1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332

Browse Source 
Problem: a byte behind the end of input string was read
in case of a broken XML not having a quote or doublequote
character closing a string value.

Fix: changing condition not to read behind the end of input string

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  Adding tests

  @ strings/xml.c
  When checking if the closing quote/doublequote was found,
  using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
  Comparing p->cur to p->beg instead.
This commit is contained in:
Alexander Barkov 2011-03-01 15:30:18 +03:00
parent fc6197ab2a
commit fd1e3b03ff
3 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mysql-test/r/xml.result
View File

@ -1124,4 +1124,12 @@ Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT une
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1') UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
NULL NULL
#
# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
#
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
ExtractValue(CONVERT('<\"', BINARY(10)), 1)
NULL
Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
End of 5.1 tests End of 5.1 tests

5
mysql-test/t/xml.test
View File

@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
--echo #
--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
--echo #
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
--echo End of 5.1 tests --echo End of 5.1 tests

7
strings/xml.c
View File

@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a)
} }
else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') ) else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') )
{ {
/*
"string" or 'string' found.
Scan until the closing quote/doublequote, or until the END-OF-INPUT.
*/
p->cur++; p->cur++;
for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++) for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
{} {}
a->end=p->cur; a->end=p->cur;
if (a->beg[0] == p->cur[0])p->cur++; if (p->cur < p->end) /* Closing quote or doublequote has been found */
p->cur++;
a->beg++; a->beg++;
if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION)) if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
my_xml_norm_text(a); my_xml_norm_text(a);