diff options
| author | Alexander Barkov <bar@mysql.com> | 2010-05-05 14:34:20 +0400 |
|---|---|---|
| committer | Alexander Barkov <bar@mysql.com> | 2010-05-05 14:34:20 +0400 |
| commit | 25d31b8f7cfc2de56a2e5bf77b6b498687b8aa7f (patch) | |
| tree | 1abfd7db1feb7aa4fd379967e8d9010ec18e2b48 | |
| parent | 6bf10a8623e39efd90c62711cbf72ff5ff1e152c (diff) | |
| download | mariadb-git-25d31b8f7cfc2de56a2e5bf77b6b498687b8aa7f.tar.gz | |
Bug#51571 load xml infile causes server crash
Problem:
item->name was NULL for Item_user_var_as_out_param
which made strcmp(something, item->name) crash in the LOAD XML code.
Fix:
- item_func.h: Adding set_name() in constuctor for Item_user_var_as_out_param
- sql_load.cc: Changing the condition in write_execute_load_query_log_event() which
distiguished between Item_user_var_as_out_param and Item_field
from
if (item->name == NULL)
to
if (item->type() == Item::FIELD_ITEM)
- loadxml.result, loadxml.test: adding tests
| -rw-r--r-- | mysql-test/r/loadxml.result | 20 | ||||
| -rw-r--r-- | mysql-test/t/loadxml.test | 8 | ||||
| -rw-r--r-- | sql/item_func.h | 3 | ||||
| -rw-r--r-- | sql/sql_load.cc | 2 |
4 files changed, 31 insertions, 2 deletions
diff --git a/mysql-test/r/loadxml.result b/mysql-test/r/loadxml.result index 55e6759748a..7742f456252 100644 --- a/mysql-test/r/loadxml.result +++ b/mysql-test/r/loadxml.result @@ -73,3 +73,23 @@ id text line2
line3 drop table t1; +# +# Bug#51571 load xml infile causes server crash +# +CREATE TABLE t1 (a text, b text); +LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1 +ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b); +SELECT * FROM t1 ORDER BY a; +a b +1 !b1 +11 !b11 +111 !b111 +112 !b112 & < > " ' &unknown; -- check entities +2 !b2 +212 !b212 +213 !b213 +214 !b214 +215 !b215 +216 !&bb b; +3 !b3 +DROP TABLE t1; diff --git a/mysql-test/t/loadxml.test b/mysql-test/t/loadxml.test index 84a89a332a0..6faf712b6ce 100644 --- a/mysql-test/t/loadxml.test +++ b/mysql-test/t/loadxml.test @@ -108,3 +108,11 @@ load xml infile '../../std_data/loadxml2.dat' into table t1; select * from t1; drop table t1; +--echo # +--echo # Bug#51571 load xml infile causes server crash +--echo # +CREATE TABLE t1 (a text, b text); +LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1 +ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b); +SELECT * FROM t1 ORDER BY a; +DROP TABLE t1; diff --git a/sql/item_func.h b/sql/item_func.h index c3f8b254f28..834ecd60e21 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -1498,7 +1498,8 @@ class Item_user_var_as_out_param :public Item LEX_STRING name; user_var_entry *entry; public: - Item_user_var_as_out_param(LEX_STRING a) : name(a) {} + Item_user_var_as_out_param(LEX_STRING a) : name(a) + { set_name(a.str, 0, system_charset_info); } /* We should return something different from FIELD_ITEM here */ enum Type type() const { return STRING_ITEM;} double val_real(); diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 87a347b9f98..9bab87e2720 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -696,7 +696,7 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex, { if (n++) pfields.append(", "); - if (item->name) + if (item->type() == Item::FIELD_ITEM) { pfields.append("`"); pfields.append(item->name); |