From 8f4af421459d01a48e66a3279c174ef17ed486c0 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Thu, 18 Nov 2010 16:11:18 +0300 Subject: Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0 Problem: crash in Item_float constructor on DBUG_ASSERT due to not null-terminated string parameter. Fix: making Item_float::Item_float non-null-termintated parameter safe: - Using temporary buffer when generating error modified: @ mysql-test/r/xml.result @ mysql-test/t/xml.test @ sql/item.cc --- mysql-test/r/xml.result | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'mysql-test/r/xml.result') diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index fad2cab0e57..af4cf8efedd 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1093,4 +1093,11 @@ Warnings: Warning 1525 Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT' Warning 1525 Incorrect XML value: 'parse error at line 1 pos 23: unexpected END-OF-INPUT' DROP TABLE t1; +# +# Bug#57279 updatexml dies with: Assertion failed: str_arg[length] == 0 +# +SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1); +ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing +SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); +ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing End of 5.1 tests -- cgit v1.2.1 From 76ce2feb5fb5a280049c49becad3806cd58db5c3 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 19 Nov 2010 18:24:29 +0300 Subject: Bug#58175 xml functions read initialized bytes when conversions happen Problem: nr_of_decimals could read behind the end of the buffer in case of a non-null-terminated string, which caused valgring warnings. Fix: fixing nr_of_decimals not to read behind the "end" pointer. modified: @ mysql-test/r/xml.result @ mysql-test/t/xml.test @ sql/item.cc --- mysql-test/r/xml.result | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'mysql-test/r/xml.result') diff --git a/mysql-test/r/xml.result b/mysql-test/r/xml.result index af4cf8efedd..f5cf30e865b 100644 --- a/mysql-test/r/xml.result +++ b/mysql-test/r/xml.result @@ -1101,3 +1101,16 @@ ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111 SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing End of 5.1 tests +# +# Start of 5.5 tests +# +# +# Bug#58175 xml functions read initialized bytes when conversions happen +# +SET NAMES latin1; +SELECT UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0); +UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0) +NULL +# +# End of 5.5 tests +# -- cgit v1.2.1