MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Alexander Barkov Date:November 18 2010 11:43am
Subject:bzr commit into mysql-5.1-bugteam branch (bar:3509) Bug#57279
View as plain text  
#At file:///home/bar/mysql-bzr/mysql-5.1-bugteam.b57279/ based on revid:davi.arnaut@stripped

 3509 Alexander Barkov	2010-11-18
       Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0
      
        Problem: crash in Item_float constructor on DBUG_ASSERT due
        to not null-terminated string parameter.
      
        Fix: making Item_float::Item_float non-null-termintated parameter safe:
        - Using temporary buffer when generating error
        - Using set_name() instead of direct name initialization

    modified:
      mysql-test/r/xml.result
      mysql-test/t/xml.test
      sql/item.cc
=== modified file 'mysql-test/r/xml.result'
--- a/mysql-test/r/xml.result	2009-07-10 23:12:13 +0000
+++ b/mysql-test/r/xml.result	2010-11-18 11:43:22 +0000
@@ -1093,4 +1093,11 @@ Warnings:
 Warning	1525	Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT'
 Warning	1525	Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT'
 DROP TABLE t1;
+#
+# Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0
+#
+SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1);
+ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
+SELECT EXTRACTVALUE('', lpad(0.1111E-15, '2011', 1));
+ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
 End of 5.1 tests

=== modified file 'mysql-test/t/xml.test'
--- a/mysql-test/t/xml.test	2009-07-10 23:12:13 +0000
+++ b/mysql-test/t/xml.test	2010-11-18 11:43:22 +0000
@@ -617,4 +617,14 @@ FROM t1 ORDER BY t1.id;
 
 DROP TABLE t1;
 
+--echo #
+--echo # Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0
+--echo #
+
+--error ER_ILLEGAL_VALUE_FOR_TYPE
+SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1);
+--error ER_ILLEGAL_VALUE_FOR_TYPE
+SELECT EXTRACTVALUE('', lpad(0.1111E-15, '2011', 1));
+
+
 --echo End of 5.1 tests

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2010-09-13 07:18:35 +0000
+++ b/sql/item.cc	2010-11-18 11:43:22 +0000
@@ -5286,8 +5286,11 @@ static uint nr_of_decimals(const char *s
 
 
 /**
-  This function is only called during parsing. We will signal an error if
-  value is not a true double value (overflow)
+  This function is only called during parsing:
+  - when parsing SQL query from sql_yacc.yy
+  - when parsing XPath query from item_xmlfunc.cc
+  We will signal an error if value is not a true double value (overflow):
+  eng: Illegal %s '%-.192s' value found during parsing
 */
 
 Item_float::Item_float(const char *str_arg, uint length)
@@ -5298,14 +5301,12 @@ Item_float::Item_float(const char *str_a
                     &error);
   if (error)
   {
-    /*
-      Note that we depend on that str_arg is null terminated, which is true
-      when we are in the parser
-    */
-    DBUG_ASSERT(str_arg[length] == 0);
-    my_error(ER_ILLEGAL_VALUE_FOR_TYPE, MYF(0), "double", (char*) str_arg);
+    char tmp[NAME_LEN + 1];
+    my_snprintf(tmp, sizeof(tmp), "%.*s", length, str_arg);
+    my_error(ER_ILLEGAL_VALUE_FOR_TYPE, MYF(0), "double", tmp);
   }
-  presentation= name=(char*) str_arg;
+  set_name(str_arg, length, &my_charset_latin1); /* Should be pure ASCII */
+  presentation= name;
   decimals=(uint8) nr_of_decimals(str_arg, str_arg+length);
   max_length=length;
   fixed= 1;


Attachment: [text/bzr-bundle] bzr/bar@mysql.com-20101118114322-hn369af3b0hgjzoz.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (bar:3509) Bug#57279Alexander Barkov18 Nov