database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Bug#28558 UpdateXML called with garbage crashes server

Browse Source 
Problem: Memory overrun happened in attempts to generate
error messages (e.g. in case of incorrect XPath syntax).
Reason: set_if_bigger() was used instead of set_if_smaller().
Change: replacing wrong set_if_bigger() to set_if_smaller(),
and making minor additional code clean-ups.
This commit is contained in:
bar@mysql.com/bar.myoffice.izhnet.ru
2007-05-23 12:34:47 +05:00
parent 0ce86cdc51
commit 240a927c54
3 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mysql-test/r/xml.result
View File

@@ -1006,3 +1006,9 @@ Warnings:
Warning 1292 Truncated incorrect INTEGER value: 'string '
Warning 1292 Truncated incorrect INTEGER value: 'string '
DROP PROCEDURE spxml;
select UpdateXML('<a>a</a>',repeat('a b ',1000),'');
ERROR HY000: XPATH syntax error: 'b a b a b a b a b a b a b a b a '
select ExtractValue('<a>a</a>', '/a[@x=@y0123456789_0123456789_0123456789_0123456789]');
ERROR HY000: XPATH error: comparison of two nodesets is not supported: '=@y0123456789_0123456789_0123456'
select ExtractValue('<a>a</a>', '/a[@x=$y0123456789_0123456789_0123456789_0123456789]');
ERROR HY000: Unknown XPATH variable at: '$y0123456789_0123456789_01234567'