Commit f311e6f0 authored by Alexander Barkov's avatar Alexander Barkov

Bug#51571 load xml infile causes server crash

  
  Problem:
  item->name was NULL for Item_user_var_as_out_param
  which made strcmp(something, item->name) crash in the LOAD XML code.
  
  Fix:
  - item_func.h: Adding set_name() in constuctor for Item_user_var_as_out_param
  - sql_load.cc: Changing the condition in write_execute_load_query_log_event() which
  distiguished between Item_user_var_as_out_param and Item_field
  from
    if (item->name == NULL)
  to
    if (item->type() == Item::FIELD_ITEM)
  - loadxml.result, loadxml.test: adding tests
parent b41c8186
...@@ -73,3 +73,23 @@ id text ...@@ -73,3 +73,23 @@ id text
line2 line2
line3 line3
drop table t1; drop table t1;
#
# Bug#51571 load xml infile causes server crash
#
CREATE TABLE t1 (a text, b text);
LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
SELECT * FROM t1 ORDER BY a;
a b
1 !b1
11 !b11
111 !b111
112 !b112 & < > " ' &unknown; -- check entities
2 !b2
212 !b212
213 !b213
214 !b214
215 !b215
216 !&bb b;
3 !b3
DROP TABLE t1;
...@@ -108,3 +108,11 @@ load xml infile '../../std_data/loadxml2.dat' into table t1; ...@@ -108,3 +108,11 @@ load xml infile '../../std_data/loadxml2.dat' into table t1;
select * from t1; select * from t1;
drop table t1; drop table t1;
--echo #
--echo # Bug#51571 load xml infile causes server crash
--echo #
CREATE TABLE t1 (a text, b text);
LOAD XML INFILE '../../std_data/loadxml.dat' INTO TABLE t1
ROWS IDENTIFIED BY '<row>' (a,@b) SET b=concat('!',@b);
SELECT * FROM t1 ORDER BY a;
DROP TABLE t1;
...@@ -1498,7 +1498,8 @@ class Item_user_var_as_out_param :public Item ...@@ -1498,7 +1498,8 @@ class Item_user_var_as_out_param :public Item
LEX_STRING name; LEX_STRING name;
user_var_entry *entry; user_var_entry *entry;
public: public:
Item_user_var_as_out_param(LEX_STRING a) : name(a) {} Item_user_var_as_out_param(LEX_STRING a) : name(a)
{ set_name(a.str, 0, system_charset_info); }
/* We should return something different from FIELD_ITEM here */ /* We should return something different from FIELD_ITEM here */
enum Type type() const { return STRING_ITEM;} enum Type type() const { return STRING_ITEM;}
double val_real(); double val_real();
......
...@@ -696,7 +696,7 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex, ...@@ -696,7 +696,7 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex,
{ {
if (n++) if (n++)
pfields.append(", "); pfields.append(", ");
if (item->name) if (item->type() == Item::FIELD_ITEM)
{ {
pfields.append("`"); pfields.append("`");
pfields.append(item->name); pfields.append(item->name);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment