Item_xml_str_func::fix_fields() used a local "String tmp" as a buffer
for args[1]->val_str(). "tmp" was freed at the end of fix_fields(),
while Items created during my_xpath_parse() still pointed to its fragments.
Adding a new member Item_xml_str_func::m_xpath_query and store the result
of args[1]->val_str() into it.
find_type_or_exit() client helper did exit(1) on error, exit(1) moved to
clients.
mysql_read_default_options() did exit(1) on error, error is passed through and
handled now.
my_str_malloc_default() did exit(1) on error, replaced my_str_ allocator
functions with normal my_malloc()/my_realloc()/my_free().
sql_connect.cc did many exit(1) on hash initialisation failure. Removed error
check since my_hash_init() never fails.
my_malloc() did exit(1) on error. Replaced with abort().
my_load_defaults() did exit(1) on error, replaced with return 2.
my_load_defaults() still does exit(0) when invoked with --print-defaults.
- MDEV-5689 ExtractValue(xml, 'substring(/x,/y)') crashes
- MDEV-5709 ExtractValue() with XPath variable references returns wrong result.
Description:
1. The main problem was that that nodeset_func->fix_fields() was
called in Item_func_xml_extractvalue::val_str() and
Item_func_xml_update::val_str(), which led in some cases to
execution of the XPath engine *before* having a parsed XML value.
Moved to Item_xml_str_func::fix_fields().
2. Cleanup: added a new method Item_xml_str_func::fix_fields() and moved
most of the code from Item_xml_str_func::fix_length_and_dec()
to Item_xml_str_func::fix_fields(), to follow the usual Item layout.
3. Cleanup: a parsed XML value is useless without the raw XML value
it was built from.
Previously the parsed and the raw values where stored in separate String
instances. It was hard to follow how they are synchronized.
Added a helper class XML which contains both parsed and raw values.
Makes things easier to read and modify.
4. MDEV-5709: const_item() could incorrectly return a "true"
result when XPath expression contains users/SP variable references.
Now nodeset_func->const_item() is also taken into account to
catch such cases.
5. Minor code enhancements.
The XPATH implementation was not handling correctly the XPATH
production #19
(http://www.w3.org/TR/1999/REC-xpath-19991116/#node-sets),
namely
PathExpr ::= | FilterExpr '/' RelativeLocationPath
| FilterExpr '//' RelativeLocationPath
It was lacking context for the RelativeLocationPath and it was just
ignoring the second slash instead of treating it as a different axis
specifier.
Fixed the above two problems and added a test case.
Problem: a byte behind the end of input string was read
in case of a broken XML not having a quote or doublequote
character closing a string value.
Fix: changing condition not to read behind the end of input string
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
Adding tests
@ strings/xml.c
When checking if the closing quote/doublequote was found,
using p->cur[0] us unsafe, as p->cur can point to the byte after the value.
Comparing p->cur to p->beg instead.
Problem: the scanner function tested for strings "<![CDATA[" and
"-->" without checking input string boundaries, which led to valgrind's
"Conditional jump or move depends on uninitialised value(s)" error.
Fix: Adding boundary checking.
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
Adding test
@ strings/xml.c
Adding a helper function my_xml_parser_prefix_cmp(),
with input string boundary check.
Problem:
nr_of_decimals could read behind the end of the buffer
in case of a non-null-terminated string, which caused
valgring warnings.
Fix:
fixing nr_of_decimals not to read behind the "end" pointer.
modified:
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
@ sql/item.cc
Problem: crash in Item_float constructor on DBUG_ASSERT due
to not null-terminated string parameter.
Fix: making Item_float::Item_float non-null-termintated parameter safe:
- Using temporary buffer when generating error
modified:
@ mysql-test/r/xml.result
@ mysql-test/t/xml.test
@ sql/item.cc
Bug#57820 extractvalue crashes
Problem: ExtractValue and Replace crashed in some cases
due to invalid handling of empty and NULL arguments.
Per file comments:
@mysql-test/r/ctype_ujis.result
@mysql-test/r/xml.result
@mysql-test/t/ctype_ujis.test
@mysql-test/t/xml.test
Adding tests
@sql/item_strfunc.cc
Make sure Item_func_replace::val_str safely handles empty strings.
@sql/item_xmlfunc.cc
set null_value if nodeset_func returned NULL,
which is possible when the second argument is an
unset user variable.
The problem is that XML functions(items) do not reset null_value
before their execution and further item excution may use
null_value value of the previous result.
The fix is to reset null_value.
mysql-test/r/xml.result:
test result
mysql-test/t/xml.test:
test case
sql/item_xmlfunc.cc:
The problem is that XML functions(items) do not reset null_value
before their execution and further item excution may use
null_value value of the previous result.
The fix is to reset null_value.
Problem:
RelativeLocationPath can appear only after a node-set expression
in the third and the fourth branches of this rule:
PathExpr :: = LocationPath
| FilterExpr
| FilterExpr '/' RelativeLocationPath
| FilterExpr '//' RelativeLocationPath
XPatch code didn't check the type of FilterExpr and crashed.
Fix:
If FilterExpr is a scalar expression
(variable reference, literal, number, scalar function call)
return error.
mysql-test/r/xml.result:
test result
mysql-test/t/xml.test:
test case
sql/item_xmlfunc.cc:
Problem:
RelativeLocationPath can appear only after a node-set expression
in the third and the fourth branches of this rule:
PathExpr :: = LocationPath
| FilterExpr
| FilterExpr '/' RelativeLocationPath
| FilterExpr '//' RelativeLocationPath
XPatch code didn't check the type of FilterExpr and crashed.
Fix:
If FilterExpr is a scalar expression
(variable reference, literal, number, scalar function call)
return error.
Problem:
XML syntax parser allowed to use quoted strings as attribute names,
and tried to put them into parser state stack instead of identifiers.
After that parser failed, if quoted string contained some slash characters.
Fix:
- Disallowing quoted strings in regular tags.
- Allowing quoted string in DOCTYPE declararion, but
don't push it into parse state stack (just skip it).
Problem: even if an Item_xml_str_func successor returns NULL, it doesn't have
a corresponding property (maybe_null) set, that leads to a failed assertion.
Fix: set nullability property of Item_xml_str_func.
mysql-test/r/xml.result:
Fix for bug #32557: order by updatexml causes assertion in filesort
- test result.
mysql-test/t/xml.test:
Fix for bug #32557: order by updatexml causes assertion in filesort
- test case.
sql/item_xmlfunc.h:
Fix for bug #32557: order by updatexml causes assertion in filesort
- set Item_xml_str_func::maybe_null.
Problem: check missed if the second updatexml() argument is valid.
Fix: check it.
mysql-test/r/xml.result:
Fix for bug #31438: updatexml still crashes
- test result.
mysql-test/t/xml.test:
Fix for bug #31438: updatexml still crashes
- test case.
sql/item_xmlfunc.cc:
Fix for bug #31438: updatexml still crashes
- check if the second argument passed to the updatexml() is valid.
Problem: Memory overrun happened in attempts to generate
error messages (e.g. in case of incorrect XPath syntax).
Reason: set_if_bigger() was used instead of set_if_smaller().
Change: replacing wrong set_if_bigger() to set_if_smaller(),
and making minor additional code clean-ups.
mysql-test/r/xml.result:
Adding test cases for all pieces of code with
set_if_smaller() followed by my_printf_error().
mysql-test/t/xml.test:
Adding test cases for all pieces of code with
set_if_smaller() followed by my_printf_error().
sql/item_xmlfunc.cc:
- fixing incorrect set_if_bigger to set_if_smaller in two places
- getting read of unnesessary "char context[32]" variable and
using '%.*s' instead if '%s' in the error format.
Problem: XPath variables didn't work.
Fix: adding variables support,
both user-defined and sp local variables are now supported by XPath.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Adding variables support:
- SP variables with standard XPath syntax: $i
- User variables with non-standard syntax: $@i
Problem: when replacing the root element, UpdateXML
erroneously tried to mix old XML content with the
replacement string, which led to crash.
Fix: don't use the old XML content in these cases,
just return the replacement string.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Adding special code to handle replacements of the root element -
the replacing content is just copied to the result,
the previous content of the XML value is removed.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Bug#24747 XPath error with the node name "Text"
Problem: keywords, nodetype names and axis names
didn't work in node name context.
Fix:
1. Changes in lexem scanner behaviour when an identifier has been read:
- search through axis names and return MY_XPATH_AXIS_xxx only
when identifier is followed by two semicolons. Don't check axis
names and return MY_XPATH_IDENT of not followed by two semicolons.
- search through nodetype names and return MY_XPATH_LEX_NODETYPE
only when identifier is followed by left parenthesis.
Don't check nodetype names and return MY_XPATH_LEX_IDENT when
not followed by parenthesis
2. Change in syntax analizer: QName scanner now accepts keywords
AND, OR, MOD, DIV as valid node names.
Problem: "greater than" and "less than" XPath operators appeared to have been implemented in reverse.
Fix: swap arguments to eq_func() and eq_func_reverse() to provide correct operation result.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Pass argumemtns to eq_func() and eq_func_reverse() in correct order:
nodeset argument first, then scalar argument.
Also, fixing eq_func_reverse() to do correct conversion, e.g:
"scalar > nodeset" into "nodeset < scalar" instead of wrong "nodeset <= scalar"
"scalar >= nodeset" into "nodeset <= scalar" instead of wrong "nodeset < scalar".
mysql-test/r/xml.result:
- Adding test case
- Fixing error message
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
For grammar rules with loops like:
AdditiveExpr ::= MultiplicativeExpr ('+' MultiplicativeExpr)*
If we scanned scanned '+' and then met an error when parsing
MultiplicativeExpr, then we should fully stop parsing - without
trying to apply any other rules.
Fix: add "error" member into MY_XPATH structure,
and make my_xpath_parse_term() never return success
as soon as error set.
strings/xml.c:
Adding my_xml_ctype map for flags, indicating
whether a character is a space character, is a
valid identifier start character, is a valid
identifier body character. Using this map to
properly scan identifiers. Also, using this map
to scan spaces faster (instead of strchr).
Dot character was not considered as a valid identifier body character.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Treat dot character as a valid identifier body part.
strings/ctype.c:
Fixing to use '/' instead of '.' as a delimiter in charset file parser.
strings/xml.c:
Fixing to use '/' instead of '.' as a delimiter.
into mysql.com:/usr/home/bar/mysql-5.1-new.b18170
mysql-test/r/xml.result:
Auto merged
mysql-test/t/xml.test:
Auto merged
sql/item_xmlfunc.cc:
Auto merged
into mysql.com:/usr/home/bar/mysql-5.1-new.b18201
mysql-test/r/xml.result:
Auto merged
mysql-test/t/xml.test:
Auto merged
sql/item_xmlfunc.cc:
Auto merged
fragment is not well-formed xml
Problem:
- ExtractValue silently returned NULL if a wrong XML value is passed.
- In some cases "unexpected END-OF-INPUT" error was not detected, and
a non-NULL result could be returned for a bad XML value.
Fix:
- Adding warning messages, to make user aware why NULL was returned.
- Missing "unexpected END-OF-INPUT" error is reported now.
mysql-test/r/xml.result:
- Fixing XML systax error in old test
- Adding test cases.
mysql-test/t/xml.test:
- Fixing XML systax error in old test
- Adding test cases.
sql/item_xmlfunc.cc:
Produce warning in case of XML systax error,
instead of silentrly returning NULL.
strings/xml.c:
- Making error messages better looking and clearer:
It is important because now they're seen in SHOW WARNINGS
(previously they were used only for debugging purposes).
- Adding "unexpected END-OF-INPUT" error if after scanning
closing tag for the root element some input is left
(previously this error was ignored in a mistake).
Problem source:
Qualified names (aka QName) didn't work as tag names and attribute names,
because the parser lacked a real rule to scan QName, so it understood
only non-qualified names without prefixes.
Solution:
New rule was added to check both "ident" and "ident:ident" sequences.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Adding real QName parser rule and using it in NodeTest rule.
into mysql.com:/usr/home/bar/mysql-5.1-new.b16319
mysql-test/r/xml.result:
Auto merged
mysql-test/t/xml.test:
Auto merged
sql/item_xmlfunc.cc:
Auto merged
ExtractValue didn't understand tag and attribute names
consisting of "tricky" national letters (e.g. latin accenter letters).
It happened because XPath lex parser recognized only basic
latin letter a..z ad a part of an identifier.
Fixed to recognize all letters by means of new "full ctype" which
was added recently.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Using recently implemented "true" ctype functionality
to treat all national letters as valid tag names,
Only basic latin letters worked so far.
strings/ctype-simple.c:
A bug fix: ctype is array of 257 elements,
adding offset to address correct element.
mysql-test/r/xml.result:
Adding test case
mysql-test/t/xml.test:
Adding test case
sql/item_xmlfunc.cc:
Adding support for missing XPath function string-length().
Fixing function lookup to allow functions with one optional arguments
(i.e. with 0 or 1 arguments)
XPath without a XPath syntax error
item_xmlfunc.cc:
Error message didn't happen because after
a failing attempt to parse RelativeLocationPath,
my_xpath_parse_AbsoluteLocationPath() returned success.
Changeing logic a bit:
- Try to parse EOF first, return success if true.
- Then try to parse RelativeLocationPath(), return success if true.
- Otherwise return failure.
xml.result:
Adding test case.
Also, this change made it possible to generate
an error message earlier in the case of another
bad XPATH syntax.
xml.test:
Adding test case.
sql/item_xmlfunc.cc:
Bug #18172 XML: Extractvalue() accepts mallformed XPath without a XPath syntax error
Error message didn't happen because after
a failing attempt to parse RelativeLocationPath(),
my_xpath_parse_AbsoluteLocationPath() returned with 1.
Changeing logic a bit: check for EOF first.
Then try to parse RelativeLocationPath().
If the latter fails, return failure.
mysql-test/t/xml.test:
Adding test case.
mysql-test/r/xml.result:
Adding test case.
Also, this change makes error message
to be generated earlier in the case of another
bad XPATH syntax.
Adding test.
item_xmlfunc.cc:
Bug #18171 XML: ExtractValue: the XPath position() function crashes the server!
Disallowing use of position() and last() without context.
sql/item_xmlfunc.cc:
Bug #18171 XML: ExtractValue: the XPath position() function crashes the server!
Disallowing use of position() and last() without context.
mysql-test/t/xml.test:
Adding test.
mysql-test/r/xml.result:
Adding test.
into mysql.com:/usr/home/bar/mysql-5.1-new.b16318
sql/item_xmlfunc.cc:
Auto merged
mysql-test/r/xml.result:
After merge fix
mysql-test/t/xml.test:
After merge fix
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
- adding "size" member into MY_XPATH_FLT struct,
to pass parent's context size when iterating
in a predicate. Previously, temporaty context
size was calculated instead, which is always 1.
As a result, things like last() and count()
didn't work fine.
- adding iteration into Item_func_xpath_elementbyindex:
similar to Item_func_xpath_predicate.
This is to make things like last() and count()
work inside square brackets.
sql/item_xmlfunc.cc:
Bug#16318: XML: extractvalue() incorrectly returns last() = 1
- adding "size" member into MY_XPATH_FLT struct,
to pass parent's context size when iterating
in a predicate. Previously, temporaty context
size was calculated instead, which is always 1.
As a result, things like last() and count()
didn't work fine.
- adding iteration into Item_func_xpath_elementbyindex:
similar to Item_func_xpath_predicate.
This is to make things like last() and count()
work inside square brackets.
mysql-test/t/xml.test:
Adding test case.
mysql-test/r/xml.result:
Adding test case.
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
Fixed that Item_nodeset_func derived classes
didn't take into account charset of the XML value
and always worked using "binary" charset.
sql/item_xmlfunc.cc:
Bug#16316: XML: extractvalue() is case-sensitive with contains()
Fixed that Item_nodeset_func derived classes
didn't take into account charset of the XML value
and always worked using "binary" charset.
mysql-test/t/xml.test:
Adding test case.
mysql-test/r/xml.result:
Adding test case.
into mysql.com:/usr/home/bar/mysql-5.1-new.16315
sql/item_xmlfunc.cc:
Auto merged
mysql-test/r/xml.result:
After merge fix
mysql-test/t/xml.test:
After merge fix
xml.result, xml.test:
Adding test case.
item_xmlfunc.cc:
Adding a special function to handle "self" axis.
Previously "child" and "self" were handled the same.
sql/item_xmlfunc.cc:
Bug#16315 XML: extractvalue() handles self badly
Adding a special function to handle "self" axis.
Previously "child" and "self" were handled the same.
mysql-test/t/xml.test:
Adding test case.
mysql-test/r/xml.result:
Adding test case.