Commit fd1e3b03 authored by Alexander Barkov's avatar Alexander Barkov

Bug#11766725 (Bug#59901) EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332

Problem: a byte behind the end of input string was read
in case of a broken XML not having a quote or doublequote
character closing a string value.

Fix: changing condition not to read behind the end of input string

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  Adding tests

  @ strings/xml.c
  When checking if the closing quote/doublequote was found,
  using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
  Comparing p->cur to p->beg instead.
parent fc6197ab
...@@ -1124,4 +1124,12 @@ Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT une ...@@ -1124,4 +1124,12 @@ Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT une
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1') UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1')
NULL NULL
#
# Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
#
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
ExtractValue(CONVERT('<\"', BINARY(10)), 1)
NULL
Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
End of 5.1 tests End of 5.1 tests
...@@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); ...@@ -646,4 +646,9 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
--echo #
--echo # Bug#11766725 (bug#59901): EXTRACTVALUE STILL BROKEN AFTER FIX FOR BUG #44332
--echo #
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
--echo End of 5.1 tests --echo End of 5.1 tests
...@@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a) ...@@ -165,11 +165,16 @@ static int my_xml_scan(MY_XML_PARSER *p,MY_XML_ATTR *a)
} }
else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') ) else if ( (p->cur[0] == '"') || (p->cur[0] == '\'') )
{ {
/*
"string" or 'string' found.
Scan until the closing quote/doublequote, or until the END-OF-INPUT.
*/
p->cur++; p->cur++;
for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++) for (; ( p->cur < p->end ) && (p->cur[0] != a->beg[0]); p->cur++)
{} {}
a->end=p->cur; a->end=p->cur;
if (a->beg[0] == p->cur[0])p->cur++; if (p->cur < p->end) /* Closing quote or doublequote has been found */
p->cur++;
a->beg++; a->beg++;
if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION)) if (!(p->flags & MY_XML_FLAG_SKIP_TEXT_NORMALIZATION))
my_xml_norm_text(a); my_xml_norm_text(a);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment