Fix for BUG#15948580 UPDATE_XML() CRASHES THE SERVER.

Problem: tag's buffer overflow leads to a problem.
Fix: bound check added.


sql/item_xmlfunc.cc:
  Fix for BUG#15948580 UPDATE_XML() CRASHES THE SERVER.
  
    - XML tag/attribute level shouldn't exceed MAX_LEVEL as we use a
  static buffer to store them in the MY_XML_USER_DATA.

sql/item_xmlfunc.cc

@@ -2669,8 +2669,12 @@ int xml_enter(MY_XML_PARSER *st,const char *attr, size_t len)
 
   node.parent= data->parent; // Set parent for the new node to old parent
   data->parent= numnodes;    // Remember current node as new parent
+  DBUG_ASSERT(data->level <= MAX_LEVEL);
   data->pos[data->level]= numnodes;
-  node.level= data->level++;
+  if (data->level < MAX_LEVEL)
+    node.level= data->level++;
+  else
+    return MY_XML_ERROR;
   node.type= st->current_node_type; // TAG or ATTR
   node.beg= attr;
   node.end= attr + len;