From 5574a2cd91eaf76fd2263b38d64d8c617d3c1d02 Mon Sep 17 00:00:00 2001
From: Alexander Barkov <alexander.barkov@oracle.com>
Date: Tue, 18 Jan 2011 09:38:41 +0300
Subject: Bug#44332 my_xml_scan reads behind the end of buffer

Problem: the scanner function tested for strings "<![CDATA[" and
"-->" without checking input string boundaries, which led to valgrind's
"Conditional jump or move depends on uninitialised value(s)" error.

Fix: Adding boundary checking.

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  Adding test

  @ strings/xml.c
  Adding a helper function my_xml_parser_prefix_cmp(),
  with input string boundary check.
---
 mysql-test/t/xml.test | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'mysql-test/t/xml.test')

diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test
index 416f1fef0c5..148c5701e61 100644
--- a/mysql-test/t/xml.test
+++ b/mysql-test/t/xml.test
@@ -640,5 +640,10 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1);
 --error ER_ILLEGAL_VALUE_FOR_TYPE
 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 
+--echo #
+--echo # Bug #44332 	my_xml_scan reads behind the end of buffer
+--echo #
+SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
+SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
 --echo End of 5.1 tests
-- 
cgit v1.2.1