Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1(EOL), 10.2(EOL), 10.3(EOL)
Description
I dump some data into an XML file:
mysql --xml -e "SELECT 'test' AS c1" >/tmp/dump.xml
|
Now I create table and a view with a non-updatable column:
CREATE OR REPLACE TABLE t1 (c1 TEXT); |
CREATE OR REPLACE VIEW v1 AS SELECT CONCAT(c1,'') AS c1 FROM t1; |
And try to load data into it:
LOAD XML INFILE '/tmp/dump.xml' INTO TABLE v1 (c1); |
The server crashed, either immediately, or on the next query.
The crash happens because read_xml_field casts item to Item_user_var_as_out_param without checking for proper Item type, in these two places:
else |
((Item_user_var_as_out_param *) item)->set_null_value(cs);
|
...
|
else |
((Item_user_var_as_out_param *) item)->set_value(
|
(char *) tag->value.ptr(), |
tag->value.length(), cs);
|