Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16054

simple json functions flatline cpu on garbage input

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.3.6, 10.2(EOL), 10.3(EOL)
    • 10.2.17
    • JSON
    • None
    • Win x64

    Description

      MariaDB [(none)]> select * from information_schema.processlist where user<>'system user' and id<>connection_id()\G
      *************************** 1. row ***************************
                   ID: 8
                 USER: root
                 HOST:
                   DB: test
              COMMAND: Query
                 TIME: 121
                STATE: NULL
                 INFO: do json_array(1,uuid(),compress(5.140264e+307))
              TIME_MS: 121143.104
                STAGE: 0
            MAX_STAGE: 0
             PROGRESS: 0.000
          MEMORY_USED: 76104
      MAX_MEMORY_USED: 76104
        EXAMINED_ROWS: 0
             QUERY_ID: 1
          INFO_BINARY: do json_array(1,uuid(),compress(5.140264e+307))
                  TID: 0
      1 row in set (0.002 sec)
      

      How to Repeat:

      do json_array(1,uuid(),compress(5.140264e+307));
      

      Attachments

        Activity

          Thanks for the report and test case.

          10.3 6c5e60f1b1

          Thread 2 (Thread 0x7f90c24d8700 (LWP 28367)):
          #0  json_escape (str_cs=0x557d71c8b1c0 <my_charset_utf8_general_ci>, str=0x7f90b0037fc5 "\234\063\325\063\064\061\060\062\063I560\a", str_end=0x7f90b0037fd8 "f0038c3", json_cs=0x557d71ad9000 <my_charset_bin>, json=0x7f90c24d60d2 "\001\260\003", json_end=0x7f90c24d61dd "\031") at /data/src/10.3/strings/json_lib.c:1582
          #1  0x0000557d70a1a274 in st_append_escaped (s=0x7f90c24d6070, a=0x7f90b0015448) at /data/src/10.3/sql/item_jsonfunc.cc:102
          #2  0x0000557d70a1e0eb in append_json_value (str=0x7f90c24d6070, item=0x7f90b0015250, tmp_val=0x7f90b0015448) at /data/src/10.3/sql/item_jsonfunc.cc:1432
          #3  0x0000557d70a1e484 in Item_func_json_array::val_str (this=0x7f90b0015388, str=0x7f90c24d6070) at /data/src/10.3/sql/item_jsonfunc.cc:1500
          #4  0x0000557d70541652 in Item_str_func::update_null_value (this=0x7f90b0015388) at /data/src/10.3/sql/item_strfunc.h:73
          #5  0x0000557d705059bf in Item_func::is_null (this=0x7f90b0015388) at /data/src/10.3/sql/item_func.h:172
          #6  0x0000557d709df9dc in mysql_do (thd=0x7f90b0000b00, values=...) at /data/src/10.3/sql/sql_do.cc:35
          #7  0x0000557d7055853d in mysql_execute_command (thd=0x7f90b0000b00) at /data/src/10.3/sql/sql_parse.cc:3797
          #8  0x0000557d70565706 in mysql_parse (thd=0x7f90b0000b00, rawbuf=0x7f90b0014eb0 "do json_array(1,uuid(),compress(5.140264e+307))", length=47, parser_state=0x7f90c24d75d0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
          #9  0x0000557d70552ee9 in dispatch_command (command=COM_QUERY, thd=0x7f90b0000b00, packet=0x7f90b008ff91 "do json_array(1,uuid(),compress(5.140264e+307))", packet_length=47, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
          #10 0x0000557d70551928 in do_command (thd=0x7f90b0000b00) at /data/src/10.3/sql/sql_parse.cc:1391
          #11 0x0000557d706b488d in do_handle_one_connection (connect=0x557d73338270) at /data/src/10.3/sql/sql_connect.cc:1402
          #12 0x0000557d706b461a in handle_one_connection (arg=0x557d73338270) at /data/src/10.3/sql/sql_connect.cc:1308
          #13 0x0000557d70b38f55 in pfs_spawn_thread (arg=0x557d733fa6e0) at /data/src/10.3/storage/perfschema/pfs.cc:1862
          #14 0x00007f90ca007494 in start_thread (arg=0x7f90c24d8700) at pthread_create.c:333
          #15 0x00007f90c83ed93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
          

          elenst Elena Stepanova added a comment - Thanks for the report and test case. 10.3 6c5e60f1b1 Thread 2 (Thread 0x7f90c24d8700 (LWP 28367)): #0 json_escape (str_cs=0x557d71c8b1c0 <my_charset_utf8_general_ci>, str=0x7f90b0037fc5 "\234\063\325\063\064\061\060\062\063I560\a", str_end=0x7f90b0037fd8 "f0038c3", json_cs=0x557d71ad9000 <my_charset_bin>, json=0x7f90c24d60d2 "\001\260\003", json_end=0x7f90c24d61dd "\031") at /data/src/10.3/strings/json_lib.c:1582 #1 0x0000557d70a1a274 in st_append_escaped (s=0x7f90c24d6070, a=0x7f90b0015448) at /data/src/10.3/sql/item_jsonfunc.cc:102 #2 0x0000557d70a1e0eb in append_json_value (str=0x7f90c24d6070, item=0x7f90b0015250, tmp_val=0x7f90b0015448) at /data/src/10.3/sql/item_jsonfunc.cc:1432 #3 0x0000557d70a1e484 in Item_func_json_array::val_str (this=0x7f90b0015388, str=0x7f90c24d6070) at /data/src/10.3/sql/item_jsonfunc.cc:1500 #4 0x0000557d70541652 in Item_str_func::update_null_value (this=0x7f90b0015388) at /data/src/10.3/sql/item_strfunc.h:73 #5 0x0000557d705059bf in Item_func::is_null (this=0x7f90b0015388) at /data/src/10.3/sql/item_func.h:172 #6 0x0000557d709df9dc in mysql_do (thd=0x7f90b0000b00, values=...) at /data/src/10.3/sql/sql_do.cc:35 #7 0x0000557d7055853d in mysql_execute_command (thd=0x7f90b0000b00) at /data/src/10.3/sql/sql_parse.cc:3797 #8 0x0000557d70565706 in mysql_parse (thd=0x7f90b0000b00, rawbuf=0x7f90b0014eb0 "do json_array(1,uuid(),compress(5.140264e+307))", length=47, parser_state=0x7f90c24d75d0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001 #9 0x0000557d70552ee9 in dispatch_command (command=COM_QUERY, thd=0x7f90b0000b00, packet=0x7f90b008ff91 "do json_array(1,uuid(),compress(5.140264e+307))", packet_length=47, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846 #10 0x0000557d70551928 in do_command (thd=0x7f90b0000b00) at /data/src/10.3/sql/sql_parse.cc:1391 #11 0x0000557d706b488d in do_handle_one_connection (connect=0x557d73338270) at /data/src/10.3/sql/sql_connect.cc:1402 #12 0x0000557d706b461a in handle_one_connection (arg=0x557d73338270) at /data/src/10.3/sql/sql_connect.cc:1308 #13 0x0000557d70b38f55 in pfs_spawn_thread (arg=0x557d733fa6e0) at /data/src/10.3/storage/perfschema/pfs.cc:1862 #14 0x00007f90ca007494 in start_thread (arg=0x7f90c24d8700) at pthread_create.c:333 #15 0x00007f90c83ed93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
          holyfoot Alexey Botchkov added a comment - http://lists.askmonty.org/pipermail/commits/2018-July/012745.html

          People

            holyfoot Alexey Botchkov
            sbester1 sbester1
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.