database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

Bug#44332 my_xml_scan reads behind the end of buffer

Browse Source 
Problem: the scanner function tested for strings "<![CDATA[" and
"-->" without checking input string boundaries, which led to valgrind's
"Conditional jump or move depends on uninitialised value(s)" error.

Fix: Adding boundary checking.

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  Adding test

  @ strings/xml.c
  Adding a helper function my_xml_parser_prefix_cmp(),
  with input string boundary check.
This commit is contained in:
Alexander Barkov
2011-01-18 09:38:41 +03:00
parent f25ab9fe22
commit cf0e22fe75
3 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
mysql-test/t/xml.test
View File

@ -640,5 +640,10 @@ SELECT UPDATEXML(NULL, (LPAD(0.1111E-15, '2011', 1)), 1);
--error ER_ILLEGAL_VALUE_FOR_TYPE
SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
--echo #
--echo # Bug #44332 my_xml_scan reads behind the end of buffer
--echo #
SELECT UPDATEXML(CONVERT(_latin1'<' USING utf8),'1','1');
SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
--echo End of 5.1 tests