[MDEV-12696] Crash with LOAD XML and non-updatable VIEW column Created: 2017-05-05  Updated: 2017-05-09  Resolved: 2017-05-05

Status: Closed
Project: MariaDB Server
Component/s: OTHER
Affects Version/s: 10.1, 10.2, 10.3
Fix Version/s: 10.2.6

Type: Bug Priority: Major
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: load_data


 Description   

I dump some data into an XML file:

mysql --xml -e "SELECT 'test' AS c1" >/tmp/dump.xml

Now I create table and a view with a non-updatable column:

CREATE OR REPLACE TABLE t1 (c1 TEXT);
 
CREATE OR REPLACE VIEW v1 AS SELECT CONCAT(c1,'') AS c1 FROM t1;

And try to load data into it:

LOAD XML INFILE '/tmp/dump.xml' INTO TABLE v1 (c1);

The server crashed, either immediately, or on the next query.

The crash happens because read_xml_field casts item to Item_user_var_as_out_param without checking for proper Item type, in these two places:

        else
 
          ((Item_user_var_as_out_param *) item)->set_null_value(cs);
 
...
 
      else
 
        ((Item_user_var_as_out_param *) item)->set_value(
 
                                                 (char *) tag->value.ptr(), 
                                                 tag->value.length(), cs);


Generated at Thu Feb 08 07:59:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.