Commit b32f13ee authored by Anirudh Mangipudi's avatar Anirudh Mangipudi

Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED WITH

MALFORMED XPATH EXP
Problem:
A malformed XPATH expression in the ExtractValue query is causing
a server crash. This malformed XPATH expression is resulted when 
the position attribute in the substring function contains ".." in
the beginning.
Solution:
The original crash is happening because the "../" is being evaluated
prematurely. It tries to access XML while it hasn't been parsed yet.
The premature evaluation is happening because the val_nodeset function
is being set to constant, in which case we proceed to evaluate them in
JOIN:prepare stage only. The solution to this is setting the val_nodeset
functions as non-constant. This forces us to evaluate the function in
the JOIN:exec stage and thus avoid any premature evaluation of the 
XML strings.
parents 16db26fc 0f89c366
...@@ -226,6 +226,9 @@ class Item_nodeset_func :public Item_str_func ...@@ -226,6 +226,9 @@ class Item_nodeset_func :public Item_str_func
{ {
max_length= MAX_BLOB_WIDTH; max_length= MAX_BLOB_WIDTH;
collation.collation= pxml->charset(); collation.collation= pxml->charset();
// To avoid premature evaluation, mark all nodeset functions as non-const.
used_tables_cache= RAND_TABLE_BIT;
const_item_cache= false;
} }
const char *func_name() const { return "nodeset"; } const char *func_name() const { return "nodeset"; }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment