Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15118

ExtractValue(xml,something_complex) does not work

    Details

      Description

      This problem was revealed after applying a fix for MDEV-13790. So this one should be fixed first.

      I run this script:

      CREATE OR REPLACE TABLE t1 (xml TEXT);
      INSERT INTO t1 VALUES (CONCAT('<a>aaa</a>'));
      SELECT ExtractValue(xml, '/a') AS a FROM t1;
      SELECT ExtractValue(xml, FROM_BASE64(TO_BASE64('/a'))) AS a FROM t1;
      DROP TABLE t1;
      

      The first SELECT correctly returns this result:

      +------+
      | a    |
      +------+
      | aaa  |
      +------+
      

      The second SELECT returns a wrong empty result:

      +------+
      | a    |
      +------+
      |      |
      +------+
      

      The expected result is aaa, as in the first SELECT

      Furthermore, if I put the above script into an MTR test and run it with --valgrind, it reports invalid read from a freed memory:

      line
      ==11896== Thread 4:
      ==11896== Invalid read of size 1
      ==11896==    at 0x9CCE57: Item_nodeset_func_axisbyname::validname(my_xml_node_st*) (item_xmlfunc.cc:277)
      ==11896==    by 0x9C789E: Item_nodeset_func_childbyname::val_nodeset(String*) (item_xmlfunc.cc:678)
      ==11896==    by 0x9CC985: Item_nodeset_func::val_str(String*) (item_xmlfunc.cc:195)
      ==11896==    by 0x9CBF82: Item_func_xml_extractvalue::val_str(String*) (item_xmlfunc.cc:2910)
      ==11896==    by 0x86E4D8: Item::send(Protocol*, String*) (item.cc:6611)
      ==11896==    by 0x5A4F39: Protocol::send_result_set_row(List<Item>*) (protocol.cc:912)
      ==11896==    by 0x615A7C: select_send::send_data(List<Item>&) (sql_class.cc:2579)
      ==11896==    by 0x6B5E3D: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:19099)
      ==11896==    by 0x6B29F5: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17591)
      ==11896==    by 0x68FC5F: JOIN::exec_inner() (sql_select.cc:3108)
      ==11896==    by 0x68D041: JOIN::exec() (sql_select.cc:2394)
      ==11896==    by 0x6904BA: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3333)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==    by 0x65C714: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6569)
      ==11896==  Address 0xcad9799 is 9 bytes inside a block of size 16 free'd
      ==11896==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
      ==11896==    by 0xE8ABC1: my_free (my_malloc.c:216)
      ==11896==    by 0x59B118: String::free() (sql_string.h:267)
      ==11896==    by 0x59B085: String::~String() (sql_string.h:119)
      ==11896==    by 0x9CB8B4: Item_xml_str_func::fix_fields(THD*, Item**) (item_xmlfunc.cc:2637)
      ==11896==    by 0x5F928A: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, List<Item>*, bool) (sql_base.cc:7867)
      ==11896==    by 0x6873C8: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:795)
      ==11896==    by 0x690408: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3313)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==    by 0x65C714: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6569)
      ==11896==    by 0x64F0B6: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1296)
      ==11896==    by 0x64E3C5: do_command(THD*) (sql_parse.cc:999)
      ==11896==    by 0x774DF1: do_handle_one_connection(THD*) (sql_connect.cc:1377)
      ==11896==    by 0x774B4F: handle_one_connection (sql_connect.cc:1292)
      ==11896==  Block was alloc'd at
      ==11896==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
      ==11896==    by 0xE8A70E: my_malloc (my_malloc.c:100)
      ==11896==    by 0x6F3A16: String::real_alloc(unsigned int) (sql_string.cc:44)
      ==11896==    by 0x5A6EA8: String::alloc(unsigned int) (sql_string.h:277)
      ==11896==    by 0x8D2B27: Item_func_from_base64::val_str(String*) (item_strfunc.cc:536)
      ==11896==    by 0x9CB695: Item_xml_str_func::fix_fields(THD*, Item**) (item_xmlfunc.cc:2665)
      ==11896==    by 0x5F928A: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, List<Item>*, bool) (sql_base.cc:7867)
      ==11896==    by 0x6873C8: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:795)
      ==11896==    by 0x690408: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3313)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==    by 0x65C714: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6569)
      ==11896==    by 0x64F0B6: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1296)
      ==11896==    by 0x64E3C5: do_command(THD*) (sql_parse.cc:999)
      ==11896==    by 0x774DF1: do_handle_one_connection(THD*) (sql_connect.cc:1377)
      ==11896== Invalid read of size 1
      ==11896==    at 0x4C34C47: __memcmp_sse4_1 (vg_replace_strmem.c:1099)
      ==11896==    by 0x9CCEB5: Item_nodeset_func_axisbyname::validname(my_xml_node_st*) (item_xmlfunc.cc:280)
      ==11896==    by 0x9C789E: Item_nodeset_func_childbyname::val_nodeset(String*) (item_xmlfunc.cc:678)
      ==11896==    by 0x9CC985: Item_nodeset_func::val_str(String*) (item_xmlfunc.cc:195)
      ==11896==    by 0x9CBF82: Item_func_xml_extractvalue::val_str(String*) (item_xmlfunc.cc:2910)
      ==11896==    by 0x86E4D8: Item::send(Protocol*, String*) (item.cc:6611)
      ==11896==    by 0x5A4F39: Protocol::send_result_set_row(List<Item>*) (protocol.cc:912)
      ==11896==    by 0x615A7C: select_send::send_data(List<Item>&) (sql_class.cc:2579)
      ==11896==    by 0x6B5E3D: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:19099)
      ==11896==    by 0x6B29F5: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17591)
      ==11896==    by 0x68FC5F: JOIN::exec_inner() (sql_select.cc:3108)
      ==11896==    by 0x68D041: JOIN::exec() (sql_select.cc:2394)
      ==11896==    by 0x6904BA: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3333)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==  Address 0xcad9799 is 9 bytes inside a block of size 16 free'd
      ==11896==    at 0x4C2FD18: free (vg_replace_malloc.c:530)
      ==11896==    by 0xE8ABC1: my_free (my_malloc.c:216)
      ==11896==    by 0x59B118: String::free() (sql_string.h:267)
      ==11896==    by 0x59B085: String::~String() (sql_string.h:119)
      ==11896==    by 0x9CB8B4: Item_xml_str_func::fix_fields(THD*, Item**) (item_xmlfunc.cc:2637)
      ==11896==    by 0x5F928A: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, List<Item>*, bool) (sql_base.cc:7867)
      ==11896==    by 0x6873C8: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:795)
      ==11896==    by 0x690408: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3313)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==    by 0x65C714: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6569)
      ==11896==    by 0x64F0B6: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1296)
      ==11896==    by 0x64E3C5: do_command(THD*) (sql_parse.cc:999)
      ==11896==    by 0x774DF1: do_handle_one_connection(THD*) (sql_connect.cc:1377)
      ==11896==    by 0x774B4F: handle_one_connection (sql_connect.cc:1292)
      ==11896==  Block was alloc'd at
      ==11896==    at 0x4C2EB6B: malloc (vg_replace_malloc.c:299)
      ==11896==    by 0xE8A70E: my_malloc (my_malloc.c:100)
      ==11896==    by 0x6F3A16: String::real_alloc(unsigned int) (sql_string.cc:44)
      ==11896==    by 0x5A6EA8: String::alloc(unsigned int) (sql_string.h:277)
      ==11896==    by 0x8D2B27: Item_func_from_base64::val_str(String*) (item_strfunc.cc:536)
      ==11896==    by 0x9CB695: Item_xml_str_func::fix_fields(THD*, Item**) (item_xmlfunc.cc:2665)
      ==11896==    by 0x5F928A: setup_fields(THD*, Item**, List<Item>&, enum_mark_columns, List<Item>*, List<Item>*, bool) (sql_base.cc:7867)
      ==11896==    by 0x6873C8: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:795)
      ==11896==    by 0x690408: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3313)
      ==11896==    by 0x6865C3: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:365)
      ==11896==    by 0x659A9D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5293)
      ==11896==    by 0x651E39: mysql_execute_command(THD*) (sql_parse.cc:2553)
      ==11896==    by 0x65C714: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6569)
      ==11896==    by 0x64F0B6: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1296)
      ==11896==    by 0x64E3C5: do_command(THD*) (sql_parse.cc:999)
      ==11896==    by 0x774DF1: do_handle_one_connection(THD*) (sql_connect.cc:1377)
      ^ Found warnings in /home/bar/maria-git/server.10.0.concat/mysql-test/var/log/mysqld.1.err
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bar Alexander Barkov
                Reporter:
                bar Alexander Barkov
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: