diff options
| author | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2013-11-25 13:49:07 +0530 |
|---|---|---|
| committer | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2013-11-25 13:49:07 +0530 |
| commit | 0f89c3667b1ea7c0847278c0b54f26539824d51c (patch) | |
| tree | b3c338176bf2999dffd033b607ba7f3820014993 /sql/item_xmlfunc.cc | |
| parent | 233d73f1f4a32b79a4696df7756e1a684deba20a (diff) | |
| download | mariadb-git-0f89c3667b1ea7c0847278c0b54f26539824d51c.tar.gz | |
Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED
WITH MALFORMED XPATH EXP
Problem:
A malformed XPATH expression in the ExtractValue query is
causing a server crash. This malformed XPATH expression is
resulted when the position attribute in the substring function
contains ".." in the beginning.
Solution:
The original crash is happening because the "../" is being
evaluated prematurely. It tries to access XML while it
hasn't been parsed yet. The premature evaluation is happening
because the val_nodeset function is being set to constant,
in which case we proceed to evaluate them in JOIN:prepare
stage only. The solution to this is setting the val_nodeset
functions as non-constant. This forces us to evaluate the function
in the JOIN:exec stage and thus avoid any premature evaluation of
the XML strings.
Diffstat (limited to 'sql/item_xmlfunc.cc')
| -rw-r--r-- | sql/item_xmlfunc.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc index ef2cd8fa2c1..173791c3128 100644 --- a/sql/item_xmlfunc.cc +++ b/sql/item_xmlfunc.cc @@ -220,6 +220,9 @@ public: { max_length= MAX_BLOB_WIDTH; collation.collation= pxml->charset(); + // To avoid premature evaluation, mark all nodeset functions as non-const. + used_tables_cache= RAND_TABLE_BIT; + const_item_cache= false; } const char *func_name() const { return "nodeset"; } }; |