[MDEV-5689] ExtractValue(xml, 'substring(/x,/y)') crashes - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.3.12, 5.5.33a, 10.0.6
Fix Version/s: 10.0.10
Component/s: None
Labels:
None

Description

This query crashes the server:

SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,..)');

Notice '..' in the 'position' argument to XPath substring() function,
which obviously goes above the root XML element.

If I change the position argument to something inside the XML tree,
it works fine:

mysql> SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)');

+--------------------------------------------------------------------------+

| ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)') |

+--------------------------------------------------------------------------+

| bc                                                                       |

+--------------------------------------------------------------------------+

1 row in set (0.00 sec)

Attachments

Issue Links

relates to

MDEV-5652 5.5.36 merge

Closed

MDEV-5709 ExtractValue() with XPath variable references returns wrong result

Closed

Activity

Ascending order - Click to sort in descending order

Alexander Barkov created issue - 2014-02-17 10:43

Alexander Barkov made changes - 2014-02-17 10:43

Field	Original Value	New Value
Description	This query crashes the server: {code} SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,..)'); {code} Notice '..' in the 'position' argument to XPath's substring() function, which obviously goes outside of the root XML element. If I change the position argument to something inside the XML tree, it works fine: {code} mysql> SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)'); +--------------------------------------------------------------------------+ \| ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)') \| +--------------------------------------------------------------------------+ \| bc \| +--------------------------------------------------------------------------+ 1 row in set (0.00 sec) {code}	This query crashes the server: {code} SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,..)'); {code} Notice '..' in the 'position' argument to XPath substring() function, which obviously goes outside of the root XML element. If I change the position argument to something inside the XML tree, it works fine: {code} mysql> SELECT ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)'); +--------------------------------------------------------------------------+ \| ExtractValue('<a><b>abc</b><c>2</c><d>1</d></a>','substring(/a/b,/a/c)') \| +--------------------------------------------------------------------------+ \| bc \| +--------------------------------------------------------------------------+ 1 row in set (0.00 sec) {code}

Alexander Barkov made changes - 2014-02-17 10:44

Description

This query crashes the server:
{code}
SELECT ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,..)');
{code}

Notice '..' in the 'position' argument to XPath substring() function,
which obviously goes outside of the root XML element.

If I change the position argument to something inside the XML tree,
it works fine:

{code}
mysql> SELECT ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,/a/c)');
+--------------------------------------------------------------------------+
| ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,/a/c)') |
+--------------------------------------------------------------------------+
| bc |
+--------------------------------------------------------------------------+
1 row in set (0.00 sec)
{code}

This query crashes the server:
{code}
SELECT ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,..)');
{code}

Notice '..' in the 'position' argument to XPath substring() function,
which obviously goes above the root XML element.

If I change the position argument to something inside the XML tree,
it works fine:

{code}
mysql> SELECT ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,/a/c)');
+--------------------------------------------------------------------------+
| ExtractValue('<a>abc<c>2</c><d>1</d></a>','substring(/a/b,/a/c)') |
+--------------------------------------------------------------------------+
| bc |
+--------------------------------------------------------------------------+
1 row in set (0.00 sec)
{code}

Sergei Golubchik made changes - 2014-02-17 11:55

Fix Version/s		10.0.9 [ 14400 ]
Fix Version/s		5.5.36 [ 14600 ]

Sergei Golubchik made changes - 2014-02-17 11:55

Link

This issue relates to ~~MDEV-5652~~ [ ~~MDEV-5652~~ ]

Sergei Golubchik made changes - 2014-02-24 21:51

Fix Version/s		5.5.37 [ 15000 ]
Fix Version/s	5.5.36 [ 14600 ]

Sergei Golubchik made changes - 2014-02-25 12:05

Fix Version/s		10.0.10 [ 14500 ]
Fix Version/s	10.0.9 [ 14400 ]

Sergei Golubchik made changes - 2014-03-18 11:03

Assignee

Alexander Barkov [ bar ]

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2014-03-18 19:46

Fix Version/s

5.5.37 [ 15000 ]

Sergei Golubchik added a comment - 2014-03-18 19:46

5.5 crash is already fixed, so this patch is considered for 10.0 only

Sergei Golubchik added a comment - 2014-03-18 19:46 5.5 crash is already fixed, so this patch is considered for 10.0 only

Sergei Golubchik made changes - 2014-03-18 19:54

Status

Open [ 1 ]

In Progress [ 3 ]

Sergei Golubchik made changes - 2014-03-18 19:56

Link

This issue relates to ~~MDEV-5709~~ [ ~~MDEV-5709~~ ]

Sergei Golubchik made changes - 2014-03-18 22:04

Assignee

Sergei Golubchik [ serg ]

Alexander Barkov [ bar ]

Sergei Golubchik made changes - 2014-03-18 22:04

Assignee

Alexander Barkov [ bar ]

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2014-03-18 22:04

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Sergei Golubchik made changes - 2014-03-18 22:04

Assignee

Sergei Golubchik [ serg ]

Alexander Barkov [ bar ]

Alexander Barkov added a comment - 2014-03-23 13:23

Pushed into 10.0

Alexander Barkov added a comment - 2014-03-23 13:23 Pushed into 10.0

Alexander Barkov made changes - 2014-03-23 13:23

Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2014-06-13 15:06

Workflow

defaullt [ 34734 ]

MariaDB v2 [ 43070 ]

Rasmus Johansson (Inactive) made changes - 2015-05-18 17:50

Workflow

MariaDB v2 [ 43070 ]

MariaDB v3 [ 62115 ]

Sergei Golubchik made changes - 2021-12-06 21:39

Workflow

MariaDB v3 [ 62115 ]

MariaDB v4 [ 147519 ]

People

Assignee:: Alexander Barkov

Reporter:: Alexander Barkov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2014-02-17 10:43

Updated:: 2014-03-23 13:23

Resolved:: 2014-03-23 13:23

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration