[MDEV-5338] XML parser accepts malformed data Created: 2013-11-26  Updated: 2014-04-23  Resolved: 2014-04-23

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: 5.1.67, 5.3.12, 5.5.34, 10.0.6
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None


 Description   

The XML parser does not return errors when a closing tag does not
patch its opening tag.
The bug can be repeated with the ExtractValue() function:

mysql> select extractvalue('<a><b>xxx</c></a>','/a/b');
 
+------------------------------------------+
 
| extractvalue('<a><b>xxx</c></a>','/a/b') |
 
+------------------------------------------+
 
| xxx                                      |
 
+------------------------------------------+
 
1 row in set (0.00 sec)

Notice <b>...</c>.

The bug can also be repeated by using a malformed
the character set and collation definition file Index.xml.

<charsets>   
  <charset name="utf8">
 
    <collation name="utf8_5624_5_bad" id="369" shift-after-method="expand">
 
      <rules>
 
      <reset>a-a4</reset><p>xxx04</a>
 
      <reset>a-aa5</reset><p>xxx05</a>
 
      <reset>a-aaa6</reset><p>xxx06</a>
 
      <reset>a-aaaa7</reset><p>xxx07</a>
 
      <reset>a-aaaaa8</reset><p>xxx08</a>
 
      <reset>a-aaaaaa9</reset><p>xxx09</a>
 
      <reset>a-aaaaaa10</reset><p>xxx10</a>
 
      </rules>
 
    </collation>
 
    <collation name="utf8_maxuserid_ci" id="2047" version="4.0.0">
 
      <rules>   
        <reset>a</reset>
 
        <s>b</s>
 
      </rules>
 
    </collation>
 
  </charset>
 
</charsets>

Notice <p>..</a>. The file is read without any errors,
and the collation utf8_maxuserid_ci (which is following the
one with the bad definition) is available in the server.

 Comments   
Comment by Alexander Barkov [ 2014-04-23 ]

Pushed into 5.3 and 5.5

Generated at Thu Feb 08 07:03:31 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.