From 5574a2cd91eaf76fd2263b38d64d8c617d3c1d02 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Tue, 18 Jan 2011 09:38:41 +0300 Subject: Bug#44332 my_xml_scan reads behind the end of buffer Problem: the scanner function tested for strings "" without checking input string boundaries, which led to valgrind's "Conditional jump or move depends on uninitialised value(s)" error. Fix: Adding boundary checking. @ mysql-test/r/xml.result @ mysql-test/t/xml.test Adding test @ strings/xml.c Adding a helper function my_xml_parser_prefix_cmp(), with input string boundary check. --- mysql-test/r/xml.result | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'mysql-test/r/xml.result') diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index 92f84381415..0a71a596505 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1113,4 +1113,15 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1); ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing +# +# Bug #44332 my_xml_scan reads behind the end of buffer +# +SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1'); +UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: END-OF-INPUT unexpected (ident or '/' wanted)' +SELECT UPDATEXML(CONVERT(_latin1'