From fe14a7be6af8af1b37f2395e64f53472e2e6796f Mon Sep 17 00:00:00 2001
From: Sergey Glukhov <Sergey.Glukhov@sun.com>
Date: Wed, 4 Feb 2009 15:40:12 +0400
Subject: [PATCH] Bug#42495 updatexml: Assertion failed: xpath->context, file
.\item_xmlfunc.cc, line 2507 Problem: RelativeLocationPath can appear only
after a node-set expression in the third and the fourth branches of this
rule: PathExpr :: = LocationPath | FilterExpr
| FilterExpr '/' RelativeLocationPath |
FilterExpr '//' RelativeLocationPath XPatch code didn't check the type of
FilterExpr and crashed. Fix: If FilterExpr is a scalar expression
(variable reference, literal, number, scalar function call) return error.
mysql-test/r/xml.result:
test result
mysql-test/t/xml.test:
test case
sql/item_xmlfunc.cc:
Problem:
RelativeLocationPath can appear only after a node-set expression
in the third and the fourth branches of this rule:
PathExpr :: = LocationPath
| FilterExpr
| FilterExpr '/' RelativeLocationPath
| FilterExpr '//' RelativeLocationPath
XPatch code didn't check the type of FilterExpr and crashed.
Fix:
If FilterExpr is a scalar expression
(variable reference, literal, number, scalar function call)
return error.
---
mysql-test/r/xml.result | 11 +++++++++++
mysql-test/t/xml.test | 14 ++++++++++++++
sql/item_xmlfunc.cc | 8 +++++++-
3 files changed, 32 insertions(+), 1 deletion(-)
diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result
index 41c0d6bee21..404b0dc3789 100644
--- a/mysql-test/r/xml.result
+++ b/mysql-test/r/xml.result
@@ -1053,4 +1053,15 @@ ExtractValue('<xml xxx "yyy">CharData</xml>', '/xml')
NULL
Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 17: STRING unexpected ('>' wanted)'
+set @x=10;
+select extractvalue('<a></a>','$@x/a');
+ERROR HY000: XPATH syntax error: '/a'
+select extractvalue('<a></a>','round(123.4)/a');
+ERROR HY000: XPATH syntax error: '/a'
+select extractvalue('<a></a>','1/a');
+ERROR HY000: XPATH syntax error: '/a'
+select extractvalue('<a></a>','"b"/a');
+ERROR HY000: XPATH syntax error: '/a'
+select extractvalue('<a></a>','(1)/a');
+ERROR HY000: XPATH syntax error: '/a'
End of 5.1 tests
diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test
index d840e14ba5f..74bce8dc962 100644
--- a/mysql-test/t/xml.test
+++ b/mysql-test/t/xml.test
@@ -575,5 +575,19 @@ SELECT ExtractValue(@xml, 'html/body');
SELECT ExtractValue('<xml "xxx" "yyy">CharData</xml>', '/xml');
SELECT ExtractValue('<xml xxx "yyy">CharData</xml>', '/xml');
+#
+# Bug#42495 updatexml: Assertion failed: xpath->context, file .\item_xmlfunc.cc, line 2507
+#
+set @x=10;
+--error ER_UNKNOWN_ERROR
+select extractvalue('<a></a>','$@x/a');
+--error ER_UNKNOWN_ERROR
+select extractvalue('<a></a>','round(123.4)/a');
+--error ER_UNKNOWN_ERROR
+select extractvalue('<a></a>','1/a');
+--error ER_UNKNOWN_ERROR
+select extractvalue('<a></a>','"b"/a');
+--error ER_UNKNOWN_ERROR
+select extractvalue('<a></a>','(1)/a');
--echo End of 5.1 tests
diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc
index 68d85418324..5601a2b18c6 100644
--- a/sql/item_xmlfunc.cc
+++ b/sql/item_xmlfunc.cc
@@ -1969,6 +1969,13 @@ my_xpath_parse_FilterExpr_opt_slashes_RelativeLocationPath(MY_XPATH *xpath)
if (!my_xpath_parse_term(xpath, MY_XPATH_LEX_SLASH))
return 1;
+ if (xpath->item->type() != Item::XPATH_NODESET)
+ {
+ xpath->lasttok= xpath->prevtok;
+ xpath->error= 1;
+ return 0;
+ }
+
my_xpath_parse_term(xpath, MY_XPATH_LEX_SLASH);
return my_xpath_parse_RelativeLocationPath(xpath);
}
@@ -1976,7 +1983,6 @@ static int my_xpath_parse_PathExpr(MY_XPATH *xpath)
{
return my_xpath_parse_LocationPath(xpath) ||
my_xpath_parse_FilterExpr_opt_slashes_RelativeLocationPath(xpath);
-
}
--
2.30.9