Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-11833

JSON functions don't seem to respect max_allowed_packet

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.2
    • Fix Version/s: 10.2.5
    • Component/s: JSON
    • Labels:
      None
    • Sprint:
      10.2.5-1

      Description

      MariaDB [test]> \W
      Show warnings enabled.
      MariaDB [test]> set @a= json_quote(json_array(repeat('a',1024),repeat('a',1024))); select length(@a);
      Query OK, 0 rows affected (0.00 sec)
       
      +------------+
      | length(@a) |
      +------------+
      |       2062 |
      +------------+
      1 row in set (0.00 sec)
       
      MariaDB [test]> show variables like 'max_allowed_packet';
      +--------------------+-------+
      | Variable_name      | Value |
      +--------------------+-------+
      | max_allowed_packet | 1024  |
      +--------------------+-------+
      1 row in set (0.00 sec)
      

      Similar behavior of other functions:

      MariaDB [test]> select concat(repeat('a',1024),repeat('a',1024));
      +-------------------------------------------+
      | concat(repeat('a',1024),repeat('a',1024)) |
      +-------------------------------------------+
      | NULL                                      |
      +-------------------------------------------+
      1 row in set, 1 warning (0.00 sec)
       
      Warning (Code 1301): Result of concat() was larger than max_allowed_packet (1024) - truncated
      

      While this example looks artificial , it may cause serious stability issues in many scenarios on production (unintentionally, e.g. because of bug in client software or used by attacker to impact performance / stability) - so I put 'Major' priority here, but I am OK with 'Minor' priority if such is justified.

        Attachments

          Activity

            People

            • Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              anikitin Andrii Nikitin (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: