Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.2
-
Fix Version/s: 10.2.5
-
Component/s: JSON
-
Labels:None
-
Sprint:10.2.5-1
Description
MariaDB [test]> \W
|
Show warnings enabled.
|
MariaDB [test]> set @a= json_quote(json_array(repeat('a',1024),repeat('a',1024))); select length(@a); |
Query OK, 0 rows affected (0.00 sec) |
|
|
+------------+ |
| length(@a) |
|
+------------+ |
| 2062 |
|
+------------+ |
1 row in set (0.00 sec) |
|
|
MariaDB [test]> show variables like 'max_allowed_packet'; |
+--------------------+-------+ |
| Variable_name | Value |
|
+--------------------+-------+ |
| max_allowed_packet | 1024 |
|
+--------------------+-------+ |
1 row in set (0.00 sec) |
Similar behavior of other functions:
MariaDB [test]> select concat(repeat('a',1024),repeat('a',1024)); |
+-------------------------------------------+ |
| concat(repeat('a',1024),repeat('a',1024)) | |
+-------------------------------------------+ |
| NULL | |
+-------------------------------------------+ |
1 row in set, 1 warning (0.00 sec) |
|
|
Warning (Code 1301): Result of concat() was larger than max_allowed_packet (1024) - truncated |
While this example looks artificial , it may cause serious stability issues in many scenarios on production (unintentionally, e.g. because of bug in client software or used by attacker to impact performance / stability) - so I put 'Major' priority here, but I am OK with 'Minor' priority if such is justified.