#At file:///home/bar/mysql-bzr/mysql-trunk-bugfixing2/ based on revid:bar@stripped
3034 Alexander Barkov 2010-05-05
Bug#51571 load xml infile causes server crash
Problem:
item->name was NULL for Item_user_var_as_out_param
which made strcmp(something, item->name) crash in the LOAD XML code.
Fix:
- item_func.h: Adding set_name() in constuctor for Item_user_var_as_out_param
- sql_load.cc: Changing the condition in write_execute_load_query_log_event() which
distiguished between Item_user_var_as_out_param and Item_field
from
if (item->name == NULL)
to
if (item->type() == Item::FIELD_ITEM)
- loadxml.result, loadxml.test: adding tests
modified:
mysql-test/r/loadxml.result
mysql-test/t/loadxml.test
sql/item_func.h
sql/sql_load.cc
=== modified file 'mysql-test/r/loadxml.result'
--- a/mysql-test/r/loadxml.result 2009-11-11 17:30:51 +0000
+++ b/mysql-test/r/loadxml.result 2010-05-05 10:34:20 +0000
@@ -73,3 +73,23 @@ id text
line2
line3
drop table t1;
+#
+# Bug#51571 load xml infile causes server crash
+#
+CREATE TABLE t1 (a text, b text);
+LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
+ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
+SELECT * FROM t1 ORDER BY a;
+a b
+1 !b1
+11 !b11
+111 !b111
+112 !b112 & < > " ' &unknown; -- check entities
+2 !b2
+212 !b212
+213 !b213
+214 !b214
+215 !b215
+216 !&bb b;
+3 !b3
+DROP TABLE t1;
=== modified file 'mysql-test/t/loadxml.test'
--- a/mysql-test/t/loadxml.test 2010-01-05 21:36:08 +0000
+++ b/mysql-test/t/loadxml.test 2010-05-05 10:34:20 +0000
@@ -108,3 +108,11 @@ load xml infile '../../std_data/loadxml2
select * from t1;
drop table t1;
+--echo #
+--echo # Bug#51571 load xml infile causes server crash
+--echo #
+CREATE TABLE t1 (a text, b text);
+LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
+ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
+SELECT * FROM t1 ORDER BY a;
+DROP TABLE t1;
=== modified file 'sql/item_func.h'
--- a/sql/item_func.h 2010-03-31 14:05:33 +0000
+++ b/sql/item_func.h 2010-05-05 10:34:20 +0000
@@ -1498,7 +1498,8 @@ class Item_user_var_as_out_param :public
LEX_STRING name;
user_var_entry *entry;
public:
- Item_user_var_as_out_param(LEX_STRING a) : name(a) {}
+ Item_user_var_as_out_param(LEX_STRING a) : name(a)
+ { set_name(a.str, 0, system_charset_info); }
/* We should return something different from FIELD_ITEM here */
enum Type type() const { return STRING_ITEM;}
double val_real();
=== modified file 'sql/sql_load.cc'
--- a/sql/sql_load.cc 2010-03-31 14:05:33 +0000
+++ b/sql/sql_load.cc 2010-05-05 10:34:20 +0000
@@ -696,7 +696,7 @@ static bool write_execute_load_query_log
{
if (n++)
pfields.append(", ");
- if (item->name)
+ if (item->type() == Item::FIELD_ITEM)
{
pfields.append("`");
pfields.append(item->name);
Attachment: [text/bzr-bundle] bzr/bar@mysql.com-20100505103420-6v9obt9nr05azmsd.bundle
Thread |
---|
• bzr commit into mysql-trunk-bugfixing branch (bar:3034) Bug#51571 | Alexander Barkov | 5 May |