MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:May 5 2010 10:34am
Subject:bzr commit into mysql-trunk-bugfixing branch (bar:3034) Bug#51571
View as plain text  
#At file:///home/bar/mysql-bzr/mysql-trunk-bugfixing2/ based on revid:bar@stripped

 3034 Alexander Barkov	2010-05-05
       Bug#51571 load xml infile causes server crash
        
        Problem:
        item->name was NULL for Item_user_var_as_out_param
        which made strcmp(something, item->name) crash in the LOAD XML code.
        
        Fix:
        - item_func.h: Adding set_name() in constuctor for Item_user_var_as_out_param
        - sql_load.cc: Changing the condition in write_execute_load_query_log_event() which
        distiguished between Item_user_var_as_out_param and Item_field
        from
          if (item->name == NULL)
        to
          if (item->type() == Item::FIELD_ITEM)
        - loadxml.result, loadxml.test: adding tests

    modified:
      mysql-test/r/loadxml.result
      mysql-test/t/loadxml.test
      sql/item_func.h
      sql/sql_load.cc
=== modified file 'mysql-test/r/loadxml.result'
--- a/mysql-test/r/loadxml.result	2009-11-11 17:30:51 +0000
+++ b/mysql-test/r/loadxml.result	2010-05-05 10:34:20 +0000
@@ -73,3 +73,23 @@ id	text
 line2
 line3
 drop table t1;
+#
+# Bug#51571 load xml infile causes server crash
+#
+CREATE TABLE t1 (a text, b text);
+LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
+ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
+SELECT * FROM t1 ORDER BY a;
+a	b
+1	!b1
+11	!b11
+111	!b111
+112	!b112 & < > " ' &unknown; -- check entities
+2	!b2
+212	!b212
+213	!b213
+214	!b214
+215	!b215
+216	!&bb b;
+3	!b3
+DROP TABLE t1;

=== modified file 'mysql-test/t/loadxml.test'
--- a/mysql-test/t/loadxml.test	2010-01-05 21:36:08 +0000
+++ b/mysql-test/t/loadxml.test	2010-05-05 10:34:20 +0000
@@ -108,3 +108,11 @@ load xml infile '../../std_data/loadxml2
 select * from t1;
 drop table t1;
 
+--echo #
+--echo # Bug#51571 load xml infile causes server crash
+--echo #
+CREATE TABLE t1 (a text, b text);
+LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
+ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
+SELECT * FROM t1 ORDER BY a;
+DROP TABLE t1;

=== modified file 'sql/item_func.h'
--- a/sql/item_func.h	2010-03-31 14:05:33 +0000
+++ b/sql/item_func.h	2010-05-05 10:34:20 +0000
@@ -1498,7 +1498,8 @@ class Item_user_var_as_out_param :public
   LEX_STRING name;
   user_var_entry *entry;
 public:
-  Item_user_var_as_out_param(LEX_STRING a) : name(a) {}
+  Item_user_var_as_out_param(LEX_STRING a) : name(a)
+  { set_name(a.str, 0, system_charset_info); }
   /* We should return something different from FIELD_ITEM here */
   enum Type type() const { return STRING_ITEM;}
   double val_real();

=== modified file 'sql/sql_load.cc'
--- a/sql/sql_load.cc	2010-03-31 14:05:33 +0000
+++ b/sql/sql_load.cc	2010-05-05 10:34:20 +0000
@@ -696,7 +696,7 @@ static bool write_execute_load_query_log
     {
       if (n++)
         pfields.append(", ");
-      if (item->name)
+      if (item->type() == Item::FIELD_ITEM)
       {
         pfields.append("`");
         pfields.append(item->name);


Attachment: [text/bzr-bundle] bzr/bar@mysql.com-20100505103420-6v9obt9nr05azmsd.bundle
Thread
bzr commit into mysql-trunk-bugfixing branch (bar:3034) Bug#51571Alexander Barkov5 May