Commit a24ea50d authored by Alexander Barkov's avatar Alexander Barkov

MDEV-5338 XML parser accepts malformed data

parent 213f1036
...@@ -132,7 +132,7 @@ xb1 xc1 ...@@ -132,7 +132,7 @@ xb1 xc1
SELECT extractValue(@xml,'/a//@x[2]'); SELECT extractValue(@xml,'/a//@x[2]');
extractValue(@xml,'/a//@x[2]') extractValue(@xml,'/a//@x[2]')
xb2 xc2 xb2 xc2
SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</c></b></a>'; SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</b></c></a>';
SELECT extractValue(@xml,'//b[1]'); SELECT extractValue(@xml,'//b[1]');
extractValue(@xml,'//b[1]') extractValue(@xml,'//b[1]')
b1 c1b1 c2b1 b1 c1b1 c2b1
...@@ -1133,3 +1133,22 @@ NULL ...@@ -1133,3 +1133,22 @@ NULL
Warnings: Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)' Warning 1525 Incorrect XML value: 'parse error at line 1 pos 11: STRING unexpected (ident or '/' wanted)'
End of 5.1 tests End of 5.1 tests
#
# Start of 5.3 tests
#
#
# MDEV-5338 XML parser accepts malformed data
#
SELECT ExtractValue('<a>xxx</c>','/a/b');
ExtractValue('<a>xxx</c>','/a/b')
NULL
Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 10: '</c>' unexpected ('</a>' wanted)'
SELECT ExtractValue('<a><b>xxx</c></a>','/a/b');
ExtractValue('<a><b>xxx</c></a>','/a/b')
NULL
Warnings:
Warning 1525 Incorrect XML value: 'parse error at line 1 pos 13: '</c>' unexpected ('</b>' wanted)'
#
# End of 5.3 tests
#
...@@ -53,7 +53,7 @@ SELECT extractValue(@xml,'/a//@x'); ...@@ -53,7 +53,7 @@ SELECT extractValue(@xml,'/a//@x');
SELECT extractValue(@xml,'/a//@x[1]'); SELECT extractValue(@xml,'/a//@x[1]');
SELECT extractValue(@xml,'/a//@x[2]'); SELECT extractValue(@xml,'/a//@x[2]');
SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</c></b></a>'; SET @xml='<a><b>b1</b><b>b2</b><c><b>c1b1</b><b>c1b2</b></c><c><b>c2b1</b></c></a>';
SELECT extractValue(@xml,'//b[1]'); SELECT extractValue(@xml,'//b[1]');
SELECT extractValue(@xml,'/descendant::b[1]'); SELECT extractValue(@xml,'/descendant::b[1]');
...@@ -652,3 +652,17 @@ SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1'); ...@@ -652,3 +652,17 @@ SELECT UPDATEXML(CONVERT(_latin1'<!--' USING utf8),'1','1');
SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1); SELECT ExtractValue(CONVERT('<\"', BINARY(10)), 1);
--echo End of 5.1 tests --echo End of 5.1 tests
--echo #
--echo # Start of 5.3 tests
--echo #
--echo #
--echo # MDEV-5338 XML parser accepts malformed data
--echo #
SELECT ExtractValue('<a>xxx</c>','/a/b');
SELECT ExtractValue('<a><b>xxx</c></a>','/a/b');
--echo #
--echo # End of 5.3 tests
--echo #
...@@ -240,7 +240,7 @@ static void mstr(char *s,const char *src,size_t l1, size_t l2) ...@@ -240,7 +240,7 @@ static void mstr(char *s,const char *src,size_t l1, size_t l2)
static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen) static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen)
{ {
char *e; char *e, *tag;
size_t glen; size_t glen;
char s[32]; char s[32];
char g[32]; char g[32];
...@@ -249,13 +249,14 @@ static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen) ...@@ -249,13 +249,14 @@ static int my_xml_leave(MY_XML_PARSER *p, const char *str, size_t slen)
/* Find previous '/' or beginning */ /* Find previous '/' or beginning */
for (e=p->attrend; (e>p->attr) && (e[0] != '/') ; e--); for (e=p->attrend; (e>p->attr) && (e[0] != '/') ; e--);
glen = (size_t) ((e[0] == '/') ? (p->attrend-e-1) : p->attrend-e); glen = (size_t) ((e[0] == '/') ? (p->attrend-e-1) : p->attrend-e);
tag= e[0] == '/' ? e + 1 : e;
if (str && (slen != glen))
if (str && (slen != glen || memcmp(str, tag, slen)))
{ {
mstr(s,str,sizeof(s)-1,slen); mstr(s,str,sizeof(s)-1,slen);
if (glen) if (glen)
{ {
mstr(g,e+1,sizeof(g)-1,glen), mstr(g, tag, sizeof(g)-1, glen);
sprintf(p->errstr,"'</%s>' unexpected ('</%s>' wanted)",s,g); sprintf(p->errstr,"'</%s>' unexpected ('</%s>' wanted)",s,g);
} }
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment