Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11441

Server crashes in String::append / Item_func_json_extract::val_str

    XMLWordPrintable

    Details

      Description

      CREATE TABLE t(j TEXT);
       
      INSERT INTO t VALUES
      (JSON_OBJECT('foo', 'foobar')),
      (JSON_OBJECT('bar', 'foobar'));
       
      SELECT JSON_EXTRACT(j,'$') AS je FROM t;
      

      10.2 6a10681266

      #4  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
      #5  0x00007f1552c1c0e5 in String::append (this=0x7f1553c8b4f0, s=0x7f154745248c "{\"bar\": \"foobar\"}", '\245' <repeats 83 times>, "h4z\025", arg_length=1195468288) at /data/src/10.2/sql/sql_string.cc:468
      #6  0x00007f1552fa4134 in Item_func_json_extract::val_str (this=0x7f1547464338, str=0x7f1553c8b4f0) at /data/src/10.2/sql/item_jsonfunc.cc:520
      #7  0x00007f1552df3473 in Item::send (this=0x7f1547464338, protocol=0x7f1547416600, buffer=0x7f1553c8b4f0) at /data/src/10.2/sql/item.cc:6735
      #8  0x00007f1552aa2178 in Protocol::send_result_set_row (this=0x7f1547416600, row_items=0x7f154741a3a8) at /data/src/10.2/sql/protocol.cc:979
      #9  0x00007f1552b20e50 in select_send::send_data (this=0x7f1547464b68, items=...) at /data/src/10.2/sql/sql_class.cc:2915
      #10 0x00007f1552bd69cf in end_send (join=0x7f1547464b88, join_tab=0x7f15474663c0, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:19525
      #11 0x00007f1552bd44f7 in evaluate_join_record (join=0x7f1547464b88, join_tab=0x7f1547466010, error=0) at /data/src/10.2/sql/sql_select.cc:18578
      #12 0x00007f1552bd3f8d in sub_select (join=0x7f1547464b88, join_tab=0x7f1547466010, end_of_records=false) at /data/src/10.2/sql/sql_select.cc:18392
      #13 0x00007f1552bd33b7 in do_select (join=0x7f1547464b88, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:17897
      #14 0x00007f1552bae3a0 in JOIN::exec_inner (this=0x7f1547464b88) at /data/src/10.2/sql/sql_select.cc:3387
      #15 0x00007f1552bad8ea in JOIN::exec (this=0x7f1547464b88) at /data/src/10.2/sql/sql_select.cc:3198
      #16 0x00007f1552baea41 in mysql_select (thd=0x7f1547416070, tables=0x7f1547464480, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1547464b68, unit=0x7f1547419b48, select_lex=0x7f154741a280) at /data/src/10.2/sql/sql_select.cc:3583
      #17 0x00007f1552ba3b25 in handle_select (thd=0x7f1547416070, lex=0x7f1547419a80, result=0x7f1547464b68, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:373
      #18 0x00007f1552b7046f in execute_sqlcom_select (thd=0x7f1547416070, all_tables=0x7f1547464480) at /data/src/10.2/sql/sql_parse.cc:6356
      #19 0x00007f1552b65f2a in mysql_execute_command (thd=0x7f1547416070) at /data/src/10.2/sql/sql_parse.cc:3379
      #20 0x00007f1552b73e2e in mysql_parse (thd=0x7f1547416070, rawbuf=0x7f1547464088 "SELECT JSON_EXTRACT(j,'$') AS je FROM t", length=39, parser_state=0x7f1553c8cdd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7799
      #21 0x00007f1552b61b7e in dispatch_command (command=COM_QUERY, thd=0x7f1547416070, packet=0x7f1547458071 "", packet_length=39, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1808
      #22 0x00007f1552b60558 in do_command (thd=0x7f1547416070) at /data/src/10.2/sql/sql_parse.cc:1368
      #23 0x00007f1552ca7a26 in do_handle_one_connection (connect=0x7f154f871410) at /data/src/10.2/sql/sql_connect.cc:1354
      #24 0x00007f1552ca77b3 in handle_one_connection (arg=0x7f154f871410) at /data/src/10.2/sql/sql_connect.cc:1260
      #25 0x00007f1552fe25e4 in pfs_spawn_thread (arg=0x7f154f80f9f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      #26 0x00007f155219f0a4 in start_thread (arg=0x7f1553c8e300) at pthread_create.c:309
      #27 0x00007f155014c87d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: