diff options
| author | Alexander Barkov <alexander.barkov@oracle.com> | 2011-03-01 15:30:18 +0300 |
|---|---|---|
| committer | Alexander Barkov <alexander.barkov@oracle.com> | 2011-03-01 15:30:18 +0300 |
| commit | fd1e3b03ff8837e8af1a8aa486cc2b13f872861f (patch) | |
| tree | 89b6f3eeec25b3189245d4f7af8ff68b73d9d6db | |
| parent | fc6197ab2a990a45db241e0ad753952c8bbb3809 (diff) | |
| download | mariadb-git-fd1e3b03ff8837e8af1a8aa486cc2b13f872861f.tar.gz | |
Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
Problem: a byte behind the end of input string was read
in case of a broken XML not having a quote or doublequote
character closing a string value.
Fix: changing condition not to read behind the end of input string
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
Adding tests
@ strings/xml.c
When checking if the closing quote/doublequote was found,
using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
Comparing p->cur to p->beg instead.
| -rw-r--r-- | mysql-test/r/xml.result | 8 | ||||
| -rw-r--r-- | mysql-test/t/xml.test | 5 | ||||
| -rw-r--r-- | strings/xml.c | 7 |
3 files changed, 19 insertions, 1 deletions
diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index 0a71a596505..dda77cba04c 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1124,4 +1124,12 @@ Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT une SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1') NULL +# +# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332 +# +SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1); +ExtractValue(CONVERT('<\"', BINARY(10)), 1) +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)' End of 5.1 tests diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test index 148c5701e61..8db5ca75f1c 100644 --- a/mysql-test/t/xml.test +++ b/mysql-test/t/xml.test @@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); +--echo # +--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332 +--echo # +SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1); + --echo End of 5.1 tests diff --git a/strings/xml.c b/strings/xml.c index 29ce74e36a0..abe40810a97 100644 --- a/strings/xml.c +++ b/strings/xml.c @@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a) } else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') ) { + /* + "string" or 'string' found. + Scan until the closing quote/doublequote, or until the END-OF-INPUT. + */ p->cur++; for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++) {} a->end=p->cur; - if (a->beg[0] == p->cur[0])p->cur++; + if (p->cur < p->end) /* Closing quote or doublequote has been found */ + p->cur++; a->beg++; if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION)) my_xml_norm_text(a); |