Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
Problem: a byte behind the end of input string was read in case of a broken XML not having a quote or doublequote character closing a string value. Fix: changing condition not to read behind the end of input string @ mysql-test/r/xml.result @ mysql-test/t/xml.test Adding tests @ strings/xml.c When checking if the closing quote/doublequote was found, using p->cur[0] us unsafe, as p->cur can point to the byte after the value. Comparing p->cur to p->beg instead.
This commit is contained in:
parent
fc6197ab2a
commit
fd1e3b03ff
@ -1124,4 +1124,12 @@ Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT une
|
|||||||
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
|
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
|
||||||
UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
|
UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
|
||||||
NULL
|
NULL
|
||||||
|
#
|
||||||
|
# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
|
||||||
|
#
|
||||||
|
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
|
||||||
|
ExtractValue(CONVERT('<\"', BINARY(10)), 1)
|
||||||
|
NULL
|
||||||
|
Warnings:
|
||||||
|
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
|
||||||
End of 5.1 tests
|
End of 5.1 tests
|
||||||
|
@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
|
|||||||
SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
|
SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
|
||||||
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
|
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
|
||||||
|
|
||||||
|
--echo #
|
||||||
|
--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
|
||||||
|
--echo #
|
||||||
|
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
|
||||||
|
|
||||||
--echo End of 5.1 tests
|
--echo End of 5.1 tests
|
||||||
|
@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a)
|
|||||||
}
|
}
|
||||||
else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') )
|
else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') )
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
"string" or 'string' found.
|
||||||
|
Scan until the closing quote/doublequote, or until the END-OF-INPUT.
|
||||||
|
*/
|
||||||
p->cur++;
|
p->cur++;
|
||||||
for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
|
for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
|
||||||
{}
|
{}
|
||||||
a->end=p->cur;
|
a->end=p->cur;
|
||||||
if (a->beg[0] == p->cur[0])p->cur++;
|
if (p->cur < p->end) /* Closing quote or doublequote has been found */
|
||||||
|
p->cur++;
|
||||||
a->beg++;
|
a->beg++;
|
||||||
if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
|
if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
|
||||||
my_xml_norm_text(a);
|
my_xml_norm_text(a);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user