Problem: crash in Item_float constructor on DBUG_ASSERT due
to not null-terminated string parameter.
Fix: making Item_float::Item_float non-null-termintated parameter safe:
- Using temporary buffer when generating error
modified:
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
@ sql/item.cc
The problem is that XML functions(items) do not reset null_value
before their execution and further item excution may use
null_value value of the previous result.
The fix is to reset null_value.
Problem:
RelativeLocationPath can appear only after a node-set expression
in the third and the fourth branches of this rule:
PathExpr :: = LocationPath
| FilterExpr
| FilterExpr '/' RelativeLocationPath
| FilterExpr '//' RelativeLocationPath
XPatch code didn't check the type of FilterExpr and crashed.
Fix:
If FilterExpr is a scalar expression
(variable reference, literal, number, scalar function call)
return error.
Problem:
XML syntax parser allowed to use quoted strings as attribute names,
and tried to put them into parser state stack instead of identifiers.
After that parser failed, if quoted string contained some slash characters.
Fix:
- Disallowing quoted strings in regular tags.
- Allowing quoted string in DOCTYPE declararion, but
don't push it into parse state stack (just skip it).
Problem: even if an Item_xml_str_func successor returns NULL, it doesn't have
a corresponding property (maybe_null) set, that leads to a failed assertion.
Fix: set nullability property of Item_xml_str_func.
Problem: Memory overrun happened in attempts to generate
error messages (e.g. in case of incorrect XPath syntax).
Reason: set_if_bigger() was used instead of set_if_smaller().
Change: replacing wrong set_if_bigger() to set_if_smaller(),
and making minor additional code clean-ups.
Problem: when replacing the root element, UpdateXML
erroneously tried to mix old XML content with the
replacement string, which led to crash.
Fix: don't use the old XML content in these cases,
just return the replacement string.
Problem: "greater than" and "less than" XPath operators appeared to have been implemented in reverse.
Fix: swap arguments to eq_func() and eq_func_reverse() to provide correct operation result.
fragment is not well-formed xml
Problem:
- ExtractValue silently returned NULL if a wrong XML value is passed.
- In some cases "unexpected END-OF-INPUT" error was not detected, and
a non-NULL result could be returned for a bad XML value.
Fix:
- Adding warning messages, to make user aware why NULL was returned.
- Missing "unexpected END-OF-INPUT" error is reported now.
Problem source:
Qualified names (aka QName) didn't work as tag names and attribute names,
because the parser lacked a real rule to scan QName, so it understood
only non-qualified names without prefixes.
Solution:
New rule was added to check both "ident" and "ident:ident" sequences.
ExtractValue didn't understand tag and attribute names
consisting of "tricky" national letters (e.g. latin accenter letters).
It happened because XPath lex parser recognized only basic
latin letter a..z ad a part of an identifier.
Fixed to recognize all letters by means of new "full ctype" which
was added recently.
XPath without a XPath syntax error
item_xmlfunc.cc:
Error message didn't happen because after
a failing attempt to parse RelativeLocationPath,
my_xpath_parse_AbsoluteLocationPath() returned success.
Changeing logic a bit:
- Try to parse EOF first, return success if true.
- Then try to parse RelativeLocationPath(), return success if true.
- Otherwise return failure.
xml.result:
Adding test case.
Also, this change made it possible to generate
an error message earlier in the case of another
bad XPATH syntax.
xml.test:
Adding test case.
Adding test.
item_xmlfunc.cc:
Bug #18171 XML: ExtractValue: the XPath position() function crashes the server!
Disallowing use of position() and last() without context.
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
- adding "size" member into MY_XPATH_FLT struct,
to pass parent's context size when iterating
in a predicate. Previously, temporaty context
size was calculated instead, which is always 1.
As a result, things like last() and count()
didn't work fine.
- adding iteration into Item_func_xpath_elementbyindex:
similar to Item_func_xpath_predicate.
This is to make things like last() and count()
work inside square brackets.
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
Fixed that Item_nodeset_func derived classes
didn't take into account charset of the XML value
and always worked using "binary" charset.
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
Adding a special function to handle "self" axis.
Previously "child" and "self" were handled the same.
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
Fixed that the "!" character written at the end was ignored.
Now if we try to scan "!=", and if "!" is not
followed by "=", we rollback lex scanner back
to "!" token, so the parser will start to check
the next rule from the "!" character again.
Previously parser started from the next character,
which was EOF in the example in xml.test,
which led to query being successfully parsed,
instead of producing a syntax error.
Also fixes 16314: XML: extractvalue() crash if vertical bar
xml.result, xml.test:
Adding test case
item_xmlfunc.cc:
Using root element as a context node,
instead of NULL, with relative paths.
libmysqld/Makefile.am:
sql/Makefile.am:
Adding new source files.
Adding new file into build process.
include/my_xml.h:
strings/xml.c:
Adding new XML parse flags to skip text normalization and
to use relative tag names. Adding enum for XML token types.
sql/lex.h:
Making parser aware of new SQL functions.
sqll/item_create.h, sql/item_create.cc:
Adding creators for ExtractValue and UpdateXML.
sql/item.h:
Adding new Item types: nodeset and nodeset comparator.
sql/item_xmlfunc.h
sql/item_xmlfunc.cc
Adding new classes implementing XPath functions.
mysql-test/t/xml.test, mysql-test/r/xml.result:
New files: adding test case
