Bug#28558 UpdateXML called with garbage crashes server
Problem: Memory overrun happened in attempts to generate error messages (e.g. in case of incorrect XPath syntax). Reason: set_if_bigger() was used instead of set_if_smaller(). Change: replacing wrong set_if_bigger() to set_if_smaller(), and making minor additional code clean-ups. mysql-test/r/xml.result: Adding test cases for all pieces of code with set_if_smaller() followed by my_printf_error(). mysql-test/t/xml.test: Adding test cases for all pieces of code with set_if_smaller() followed by my_printf_error(). sql/item_xmlfunc.cc: - fixing incorrect set_if_bigger to set_if_smaller in two places - getting read of unnesessary "char context[32]" variable and using '%.*s' instead if '%s' in the error format.
Showing
Please register or sign in to comment