diff options
| author | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2013-11-25 13:50:19 +0530 |
|---|---|---|
| committer | Anirudh Mangipudi <anirudh.mangipudi@oracle.com> | 2013-11-25 13:50:19 +0530 |
| commit | df20283086ce3a3dbb6cdeb35a977e9b26669cba (patch) | |
| tree | 006ef205af6a72607d90ae1a0563978ef0edcd59 /sql/item_xmlfunc.cc | |
| parent | 946c24685094cca439d8baaa2262a89ca5992ba2 (diff) | |
| parent | f80d5653778ce324866744de92574491557f529f (diff) | |
| download | mariadb-git-df20283086ce3a3dbb6cdeb35a977e9b26669cba.tar.gz | |
Bug#12428404 MYSQLD.EXE CRASHES WHEN EXTRACTVALUE() IS CALLED WITH
MALFORMED XPATH EXP
Problem:
A malformed XPATH expression in the ExtractValue query is causing
a server crash. This malformed XPATH expression is resulted when
the position attribute in the substring function contains ".." in
the beginning.
Solution:
The original crash is happening because the "../" is being evaluated
prematurely. It tries to access XML while it hasn't been parsed yet.
The premature evaluation is happening because the val_nodeset function
is being set to constant, in which case we proceed to evaluate them in
JOIN:prepare stage only. The solution to this is setting the val_nodeset
functions as non-constant. This forces us to evaluate the function in
the JOIN:exec stage and thus avoid any premature evaluation of the
XML strings.
Diffstat (limited to 'sql/item_xmlfunc.cc')
| -rw-r--r-- | sql/item_xmlfunc.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sql/item_xmlfunc.cc b/sql/item_xmlfunc.cc index c6902878c86..0a4f501186e 100644 --- a/sql/item_xmlfunc.cc +++ b/sql/item_xmlfunc.cc @@ -226,6 +226,9 @@ public: { max_length= MAX_BLOB_WIDTH; collation.collation= pxml->charset(); + // To avoid premature evaluation, mark all nodeset functions as non-const. + used_tables_cache= RAND_TABLE_BIT; + const_item_cache= false; } const char *func_name() const { return "nodeset"; } }; |