Bug #18171 XML: ExtractValue: the XPath position() function crashes the server!
Submitted: 12 Mar 2006 21:11 Modified: 15 Mar 2006 15:21
Reporter: Roland Bouman Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: XML functions Severity:S1 (Critical)
Version:5.1.7/5.1.8 BK OS:Windows (win xp pro/Suse Linux)
Assigned to: Alexander Barkov CPU Architecture:Any
Tags: ExtractValue

[12 Mar 2006 21:11] Roland Bouman
Description:
Requesting the position() function in the XPath argument to ExtractValue() crashes the server

How to repeat:
mysql> select extractValue('<e>1</e>','position()');
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>

Suggested fix:
I'm not really sure what the position() should return in this context - I guess 1 if there is at least one element and 0 if not. Anyway it should not crash the server.
[12 Mar 2006 21:16] Roland Bouman
just updated the title
[13 Mar 2006 0:02] MySQL Verification Team
Thank you for the bug report. I was able to repeat on Linux with current
source server:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.1.8-beta-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select extractValue('<e>1</e>','position()');
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 

[New Thread 1099586480 (LWP 5718)]
030304 12:09:27 [Note] /home/miguel/dbs/5.1/libexec/mysqld: ready for connections.
Version: '5.1.8-beta-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1119861680 (LWP 5720)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1119861680 (LWP 5720)]
0x08185f57 in Item_func (this=0x9235a98, a=0x0) at item_func.h:73
73          with_sum_func= a->with_sum_func;
(gdb)
[15 Mar 2006 8:05] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3849
[15 Mar 2006 9:58] Sergei Glukhov
ok to push
[15 Mar 2006 11:17] Alexander Barkov
Pushed into 5.1.8
[15 Mar 2006 15:21] Jon Stephens
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented bugfix in 5.1.8 changelog. Closed.