011-01-19 13:17:52 +0000
+++ b/strings/xml.c	2011-03-01 12:30:18 +0000
@@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,
   }
   else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') )
   {
+    /*
+      "string" or 'string' found.
+      Scan until the closing quote/doublequote, or until the END-OF-INPUT.
+    */
     p->cur++;
     for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
     {}
     a->end=p->cur;
-    if (a->beg[0] == p->cur[0])p->cur++;
+    if (p->cur < p->end) /* Closing quote or doublequote has been found */
+      p->cur++;
     a->beg++;
     if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
       my_xml_norm_text(a);


Attachment: [text/bzr-bundle] bzr/alexander.barkov@oracle.com-20110301123018-ol8b7n3c9ao6qhcp.bundle
Thread
bzr commit into mysql-5.1 branch (alexander.barkov:3605) Bug#44332 Bug#59901Bug#11766725Alexander Barkov1 Mar