diff options
| author | Alexander Barkov <bar@mariadb.org> | 2017-11-03 09:27:53 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mariadb.org> | 2017-11-03 09:27:53 +0400 |
| commit | 7a63a7dc6d0c959c48b88dbea8e848c7bf4a0b88 (patch) | |
| tree | a25ced410042595d43eb51c3c8954fef98a35105 | |
| parent | 3ab112eb39dad0ac4bd9d68306cf6040161e9dc2 (diff) | |
| download | mariadb-git-7a63a7dc6d0c959c48b88dbea8e848c7bf4a0b88.tar.gz | |
MDEV-14269 errors.test fails with valgrind (Conditional jump or move depends on uninitialised value)
| -rw-r--r-- | mysql-test/r/errors.result | 8 | ||||
| -rw-r--r-- | mysql-test/t/errors.test | 11 | ||||
| -rw-r--r-- | sql/item_xmlfunc.cc | 30 |
3 files changed, 42 insertions, 7 deletions
diff --git a/mysql-test/r/errors.result b/mysql-test/r/errors.result index bcc171e404d..dcb952fcdeb 100644 --- a/mysql-test/r/errors.result +++ b/mysql-test/r/errors.result @@ -174,3 +174,11 @@ set max_session_mem_used = 50000; select * from seq_1_to_1000; set max_session_mem_used = 8192; select * from seq_1_to_1000; +# +# MDEV-14269 errors.test fails with valgrind (Conditional jump or move depends on uninitialised value) +# +SET NAMES utf8; +SELECT UPDATEXML(-73 * -2465717823867977728,@@global.auto_increment_increment,null); +ERROR 22003: BIGINT value is out of range in '-73 * -2465717823867977728' +SELECT UPDATEXML(-73 * -2465717823867977728,@@global.long_query_time,null); +ERROR 22003: BIGINT value is out of range in '-73 * -2465717823867977728' diff --git a/mysql-test/t/errors.test b/mysql-test/t/errors.test index 55461002fd4..e8d3bf85c09 100644 --- a/mysql-test/t/errors.test +++ b/mysql-test/t/errors.test @@ -213,3 +213,14 @@ select * from seq_1_to_1000; --enable_result_log # We may not be able to execute any more queries with this connection # because of too little memory# + + +--echo # +--echo # MDEV-14269 errors.test fails with valgrind (Conditional jump or move depends on uninitialised value) +--echo # + +SET NAMES utf8; +--error ER_DATA_OUT_OF_RANGE +SELECT UPDATEXML(-73 * -2465717823867977728,@@global.auto_increment_increment,null); +--error ER_DATA_OUT_OF_RANGE +SELECT UPDATEXML(-73 * -2465717823867977728,@@global.long_query_time,null); diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc index 8b428a45bee..a69d48e8328 100644 --- a/sql/item_xmlfunc.cc +++ b/sql/item_xmlfunc.cc @@ -2464,6 +2464,21 @@ static int my_xpath_parse_UnaryExpr(MY_XPATH *xpath) } +/** + A helper class to make a null-terminated string from XPath fragments. + The string is allocated on the THD memory root. +*/ +class XPath_cstring_null_terminated: public LEX_CSTRING +{ +public: + XPath_cstring_null_terminated(THD *thd, const char *str, size_t length) + { + if (thd->make_lex_string(this, str, length)) + static_cast<LEX_CSTRING>(*this)= empty_clex_str; + } +}; + + /* Scan Number @@ -2498,14 +2513,15 @@ static int my_xpath_parse_Number(MY_XPATH *xpath) thd= xpath->thd; if (!my_xpath_parse_term(xpath, MY_XPATH_LEX_DOT)) { - xpath->item= new (thd->mem_root) Item_int(thd, xpath->prevtok.beg, - (uint)(xpath->prevtok.end - xpath->prevtok.beg)); - return 1; + XPath_cstring_null_terminated nr(thd, beg, xpath->prevtok.end - beg); + xpath->item= new (thd->mem_root) Item_int(thd, nr.str, (uint) nr.length); + } + else + { + my_xpath_parse_term(xpath, MY_XPATH_LEX_DIGITS); + XPath_cstring_null_terminated nr(thd, beg, xpath->prevtok.end - beg); + xpath->item= new (thd->mem_root) Item_float(thd, nr.str, (uint) nr.length); } - my_xpath_parse_term(xpath, MY_XPATH_LEX_DIGITS); - - xpath->item= new (thd->mem_root) Item_float(thd, beg, - (uint)(xpath->prevtok.end - beg)); return 1; } |