Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23187

Assorted assertion failures in json_find_path with certain collations

Details

    Description

      SET COLLATION_CONNECTION= ucs2_unicode_ci;
      		 
      SELECT JSON_VALUE('["foo"]', '$**[0]') AS f;

      10.2 debug a1e52e7f

      		 
      mysqld: /data/src/10.2/strings/json_lib.c:1360: json_find_path: Assertion `0' failed.
      		 
      200717 14:17:44 [ERROR] mysqld got signal 6 ;
      		 
       
      		 
      #7  0x00007f1875a73f12 in __GI___assert_fail (assertion=0x5574f4d78879 "0", file=0x5574f4d787f8 "/data/src/10.2/strings/json_lib.c", line=1360, function=0x5574f4d78900 <__PRETTY_FUNCTION__.9403> "json_find_path") at assert.c:101
      		 
      #8  0x00005574f490b38e in json_find_path (je=0x7f18705a6dc0, p=0x7f1854012808, p_cur_step=0x7f1854012c50, array_counters=0x7f18705a6d40) at /data/src/10.2/strings/json_lib.c:1360
      		 
      #9  0x00005574f432f294 in Item_func_json_value::val_str (this=0x7f1854012748, str=0x7f18705a6fb0) at /data/src/10.2/sql/item_jsonfunc.cc:486
      		 
      #10 0x00005574f418823b in Item::send (this=0x7f1854012748, protocol=0x7f18540010a8, buffer=0x7f18705a6fb0) at /data/src/10.2/sql/item.cc:6921
      		 
      #11 0x00005574f3e0cc4b in Protocol::send_result_set_row (this=0x7f18540010a8, row_items=0x7f1854004f50) at /data/src/10.2/sql/protocol.cc:990
      		 
      #12 0x00005574f3ea0db2 in select_send::send_data (this=0x7f1854012d48, items=...) at /data/src/10.2/sql/sql_class.cc:2731
      		 
      #13 0x00005574f3f30833 in JOIN::exec_inner (this=0x7f1854012d68) at /data/src/10.2/sql/sql_select.cc:3514
      		 
      #14 0x00005574f3f302b2 in JOIN::exec (this=0x7f1854012d68) at /data/src/10.2/sql/sql_select.cc:3433
      		 
      #15 0x00005574f3f31468 in mysql_select (thd=0x7f1854000af0, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1854012d48, unit=0x7f18540046e8, select_lex=0x7f1854004e28) at /data/src/10.2/sql/sql_select.cc:3833
      		 
      #16 0x00005574f3f25626 in handle_select (thd=0x7f1854000af0, lex=0x7f1854004628, result=0x7f1854012d48, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
      		 
      #17 0x00005574f3ef1070 in execute_sqlcom_select (thd=0x7f1854000af0, all_tables=0x0) at /data/src/10.2/sql/sql_parse.cc:6218
      		 
      #18 0x00005574f3ee78f1 in mysql_execute_command (thd=0x7f1854000af0) at /data/src/10.2/sql/sql_parse.cc:3524
      		 
      #19 0x00005574f3ef4da7 in mysql_parse (thd=0x7f1854000af0, rawbuf=0x7f1854012458 "SELECT JSON_VALUE('[\"foo\"]', '$**[0]') AS f", length=43, parser_state=0x7f18705a8610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
      		 
      #20 0x00005574f3ee30d3 in dispatch_command (command=COM_QUERY, thd=0x7f1854000af0, packet=0x7f185408d421 "", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824
      		 
      #21 0x00005574f3ee1b4e in do_command (thd=0x7f1854000af0) at /data/src/10.2/sql/sql_parse.cc:1377
      		 
      #22 0x00005574f4037b29 in do_handle_one_connection (connect=0x5574f7d44d00) at /data/src/10.2/sql/sql_connect.cc:1336
      		 
      #23 0x00005574f4037894 in handle_one_connection (arg=0x5574f7d44d00) at /data/src/10.2/sql/sql_connect.cc:1241
      		 
      #24 0x00005574f484e352 in pfs_spawn_thread (arg=0x5574f7d4faf0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
      		 
      #25 0x00007f18779fc4a4 in start_thread (arg=0x7f18705a9700) at pthread_create.c:456
      		 
      #26 0x00007f1875b30d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Non-debug build returns NULL, I can't tell whether it's correct or not (with a standard collation it returns foo):

      10.2 non-debug a1e52e7f

      		 
      SET COLLATION_CONNECTION= ucs2_unicode_ci;
      		 
      SELECT JSON_VALUE('["foo"]', '$**[0]') AS f;
      		 
      f
      		 
      NULL
      		 
      SET COLLATION_CONNECTION= DEFAULT;
      		 
      SELECT JSON_VALUE('["foo"]', '$**[0]') AS f;
      		 
      f
      		 
      foo

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25375 Assertion `0' failed in json_find_path

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28480 Assertion `0' failed in Item_row::illegal_method_call on SELECT FROM JSON_TABLE

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 12 older comments
            Roel Roel Van de Paar added a comment - - edited

            Another stack on optimized builds with this testcase:

            SET @json='{ "A": [ [{"k":"v"},[1]],true],"B": {"C": 1} }';
            		 
            SET collation_connection='ucs2_bin';
            		 
            SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1');

            11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized)

            		 
            Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0, 
                pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27
            		 
            27	  *pwc= ((uchar)s[0]) * 256  + ((uchar)s[1]);
            		 
            [Current thread is 1 (Thread 0x150118402640 (LWP 3092039))]
            		 
            (gdb) bt
            		 
            #0  my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0, pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27
            		 
            #1  my_ucs2_uni (cs=0x55c9e1076ae0 <my_charset_ucs2_bin>, pwc=0x1501183ff700, s=0x0, e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z") at /test/11.0_opt/strings/ctype-ucs2.c:3089
            		 
            #2  0x000055c9e0793226 in json_read_string_const_chr (js=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:359
            		 
            #3  0x000055c9e07947ad in json_key_matches (je=0x1501183ff800, k=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:1408
            		 
            #4  0x000055c9e07949a1 in json_find_path (je=0x1501183ff800, p=0x1500dc011048, p_cur_step=0x1500dc011490, array_counters=0x1501183ff780) at /test/11.0_opt/strings/json_lib.c:1436
            		 
            #5  0x000055c9e01a0588 in Json_path_extractor::extract (this=this@entry=0x1500dc011040, str=str@entry=0x1501183ff9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706
            		 
            #6  0x000055c9e01abf2d in Item_func_json_value::val_str (this=0x1500dc010f98, to=0x1501183ff9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194
            		 
            #7  0x000055c9e01d65f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1500dc0011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454
            		 
            #8  0x000055c9dff5ceba in Protocol::send_result_set_row (this=this@entry=0x1500dc0011f0, row_items=row_items@entry=0x1500dc010ad8) at /test/11.0_opt/sql/protocol.cc:1332
            		 
            #9  0x000055c9dffd9a17 in select_send::send_data (this=0x1500dc011e38, items=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103
            		 
            #10 0x000055c9e00aa370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721
            		 
            #11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711
            		 
            #12 JOIN::exec_inner (this=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4688
            		 
            #13 0x000055c9e00aab08 in JOIN::exec (this=this@entry=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4600
            		 
            #14 0x000055c9e00a8c11 in mysql_select (thd=0x1500dc000c68, tables=0x0, fields=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1500dc011e38, unit=0x1500dc004ce8, select_lex=0x1500dc010838) at /test/11.0_opt/sql/sql_select.cc:5080
            		 
            #15 0x000055c9e00a9354 in handle_select (thd=thd@entry=0x1500dc000c68, lex=lex@entry=0x1500dc004c10, result=result@entry=0x1500dc011e38, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581
            		 
            #16 0x000055c9e0024b25 in execute_sqlcom_select (thd=0x1500dc000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265
            		 
            #17 0x000055c9e0033870 in mysql_execute_command (thd=0x1500dc000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
            		 
            #18 0x000055c9e0035104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1500dc000c68) at /test/11.0_opt/sql/sql_parse.cc:8000
            		 
            #19 mysql_parse (thd=0x1500dc000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922
            		 
            #20 0x000055c9e00376e2 in dispatch_command (command=COM_QUERY, thd=0x1500dc000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
            		 
            #21 0x000055c9e0038e80 in do_command (thd=0x1500dc000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
            		 
            #22 0x000055c9e014eab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c9e2ab9028, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
            		 
            #23 0x000055c9e014ed8d in handle_one_connection (arg=0x55c9e2ab9028) at /test/11.0_opt/sql/sql_connect.cc:1318
            		 
            #24 0x00001501312cbb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            		 
            #25 0x000015013135da00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Again, 10.9+ only. Both debug and optimized builds affected.

            Another stack on optimized builds with this testcase:

            SET @json='{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }';
            		 
            SET sql_mode=0,character_set_connection=utf32;
            		 
            SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1');

            11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized)

            		 
            Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
            		 
            Program terminated with signal SIGSEGV, Segmentation fault.
            		 
            #0  my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<", 
                s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29
            		 
            29	  *pwc= MY_UTF32_WC4(s[0], s[1], s[2], s[3]);
            		 
            [Current thread is 1 (Thread 0x151a240ad640 (LWP 808313))]
            		 
            (gdb) bt
            		 
            #0  my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<", s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29
            		 
            #1  my_utf32_uni (cs=0x564dd727c020 <my_charset_utf32_general_ci>, pwc=0x151a240aa700, s=0x0, e=0x564dd727c020 <my_charset_utf32_general_ci> "<") at /test/11.0_opt/strings/ctype-ucs2.c:2181
            		 
            #2  0x0000564dd6998226 in json_read_string_const_chr (js=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:359
            		 
            #3  0x0000564dd69997ad in json_key_matches (je=0x151a240aa800, k=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:1408
            		 
            #4  0x0000564dd69999a1 in json_find_path (je=0x151a240aa800, p=0x1519e80110e0, p_cur_step=0x1519e8011528, array_counters=0x151a240aa780) at /test/11.0_opt/strings/json_lib.c:1436
            		 
            #5  0x0000564dd63a5588 in Json_path_extractor::extract (this=this@entry=0x1519e80110d8, str=str@entry=0x151a240aa9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706
            		 
            #6  0x0000564dd63b0f2d in Item_func_json_value::val_str (this=0x1519e8011030, to=0x151a240aa9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194
            		 
            #7  0x0000564dd63db5f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1519e80011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454
            		 
            #8  0x0000564dd6161eba in Protocol::send_result_set_row (this=this@entry=0x1519e80011f0, row_items=row_items@entry=0x1519e8010ad8) at /test/11.0_opt/sql/protocol.cc:1332
            		 
            #9  0x0000564dd61dea17 in select_send::send_data (this=0x1519e8011ed0, items=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103
            		 
            #10 0x0000564dd62af370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721
            		 
            #11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711
            		 
            #12 JOIN::exec_inner (this=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4688
            		 
            #13 0x0000564dd62afb08 in JOIN::exec (this=this@entry=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4600
            		 
            #14 0x0000564dd62adc11 in mysql_select (thd=0x1519e8000c68, tables=0x0, fields=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1519e8011ed0, unit=0x1519e8004ce8, select_lex=0x1519e8010838) at /test/11.0_opt/sql/sql_select.cc:5080
            		 
            #15 0x0000564dd62ae354 in handle_select (thd=thd@entry=0x1519e8000c68, lex=lex@entry=0x1519e8004c10, result=result@entry=0x1519e8011ed0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581
            		 
            #16 0x0000564dd6229b25 in execute_sqlcom_select (thd=0x1519e8000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265
            		 
            #17 0x0000564dd6238870 in mysql_execute_command (thd=0x1519e8000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
            		 
            #18 0x0000564dd623a104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1519e8000c68) at /test/11.0_opt/sql/sql_parse.cc:8000
            		 
            #19 mysql_parse (thd=0x1519e8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922
            		 
            #20 0x0000564dd623c6e2 in dispatch_command (command=COM_QUERY, thd=0x1519e8000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
            		 
            #21 0x0000564dd623de80 in do_command (thd=0x1519e8000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
            		 
            #22 0x0000564dd6353ab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564dd7f6a0c8, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
            		 
            #23 0x0000564dd6353d8d in handle_one_connection (arg=0x564dd7f6a0c8) at /test/11.0_opt/sql/sql_connect.cc:1318
            		 
            #24 0x0000151a3b39eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
            		 
            #25 0x0000151a3b430a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

            Various other combinations likely exist, like my_mb_wc_tis620:

            SET @json='{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }';
            		 
            SET sql_mode=0,character_set_connection=utf32;
            		 
            SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1');

            Roel Roel Van de Paar added a comment - - edited Another stack on optimized builds with this testcase: SET @json= '{ "A": [ [{"k":"v"},[1]],true],"B": {"C": 1} }' ; SET collation_connection= 'ucs2_bin' ; SELECT JSON_VALUE(@json, '$.A[last-1][last-1].key1' ); 11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized) Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0, pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27 27 *pwc= ((uchar)s[0]) * 256 + ((uchar)s[1]); [Current thread is 1 (Thread 0x150118402640 (LWP 3092039))] (gdb) bt #0 my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0, pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27 #1 my_ucs2_uni (cs=0x55c9e1076ae0 <my_charset_ucs2_bin>, pwc=0x1501183ff700, s=0x0, e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z") at /test/11.0_opt/strings/ctype-ucs2.c:3089 #2 0x000055c9e0793226 in json_read_string_const_chr (js=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:359 #3 0x000055c9e07947ad in json_key_matches (je=0x1501183ff800, k=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:1408 #4 0x000055c9e07949a1 in json_find_path (je=0x1501183ff800, p=0x1500dc011048, p_cur_step=0x1500dc011490, array_counters=0x1501183ff780) at /test/11.0_opt/strings/json_lib.c:1436 #5 0x000055c9e01a0588 in Json_path_extractor::extract (this=this@entry=0x1500dc011040, str=str@entry=0x1501183ff9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706 #6 0x000055c9e01abf2d in Item_func_json_value::val_str (this=0x1500dc010f98, to=0x1501183ff9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194 #7 0x000055c9e01d65f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1500dc0011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454 #8 0x000055c9dff5ceba in Protocol::send_result_set_row (this=this@entry=0x1500dc0011f0, row_items=row_items@entry=0x1500dc010ad8) at /test/11.0_opt/sql/protocol.cc:1332 #9 0x000055c9dffd9a17 in select_send::send_data (this=0x1500dc011e38, items=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103 #10 0x000055c9e00aa370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721 #11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711 #12 JOIN::exec_inner (this=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4688 #13 0x000055c9e00aab08 in JOIN::exec (this=this@entry=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4600 #14 0x000055c9e00a8c11 in mysql_select (thd=0x1500dc000c68, tables=0x0, fields=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1500dc011e38, unit=0x1500dc004ce8, select_lex=0x1500dc010838) at /test/11.0_opt/sql/sql_select.cc:5080 #15 0x000055c9e00a9354 in handle_select (thd=thd@entry=0x1500dc000c68, lex=lex@entry=0x1500dc004c10, result=result@entry=0x1500dc011e38, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581 #16 0x000055c9e0024b25 in execute_sqlcom_select (thd=0x1500dc000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265 #17 0x000055c9e0033870 in mysql_execute_command (thd=0x1500dc000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949 #18 0x000055c9e0035104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1500dc000c68) at /test/11.0_opt/sql/sql_parse.cc:8000 #19 mysql_parse (thd=0x1500dc000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922 #20 0x000055c9e00376e2 in dispatch_command (command=COM_QUERY, thd=0x1500dc000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991 #21 0x000055c9e0038e80 in do_command (thd=0x1500dc000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407 #22 0x000055c9e014eab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c9e2ab9028, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416 #23 0x000055c9e014ed8d in handle_one_connection (arg=0x55c9e2ab9028) at /test/11.0_opt/sql/sql_connect.cc:1318 #24 0x00001501312cbb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #25 0x000015013135da00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 Again, 10.9+ only. Both debug and optimized builds affected. Another stack on optimized builds with this testcase: SET @json= '{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }' ; SET sql_mode=0,character_set_connection=utf32; SELECT JSON_VALUE(@json, '$.A[last-1][last-1].key1' ); 11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized) Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGSEGV, Segmentation fault. #0 my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<", s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29 29 *pwc= MY_UTF32_WC4(s[0], s[1], s[2], s[3]); [Current thread is 1 (Thread 0x151a240ad640 (LWP 808313))] (gdb) bt #0 my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<", s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29 #1 my_utf32_uni (cs=0x564dd727c020 <my_charset_utf32_general_ci>, pwc=0x151a240aa700, s=0x0, e=0x564dd727c020 <my_charset_utf32_general_ci> "<") at /test/11.0_opt/strings/ctype-ucs2.c:2181 #2 0x0000564dd6998226 in json_read_string_const_chr (js=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:359 #3 0x0000564dd69997ad in json_key_matches (je=0x151a240aa800, k=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:1408 #4 0x0000564dd69999a1 in json_find_path (je=0x151a240aa800, p=0x1519e80110e0, p_cur_step=0x1519e8011528, array_counters=0x151a240aa780) at /test/11.0_opt/strings/json_lib.c:1436 #5 0x0000564dd63a5588 in Json_path_extractor::extract (this=this@entry=0x1519e80110d8, str=str@entry=0x151a240aa9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706 #6 0x0000564dd63b0f2d in Item_func_json_value::val_str (this=0x1519e8011030, to=0x151a240aa9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194 #7 0x0000564dd63db5f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1519e80011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454 #8 0x0000564dd6161eba in Protocol::send_result_set_row (this=this@entry=0x1519e80011f0, row_items=row_items@entry=0x1519e8010ad8) at /test/11.0_opt/sql/protocol.cc:1332 #9 0x0000564dd61dea17 in select_send::send_data (this=0x1519e8011ed0, items=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103 #10 0x0000564dd62af370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721 #11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711 #12 JOIN::exec_inner (this=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4688 #13 0x0000564dd62afb08 in JOIN::exec (this=this@entry=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4600 #14 0x0000564dd62adc11 in mysql_select (thd=0x1519e8000c68, tables=0x0, fields=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1519e8011ed0, unit=0x1519e8004ce8, select_lex=0x1519e8010838) at /test/11.0_opt/sql/sql_select.cc:5080 #15 0x0000564dd62ae354 in handle_select (thd=thd@entry=0x1519e8000c68, lex=lex@entry=0x1519e8004c10, result=result@entry=0x1519e8011ed0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581 #16 0x0000564dd6229b25 in execute_sqlcom_select (thd=0x1519e8000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265 #17 0x0000564dd6238870 in mysql_execute_command (thd=0x1519e8000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949 #18 0x0000564dd623a104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1519e8000c68) at /test/11.0_opt/sql/sql_parse.cc:8000 #19 mysql_parse (thd=0x1519e8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922 #20 0x0000564dd623c6e2 in dispatch_command (command=COM_QUERY, thd=0x1519e8000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991 #21 0x0000564dd623de80 in do_command (thd=0x1519e8000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407 #22 0x0000564dd6353ab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564dd7f6a0c8, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416 #23 0x0000564dd6353d8d in handle_one_connection (arg=0x564dd7f6a0c8) at /test/11.0_opt/sql/sql_connect.cc:1318 #24 0x0000151a3b39eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442 #25 0x0000151a3b430a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 Various other combinations likely exist, like my_mb_wc_tis620: SET @json= '{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }' ; SET sql_mode=0,character_set_connection=utf32; SELECT JSON_VALUE(@json, '$.A[last-1][last-1].key1' );
            Roel Roel Van de Paar added a comment -

            rucha174 Please take a look.

            Roel Roel Van de Paar added a comment - rucha174 Please take a look.
            rucha174 Rucha Deodhar added a comment -

            Patch:
            https://github.com/MariaDB/server/tree/bb-10.9-MDEV-23187
            https://github.com/MariaDB/server/tree/bb-10.3-MDEV-23187

            rucha174 Rucha Deodhar added a comment - Patch: https://github.com/MariaDB/server/tree/bb-10.9-MDEV-23187 https://github.com/MariaDB/server/tree/bb-10.3-MDEV-23187
            holyfoot Alexey Botchkov added a comment -

            discussed on slack.

            holyfoot Alexey Botchkov added a comment - discussed on slack.
            holyfoot Alexey Botchkov added a comment -

            ok to push.

            holyfoot Alexey Botchkov added a comment - ok to push.

            People

              rucha174 Rucha Deodhar
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.