Bug#44332 my_xml_scan reads behind the end of buffer

Problem: the scanner function tested for strings "<![CDATA[" and "-->" without checking input string boundaries, which led to valgrind's "Conditional jump or move depends on uninitialised value(s)" error. Fix: Adding boundary checking. @ mysql-test/r/xml.result @ mysql-test/t/xml.test Adding test @ strings/xml.c Adding a helper function my_xml_parser_prefix_cmp(), with input string boundary check.
author: Alexander Barkov <alexander.barkov@oracle.com> 2011-01-18 09:38:41 +0300
committer: Alexander Barkov <alexander.barkov@oracle.com> 2011-01-18 09:38:41 +0300
commit: 5574a2cd91eaf76fd2263b38d64d8c617d3c1d02 (patch)
tree: fe19f7495a00bb6091ce81a4d85aac71ebb440a4 /mysql-test/t/xml.test
parent: afa2ec12d076947d70baa10a5dd4922fa483a1a4 (diff)
download: mariadb-git-5574a2cd91eaf76fd2263b38d64d8c617d3c1d02.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/mysql-test/t/xml.test b/mysql-test/t/xml.test
index 416f1fef0c5..148c5701e61 100644
--- a/mysql-test/t/xml.test
+++ b/mysql-test/t/xml.test
@@ -640,5 +640,10 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1);
 --error ER_ILLEGAL_VALUE_FOR_TYPE
 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
 
+--echo #
+--echo # Bug #44332 	my_xml_scan reads behind the end of buffer
+--echo #
+SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
+SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
 
 --echo End of 5.1 tests
author	Alexander Barkov <alexander.barkov@oracle.com>	2011-01-18 09:38:41 +0300
committer	Alexander Barkov <alexander.barkov@oracle.com>	2011-01-18 09:38:41 +0300
commit	5574a2cd91eaf76fd2263b38d64d8c617d3c1d02 (patch)
tree	fe19f7495a00bb6091ce81a4d85aac71ebb440a4 /mysql-test/t/xml.test
parent	afa2ec12d076947d70baa10a5dd4922fa483a1a4 (diff)
download	mariadb-git-5574a2cd91eaf76fd2263b38d64d8c617d3c1d02.tar.gz