mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-29188 Crash in JSON_EXTRACT

Browse source 
If we have null_value set then decimal/string value/result shoud be 0 pointer.
This commit is contained in:
Oleksandr Byelkin 2022-07-28 16:17:03 +02:00
parent 4b77d38c26
commit cbcc0101ee
4 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
mysql-test/main/func_json.result
View file

@ -1005,5 +1005,16 @@ JSON_VALID('{"admin\\"": null}') {"admin\"": null}
1 {"\"admin": null} 1 {"\"admin": null}
1 {"\"": null} 1 {"\"": null}
# #
# MDEV-29188: Crash in JSON_EXTRACT
#
CREATE TABLE t1 (j JSON);
INSERT INTO t1 VALUES
('{"ID": "4", "Name": "Betty", "Age": 19}'),
('[10, 20, [30, 40]]');
SELECT * FROM t1 WHERE JSON_EXTRACT(j, '$.Age')=19;
j
{"ID": "4", "Name": "Betty", "Age": 19}
drop table t1;
#
# End of 10.3 tests # End of 10.3 tests
# #

14
mysql-test/main/func_json.test
View file

@ -613,6 +613,20 @@ SELECT JSON_VALID('{"admin\\"": null}'), '{"admin\\"": null}'
UNION UNION
SELECT JSON_VALID('{"\\"": null}'), '{"\\"": null}'; SELECT JSON_VALID('{"\\"": null}'), '{"\\"": null}';
--echo #
--echo # MDEV-29188: Crash in JSON_EXTRACT
--echo #
CREATE TABLE t1 (j JSON);
INSERT INTO t1 VALUES
('{"ID": "4", "Name": "Betty", "Age": 19}'),
('[10, 20, [30, 40]]');
SELECT * FROM t1 WHERE JSON_EXTRACT(j, '$.Age')=19;
drop table t1;
--echo # --echo #
--echo # End of 10.3 tests --echo # End of 10.3 tests
--echo # --echo #

4
sql/item_cmpfunc.cc
View file

@ -795,7 +795,9 @@ int Arg_comparator::compare_e_string()
{ {
String *res1,*res2; String *res1,*res2;
res1= (*a)->val_str(&value1); res1= (*a)->val_str(&value1);
DBUG_ASSERT((res1 == NULL) == (*a)->null_value);
res2= (*b)->val_str(&value2); res2= (*b)->val_str(&value2);
DBUG_ASSERT((res2 == NULL) == (*b)->null_value);
if (!res1 || !res2) if (!res1 || !res2)
return MY_TEST(res1 == res2); return MY_TEST(res1 == res2);
return MY_TEST(sortcmp(res1, res2, compare_collation()) == 0); return MY_TEST(sortcmp(res1, res2, compare_collation()) == 0);
@ -832,10 +834,12 @@ int Arg_comparator::compare_decimal()
{ {
my_decimal decimal1; my_decimal decimal1;
my_decimal *val1= (*a)->val_decimal(&decimal1); my_decimal *val1= (*a)->val_decimal(&decimal1);
DBUG_ASSERT((val1 == NULL) == (*a)->null_value);
if (!(*a)->null_value) if (!(*a)->null_value)
{ {
my_decimal decimal2; my_decimal decimal2;
my_decimal *val2= (*b)->val_decimal(&decimal2); my_decimal *val2= (*b)->val_decimal(&decimal2);
DBUG_ASSERT((val2 == NULL) == (*b)->null_value);
if (!(*b)->null_value) if (!(*b)->null_value)
{ {
if (set_null) if (set_null)

8
sql/item_jsonfunc.cc
View file

@ -1109,12 +1109,14 @@ my_decimal *Item_func_json_extract::val_decimal(my_decimal *to)
case JSON_VALUE_OBJECT: case JSON_VALUE_OBJECT:
case JSON_VALUE_ARRAY: case JSON_VALUE_ARRAY:
case JSON_VALUE_FALSE: case JSON_VALUE_FALSE:
// TODO: fix: NULL should be NULL
case JSON_VALUE_NULL: case JSON_VALUE_NULL:
break; int2my_decimal(E_DEC_FATAL_ERROR, 0, false/*unsigned_flag*/, to);
return to;
}; };
} }
int2my_decimal(E_DEC_FATAL_ERROR, 0, false/*unsigned_flag*/, to); DBUG_ASSERT(null_value);
return to; return 0;
} }