Commit 76ce2feb authored by Alexander Barkov's avatar Alexander Barkov

Bug#58175 xml functions read initialized bytes when conversions happen

Problem:

 nr_of_decimals could read behind the end of the buffer
 in case of a non-null-terminated string, which caused
 valgring warnings.

Fix:

  fixing nr_of_decimals not to read behind the "end" pointer.

modified:

  @ mysql-test/r/xml.result
  @ mysql-test/t/xml.test
  @ sql/item.cc
parent e4361481
...@@ -1101,3 +1101,16 @@ ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111 ...@@ -1101,3 +1101,16 @@ ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111
SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing ERROR 22007: Illegal double '111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111' value found during parsing
End of 5.1 tests End of 5.1 tests
#
# Start of 5.5 tests
#
#
# Bug#58175 xml functions read initialized bytes when conversions happen
#
SET NAMES latin1;
SELECT UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0);
UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0)
NULL
#
# End of 5.5 tests
#
...@@ -628,3 +628,18 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1)); ...@@ -628,3 +628,18 @@ SELECT EXTRACTVALUE('', LPAD(0.1111E-15, '2011', 1));
--echo End of 5.1 tests --echo End of 5.1 tests
--echo #
--echo # Start of 5.5 tests
--echo #
--echo #
--echo # Bug#58175 xml functions read initialized bytes when conversions happen
--echo #
SET NAMES latin1;
SELECT UPDATEXML(CONVERT('' USING swe7), TRUNCATE('',1), 0);
--echo #
--echo # End of 5.5 tests
--echo #
...@@ -5527,10 +5527,27 @@ static uint nr_of_decimals(const char *str, const char *end) ...@@ -5527,10 +5527,27 @@ static uint nr_of_decimals(const char *str, const char *end)
break; break;
} }
decimal_point= str; decimal_point= str;
for (; my_isdigit(system_charset_info, *str) ; str++) for ( ; str < end && my_isdigit(system_charset_info, *str) ; str++)
; ;
if (*str == 'e' || *str == 'E') if (str < end && (*str == 'e' || *str == 'E'))
return NOT_FIXED_DEC; return NOT_FIXED_DEC;
/*
QQ:
The number of decimal digist in fact should be (str - decimal_point - 1).
But it seems the result of nr_of_decimals() is never used!
In case of 'e' and 'E' nr_of_decimals returns NOT_FIXED_DEC.
In case if there is no 'e' or 'E' parser code in sql_yacc.yy
never calls Item_float::Item_float() - it creates Item_decimal instead.
The only piece of code where we call Item_float::Item_float(str, len)
without having 'e' or 'E' is item_xmlfunc.cc, but this Item_float
never appears in metadata itself. Changing the code to return
(str - decimal_point - 1) does not make any changes in the test results.
This should be addressed somehow.
Looks like a reminder from before real DECIMAL times.
*/
return (uint) (str - decimal_point); return (uint) (str - decimal_point);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment