From fd1e3b03ff8837e8af1a8aa486cc2b13f872861f Mon Sep 17 00:00:00 2001
From: Alexander Barkov <alexander.barkov@oracle.com>
Date: Tue, 1 Mar 2011 15:30:18 +0300
Subject: Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG
 #44332

Problem: a byte behind the end of input string was read
in case of a broken XML not having a quote or doublequote
character closing a string value.

Fix: changing condition not to read behind the end of input string

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  Adding tests

  @ strings/xml.c
  When checking if the closing quote/doublequote was found,
  using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
  Comparing p->cur to p->beg instead.
---
 mysql-test/t/xml.test | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'mysql-test/t/xml.test')

diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test
index 148c5701e61..8db5ca75f1c 100644
--- a/mysql-test/t/xml.test
+++ b/mysql-test/t/xml.test
@@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
 SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
+--echo #
+--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
+--echo #
+SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
+
 --echo End of 5.1 tests
-- 
cgit v1.2.1