Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
Description
SET COLLATION_CONNECTION= ucs2_unicode_ci; |
SELECT JSON_VALUE('["foo"]', '$**[0]') AS f; |
|
10.2 debug a1e52e7f |
mysqld: /data/src/10.2/strings/json_lib.c:1360: json_find_path: Assertion `0' failed.
|
200717 14:17:44 [ERROR] mysqld got signal 6 ;
|
|
|
#7 0x00007f1875a73f12 in __GI___assert_fail (assertion=0x5574f4d78879 "0", file=0x5574f4d787f8 "/data/src/10.2/strings/json_lib.c", line=1360, function=0x5574f4d78900 <__PRETTY_FUNCTION__.9403> "json_find_path") at assert.c:101
|
#8 0x00005574f490b38e in json_find_path (je=0x7f18705a6dc0, p=0x7f1854012808, p_cur_step=0x7f1854012c50, array_counters=0x7f18705a6d40) at /data/src/10.2/strings/json_lib.c:1360
|
#9 0x00005574f432f294 in Item_func_json_value::val_str (this=0x7f1854012748, str=0x7f18705a6fb0) at /data/src/10.2/sql/item_jsonfunc.cc:486
|
#10 0x00005574f418823b in Item::send (this=0x7f1854012748, protocol=0x7f18540010a8, buffer=0x7f18705a6fb0) at /data/src/10.2/sql/item.cc:6921
|
#11 0x00005574f3e0cc4b in Protocol::send_result_set_row (this=0x7f18540010a8, row_items=0x7f1854004f50) at /data/src/10.2/sql/protocol.cc:990
|
#12 0x00005574f3ea0db2 in select_send::send_data (this=0x7f1854012d48, items=...) at /data/src/10.2/sql/sql_class.cc:2731
|
#13 0x00005574f3f30833 in JOIN::exec_inner (this=0x7f1854012d68) at /data/src/10.2/sql/sql_select.cc:3514
|
#14 0x00005574f3f302b2 in JOIN::exec (this=0x7f1854012d68) at /data/src/10.2/sql/sql_select.cc:3433
|
#15 0x00005574f3f31468 in mysql_select (thd=0x7f1854000af0, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1854012d48, unit=0x7f18540046e8, select_lex=0x7f1854004e28) at /data/src/10.2/sql/sql_select.cc:3833
|
#16 0x00005574f3f25626 in handle_select (thd=0x7f1854000af0, lex=0x7f1854004628, result=0x7f1854012d48, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
|
#17 0x00005574f3ef1070 in execute_sqlcom_select (thd=0x7f1854000af0, all_tables=0x0) at /data/src/10.2/sql/sql_parse.cc:6218
|
#18 0x00005574f3ee78f1 in mysql_execute_command (thd=0x7f1854000af0) at /data/src/10.2/sql/sql_parse.cc:3524
|
#19 0x00005574f3ef4da7 in mysql_parse (thd=0x7f1854000af0, rawbuf=0x7f1854012458 "SELECT JSON_VALUE('[\"foo\"]', '$**[0]') AS f", length=43, parser_state=0x7f18705a8610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
|
#20 0x00005574f3ee30d3 in dispatch_command (command=COM_QUERY, thd=0x7f1854000af0, packet=0x7f185408d421 "", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824
|
#21 0x00005574f3ee1b4e in do_command (thd=0x7f1854000af0) at /data/src/10.2/sql/sql_parse.cc:1377
|
#22 0x00005574f4037b29 in do_handle_one_connection (connect=0x5574f7d44d00) at /data/src/10.2/sql/sql_connect.cc:1336
|
#23 0x00005574f4037894 in handle_one_connection (arg=0x5574f7d44d00) at /data/src/10.2/sql/sql_connect.cc:1241
|
#24 0x00005574f484e352 in pfs_spawn_thread (arg=0x5574f7d4faf0) at /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#25 0x00007f18779fc4a4 in start_thread (arg=0x7f18705a9700) at pthread_create.c:456
|
#26 0x00007f1875b30d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
Non-debug build returns NULL, I can't tell whether it's correct or not (with a standard collation it returns foo):
|
10.2 non-debug a1e52e7f |
SET COLLATION_CONNECTION= ucs2_unicode_ci; |
SELECT JSON_VALUE('["foo"]', '$**[0]') AS f; |
f
|
NULL
|
SET COLLATION_CONNECTION= DEFAULT; |
SELECT JSON_VALUE('["foo"]', '$**[0]') AS f; |
f
|
foo
|
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-
Activity
Adding testcase from MDEV-25375 here with updated report, and marked MDEV-25375 as duplicate.
SET collation_connection='ucs2_bin'; |
SELECT json_value ('[{"foo": 1},"bar"]','$[*][0]'); |
Leads to:
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
mysqld: /test/10.9_dbg/strings/json_lib.c:1478: json_find_path: Assertion `0' failed.
|
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x1553780d8700 (LWP 948800))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000155392a3c859 in __GI_abort () at abort.c:79
|
#2 0x0000155392a3c729 in __assert_fail_base (fmt=0x155392bd2588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x564365cd509d "0", file=0x56436604ebc0 "/test/10.9_dbg/strings/json_lib.c", line=1478, function=<optimized out>) at assert.c:92
|
#3 0x0000155392a4e006 in __GI___assert_fail (assertion=assertion@entry=0x564365cd509d "0", file=file@entry=0x56436604ebc0 "/test/10.9_dbg/strings/json_lib.c", line=line@entry=1478, function=function@entry=0x56436604db18 <__PRETTY_FUNCTION__.16624> "json_find_path") at assert.c:101
|
#4 0x00005643659d6713 in json_find_path (je=je@entry=0x1553780d5ff0, p=p@entry=0x1552f4014460, p_cur_step=p_cur_step@entry=0x1552f40148a8, array_counters=array_counters@entry=0x1553780d5f70) at /test/10.9_dbg/strings/json_lib.c:1478
|
#5 0x0000564365109368 in Json_path_extractor::extract (this=this@entry=0x1552f4014458, str=str@entry=0x1553780d61f0, item_js=<optimized out>, item_jp=0x1552f40142e0, cs=0x5643663d0d00 <my_charset_ucs2_bin>) at /test/10.9_dbg/sql/item_jsonfunc.cc:561
|
#6 0x0000564365116ac5 in Item_func_json_value::val_str (this=0x1552f40143b0, to=0x1553780d61f0) at /test/10.9_dbg/sql/item_jsonfunc.h:194
|
#7 0x000056436514b4de in Type_handler::Item_send_str (this=<optimized out>, item=0x1552f40143b0, protocol=0x1552f40013a0, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:7464
|
#8 0x0000564365088bb7 in Type_handler_string_result::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.h:5446
|
#9 0x0000564364e12bb0 in Item::send (this=0x1552f40143b0, protocol=0x1552f40013a0, buffer=0x1553780d61c0) at /test/10.9_dbg/sql/item.h:1227
|
#10 0x0000564364e498eb in Protocol::send_result_set_row (this=this@entry=0x1552f40013a0, row_items=row_items@entry=0x1552f4013f58) at /test/10.9_dbg/sql/protocol.cc:1328
|
#11 0x0000564364ed68a3 in select_send::send_data (this=0x1552f4015218, items=@0x1552f4013f58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1552f40148f0, last = 0x1552f40148f0, elements = 1}, <No data fields>}) at /test/10.9_dbg/sql/sql_class.cc:3113
|
#12 0x0000564364fc9ccb in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.9_dbg/sql/sql_class.h:5625
|
#13 JOIN::exec_inner (this=this@entry=0x1552f4015240) at /test/10.9_dbg/sql/sql_select.cc:4644
|
#14 0x0000564364fcad2e in JOIN::exec (this=this@entry=0x1552f4015240) at /test/10.9_dbg/sql/sql_select.cc:4556
|
#15 0x0000564364fc8ab2 in mysql_select (thd=thd@entry=0x1552f4000db8, tables=0x0, fields=@0x1552f4013f58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1552f40148f0, last = 0x1552f40148f0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x1552f4015218, unit=0x1552f4004fd8, select_lex=0x1552f4013cb8) at /test/10.9_dbg/sql/sql_select.cc:5036
|
#16 0x0000564364fc92a8 in handle_select (thd=thd@entry=0x1552f4000db8, lex=lex@entry=0x1552f4004f00, result=result@entry=0x1552f4015218, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570
|
#17 0x0000564364f356c8 in execute_sqlcom_select (thd=thd@entry=0x1552f4000db8, all_tables=0x0) at /test/10.9_dbg/sql/sql_parse.cc:6271
|
#18 0x0000564364f41935 in mysql_execute_command (thd=thd@entry=0x1552f4000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961
|
#19 0x0000564364f2f67b in mysql_parse (thd=thd@entry=0x1552f4000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1553780d7470) at /test/10.9_dbg/sql/sql_parse.cc:8046
|
#20 0x0000564364f3cf79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1552f4000db8, packet=packet@entry=0x1552f400b699 "", packet_length=packet_length@entry=50, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
|
#21 0x0000564364f3f686 in do_command (thd=0x1552f4000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
|
#22 0x000056436509cd02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564368a1fb38, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
|
#23 0x000056436509d20b in handle_one_connection (arg=0x564368a1fb38) at /test/10.9_dbg/sql/sql_connect.cc:1312
|
#24 0x0000155392f4d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#25 0x0000155392b39163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
All UniqueID's/stacks seen thus far
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item::send|Protocol::send_result_set_row
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item::temporal_precision|Item_func_seconds_hybrid::fix_length_and_dec
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Type_handler_string_result::Item_temporal_precision|Type_handler_string_result::Item_time_precision
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Type_handler::Item_send_str|Type_handler_string_result::Item_send
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_str_func::val_real|Item_func_plus::real_op
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_func_concat::val_str|Item::send
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_func_concat::val_str|Type_handler::Item_send_str
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_str_func::val_decimal|Item_func_int_div::val_int
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_str_func::val_decimal|VDec::VDec
|
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_func_concat_operator_oracle::val_str|Type_handler::Item_send_str
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Type_handler::Item_send_str
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Item_str_func::val_real
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Item_str_func::val_decimal
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Item_func_concat::val_str
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Type_handler_string_result::Item_temporal_precision
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Item_func_concat_operator_oracle::val_str
|
SIGSEGV|my_mb_wc_utf8mb3_quick|my_utf8mb3_uni|json_read_string_const_chr|json_key_matches
|
SIGSEGV|my_mb_wc_eucjpms|json_read_string_const_chr|json_key_matches|json_find_path
|
cur_step->type &
|
JSON_PATH_ARRAY|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Type_handler::Item_send_str
|
SET character_set_connection=utf16; |
SELECT CONCAT (0,JSON_VALUE ('"1"','$')); |
Leads to:
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
mysqld: /test/10.9_dbg/strings/json_lib.c:1478: json_find_path: Assertion `0' failed.
|
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14b8e01f9700 (LWP 3272230))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014b905f81859 in __GI_abort () at abort.c:79
|
#2 0x000014b905f81729 in __assert_fail_base (fmt=0x14b906117588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55be29c1e09d "0", file=0x55be29f97bc0 "/test/10.9_dbg/strings/json_lib.c", line=1478, function=<optimized out>) at assert.c:92
|
#3 0x000014b905f93006 in __GI___assert_fail (assertion=assertion@entry=0x55be29c1e09d "0", file=file@entry=0x55be29f97bc0 "/test/10.9_dbg/strings/json_lib.c", line=line@entry=1478, function=function@entry=0x55be29f96b18 <__PRETTY_FUNCTION__.16624> "json_find_path") at assert.c:101
|
#4 0x000055be2991f713 in json_find_path (je=je@entry=0x14b8e01f6fb0, p=p@entry=0x14b858014410, p_cur_step=p_cur_step@entry=0x14b858014858, array_counters=array_counters@entry=0x14b8e01f6f30) at /test/10.9_dbg/strings/json_lib.c:1478
|
#5 0x000055be29052368 in Json_path_extractor::extract (this=this@entry=0x14b858014408, str=str@entry=0x14b8580149a0, item_js=<optimized out>, item_jp=0x14b8580142c8, cs=0x55be2a31a940 <my_charset_utf16_general_ci>) at /test/10.9_dbg/sql/item_jsonfunc.cc:561
|
#6 0x000055be2905fac5 in Item_func_json_value::val_str (this=0x14b858014360, to=0x14b8580149a0) at /test/10.9_dbg/sql/item_jsonfunc.h:194
|
#7 0x000055be292493b8 in Item_func_concat::val_str (this=0x14b8580148f8, str=0x14b8e01f71f0) at /test/10.9_dbg/sql/item_strfunc.cc:643
|
#8 0x000055be290944de in Type_handler::Item_send_str (this=<optimized out>, item=0x14b8580148f8, protocol=0x14b8580013a0, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:7464
|
#9 0x000055be28fd1bb7 in Type_handler_string_result::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.h:5446
|
#10 0x000055be28d5bbb0 in Item::send (this=0x14b8580148f8, protocol=0x14b8580013a0, buffer=0x14b8e01f71c0) at /test/10.9_dbg/sql/item.h:1227
|
#11 0x000055be28d928eb in Protocol::send_result_set_row (this=this@entry=0x14b8580013a0, row_items=row_items@entry=0x14b858013f40) at /test/10.9_dbg/sql/protocol.cc:1328
|
#12 0x000055be28e1f8a3 in select_send::send_data (this=0x14b8580152c8, items=@0x14b858013f40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b8580149c0, last = 0x14b8580149c0, elements = 1}, <No data fields>}) at /test/10.9_dbg/sql/sql_class.cc:3113
|
#13 0x000055be28f12ccb in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.9_dbg/sql/sql_class.h:5625
|
#14 JOIN::exec_inner (this=this@entry=0x14b8580152f0) at /test/10.9_dbg/sql/sql_select.cc:4644
|
#15 0x000055be28f13d2e in JOIN::exec (this=this@entry=0x14b8580152f0) at /test/10.9_dbg/sql/sql_select.cc:4556
|
#16 0x000055be28f11ab2 in mysql_select (thd=thd@entry=0x14b858000db8, tables=0x0, fields=@0x14b858013f40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14b8580149c0, last = 0x14b8580149c0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14b8580152c8, unit=0x14b858004fd8, select_lex=0x14b858013ca0) at /test/10.9_dbg/sql/sql_select.cc:5036
|
#17 0x000055be28f122a8 in handle_select (thd=thd@entry=0x14b858000db8, lex=lex@entry=0x14b858004f00, result=result@entry=0x14b8580152c8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570
|
#18 0x000055be28e7e6c8 in execute_sqlcom_select (thd=thd@entry=0x14b858000db8, all_tables=0x0) at /test/10.9_dbg/sql/sql_parse.cc:6271
|
#19 0x000055be28e8a935 in mysql_execute_command (thd=thd@entry=0x14b858000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961
|
#20 0x000055be28e7867b in mysql_parse (thd=thd@entry=0x14b858000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b8e01f8470) at /test/10.9_dbg/sql/sql_parse.cc:8046
|
#21 0x000055be28e85f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14b858000db8, packet=packet@entry=0x14b85800b699 "", packet_length=packet_length@entry=40, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
|
#22 0x000055be28e88686 in do_command (thd=0x14b858000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
|
#23 0x000055be28fe5d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55be2c24f8b8, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
|
#24 0x000055be28fe620b in handle_one_connection (arg=0x55be2c24f8b8) at /test/10.9_dbg/sql/sql_connect.cc:1312
|
#25 0x000014b906492609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x000014b90607e163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
SET character_set_connection=utf32; |
SELECT JSON_VALUE ('"123"','$') DIV 2; |
Leads to:
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
mysqld: /test/10.9_dbg/strings/json_lib.c:1478: json_find_path: Assertion `0' failed.
|
|
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug) |
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x146cc80fe700 (LWP 1758152))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000146ce12d9859 in __GI_abort () at abort.c:79
|
#2 0x0000146ce12d9729 in __assert_fail_base (fmt=0x146ce146f588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56420176f09d "0", file=0x564201ae8bc0 "/test/10.9_dbg/strings/json_lib.c", line=1478, function=<optimized out>) at assert.c:92
|
#3 0x0000146ce12eb006 in __GI___assert_fail (assertion=assertion@entry=0x56420176f09d "0", file=file@entry=0x564201ae8bc0 "/test/10.9_dbg/strings/json_lib.c", line=line@entry=1478, function=function@entry=0x564201ae7b18 <__PRETTY_FUNCTION__.16624> "json_find_path") at assert.c:101
|
#4 0x0000564201470713 in json_find_path (je=je@entry=0x146cc80fbc70, p=p@entry=0x146c2c014390, p_cur_step=p_cur_step@entry=0x146c2c0147d8, array_counters=array_counters@entry=0x146cc80fbbf0) at /test/10.9_dbg/strings/json_lib.c:1478
|
#5 0x0000564200ba3368 in Json_path_extractor::extract (this=this@entry=0x146c2c014388, str=str@entry=0x146cc80fbdd0, item_js=<optimized out>, item_jp=0x146c2c014240, cs=0x564201e6b240 <my_charset_utf32_general_ci>) at /test/10.9_dbg/sql/item_jsonfunc.cc:561
|
#6 0x0000564200bb0ac5 in Item_func_json_value::val_str (this=0x146c2c0142e0, to=0x146cc80fbdd0) at /test/10.9_dbg/sql/item_jsonfunc.h:194
|
#7 0x0000564200d8c062 in Item_str_func::val_decimal (this=0x146c2c0142e0, decimal_value=0x146cc80fbf88) at /test/10.9_dbg/sql/item_strfunc.cc:142
|
#8 0x0000564200bd8dc2 in VDec::VDec (this=0x146cc80fbf80, item=0x146c2c0142e0) at /test/10.9_dbg/sql/sql_type.cc:301
|
#9 0x0000564200d500f0 in VDec2_lazy::VDec2_lazy (b=0x146c2c014828, a=<optimized out>, this=0x146cc80fbf80) at /test/10.9_dbg/sql/sql_type.h:481
|
#10 Item_func_int_div::val_int (this=0x146c2c0148a0) at /test/10.9_dbg/sql/item_func.cc:1612
|
#11 0x0000564200be566f in Type_handler::Item_send_long (this=<optimized out>, item=0x146c2c0148a0, protocol=0x146c2c0013a0, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:7497
|
#12 0x0000564200bee537 in Type_handler_long::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.h:5687
|
#13 0x00005642008acbb0 in Item::send (this=0x146c2c0148a0, protocol=0x146c2c0013a0, buffer=0x146cc80fc1c0) at /test/10.9_dbg/sql/item.h:1227
|
#14 0x00005642008e38eb in Protocol::send_result_set_row (this=this@entry=0x146c2c0013a0, row_items=row_items@entry=0x146c2c013f38) at /test/10.9_dbg/sql/protocol.cc:1328
|
#15 0x00005642009708a3 in select_send::send_data (this=0x146c2c015248, items=@0x146c2c013f38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x146c2c014948, last = 0x146c2c014948, elements = 1}, <No data fields>}) at /test/10.9_dbg/sql/sql_class.cc:3113
|
#16 0x0000564200a63ccb in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.9_dbg/sql/sql_class.h:5625
|
#17 JOIN::exec_inner (this=this@entry=0x146c2c015270) at /test/10.9_dbg/sql/sql_select.cc:4644
|
#18 0x0000564200a64d2e in JOIN::exec (this=this@entry=0x146c2c015270) at /test/10.9_dbg/sql/sql_select.cc:4556
|
#19 0x0000564200a62ab2 in mysql_select (thd=thd@entry=0x146c2c000db8, tables=0x0, fields=@0x146c2c013f38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x146c2c014948, last = 0x146c2c014948, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x146c2c015248, unit=0x146c2c004fd8, select_lex=0x146c2c013c98) at /test/10.9_dbg/sql/sql_select.cc:5036
|
#20 0x0000564200a632a8 in handle_select (thd=thd@entry=0x146c2c000db8, lex=lex@entry=0x146c2c004f00, result=result@entry=0x146c2c015248, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570
|
#21 0x00005642009cf6c8 in execute_sqlcom_select (thd=thd@entry=0x146c2c000db8, all_tables=0x0) at /test/10.9_dbg/sql/sql_parse.cc:6271
|
#22 0x00005642009db935 in mysql_execute_command (thd=thd@entry=0x146c2c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961
|
#23 0x00005642009c967b in mysql_parse (thd=thd@entry=0x146c2c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x146cc80fd470) at /test/10.9_dbg/sql/sql_parse.cc:8046
|
#24 0x00005642009d6f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x146c2c000db8, packet=packet@entry=0x146c2c00b699 "", packet_length=packet_length@entry=37, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
|
#25 0x00005642009d9686 in do_command (thd=0x146c2c000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
|
#26 0x0000564200b36d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5642036f6bb8, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
|
#27 0x0000564200b3720b in handle_one_connection (arg=0x5642036f6bb8) at /test/10.9_dbg/sql/sql_connect.cc:1312
|
#28 0x0000146ce17ea609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#29 0x0000146ce13d6163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)
Adding additional testcases with different stacks here. UniqueID's added above, but leaving off full stacks and versions affected, to avoid an excessively long bug report.
SET NAMES utf8,character_set_connection=utf32; |
SELECT time_to_sec (JSON_VALUE ('"12:13:14"','$')); |
Two additional, similar, stacks with this testcase:
Regression in 10.4.
SET collation_connection='utf32_unicode_ci'; |
SELECT CAST(JSON_VALUE ('"1234"','$') AS UNSIGNED); |
Leads to:
|
10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug) |
mysqld: /test/10.10_dbg/strings/json_lib.c:1478: json_find_path: Assertion `0' failed.
|
|
10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug) |
Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x145cc40fd700 (LWP 87512))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000145cf0463859 in __GI_abort () at abort.c:79
|
#2 0x0000145cf0463729 in __assert_fail_base (fmt=0x145cf05f9588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55e1de571b3e "0", file=0x55e1de8eedc0 "/test/10.10_dbg/strings/json_lib.c", line=1478, function=<optimized out>) at assert.c:92
|
#3 0x0000145cf0474fd6 in __GI___assert_fail (assertion=assertion@entry=0x55e1de571b3e "0", file=file@entry=0x55e1de8eedc0 "/test/10.10_dbg/strings/json_lib.c", line=line@entry=1478, function=function@entry=0x55e1de8edd18 <__PRETTY_FUNCTION__.16624> "json_find_path") at assert.c:101
|
#4 0x000055e1de270d79 in json_find_path (je=je@entry=0x145cc40fabb0, p=p@entry=0x145c94014410, p_cur_step=p_cur_step@entry=0x145c94014858, array_counters=array_counters@entry=0x145cc40fab30) at /test/10.10_dbg/strings/json_lib.c:1478
|
#5 0x000055e1dd9a0acc in Json_path_extractor::extract (this=this@entry=0x145c94014408, str=str@entry=0x145cc40fad20, item_js=<optimized out>, item_jp=0x145c940142c0, cs=0x55e1dec5c980 <my_charset_utf32_unicode_ci>) at /test/10.10_dbg/sql/item_jsonfunc.cc:561
|
#6 0x000055e1dd9ae229 in Item_func_json_value::val_str (this=0x145c94014360, to=0x145cc40fad20) at /test/10.10_dbg/sql/item_jsonfunc.h:194
|
#7 0x000055e1ddadc13a in Item::val_int_from_str (this=this@entry=0x145c94014360, error=error@entry=0x145cc40fb09c) at /test/10.10_dbg/sql/item.cc:244
|
#8 0x000055e1ddadc2b7 in Item::val_int_unsigned_typecast_from_str (this=0x145c94014360) at /test/10.10_dbg/sql/item.cc:269
|
#9 0x000055e1dd9c997a in Type_handler_string_result::Item_val_int_unsigned_typecast (this=<optimized out>, item=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:5287
|
#10 0x000055e1dd6a6dda in Item::val_int_unsigned_typecast (this=0x145c94014360) at /test/10.10_dbg/sql/item.h:1475
|
#11 0x000055e1ddb5be8e in Item_func_unsigned::val_int (this=0x145c940148a0) at /test/10.10_dbg/sql/item_func.h:1384
|
#12 0x000055e1dd9e461b in Type_handler::Item_send_longlong (this=<optimized out>, item=0x145c940148a0, protocol=0x145c940013c0, buf=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:7505
|
#13 0x000055e1dd9ed441 in Type_handler_longlong::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.10_dbg/sql/sql_type.h:5751
|
#14 0x000055e1dd6a6cde in Item::send (this=0x145c940148a0, protocol=0x145c940013c0, buffer=0x145cc40fb170) at /test/10.10_dbg/sql/item.h:1227
|
#15 0x000055e1dd6dda33 in Protocol::send_result_set_row (this=this@entry=0x145c940013c0, row_items=row_items@entry=0x145c94013f98) at /test/10.10_dbg/sql/protocol.cc:1328
|
#16 0x000055e1dd76b52d in select_send::send_data (this=0x145c94015278, items=@0x145c94013f98: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x145c94014948, last = 0x145c94014948, elements = 1}, <No data fields>}) at /test/10.10_dbg/sql/sql_class.cc:3104
|
#17 0x000055e1dd85f7b1 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.10_dbg/sql/sql_class.h:5689
|
#18 JOIN::exec_inner (this=this@entry=0x145c940152a0) at /test/10.10_dbg/sql/sql_select.cc:4652
|
#19 0x000055e1dd860814 in JOIN::exec (this=this@entry=0x145c940152a0) at /test/10.10_dbg/sql/sql_select.cc:4564
|
#20 0x000055e1dd85e598 in mysql_select (thd=thd@entry=0x145c94000db8, tables=0x0, fields=@0x145c94013f98: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x145c94014948, last = 0x145c94014948, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x145c94015278, unit=0x145c94004fd8, select_lex=0x145c94013cf8) at /test/10.10_dbg/sql/sql_select.cc:5044
|
#21 0x000055e1dd85ed8e in handle_select (thd=thd@entry=0x145c94000db8, lex=lex@entry=0x145c94004f00, result=result@entry=0x145c94015278, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:578
|
#22 0x000055e1dd7cab5e in execute_sqlcom_select (thd=thd@entry=0x145c94000db8, all_tables=0x0) at /test/10.10_dbg/sql/sql_parse.cc:6260
|
#23 0x000055e1dd7d6e70 in mysql_execute_command (thd=thd@entry=0x145c94000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3944
|
#24 0x000055e1dd7c4e3a in mysql_parse (thd=thd@entry=0x145c94000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x145cc40fc470) at /test/10.10_dbg/sql/sql_parse.cc:8036
|
#25 0x000055e1dd7d2422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x145c94000db8, packet=packet@entry=0x145c9400b6d9 "", packet_length=packet_length@entry=50, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
|
#26 0x000055e1dd7d4b2c in do_command (thd=0x145c94000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
|
#27 0x000055e1dd9343c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e1e0583b68, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
|
#28 0x000055e1dd9348c9 in handle_one_connection (arg=0x55e1e0583b68) at /test/10.10_dbg/sql/sql_connect.cc:1312
|
#29 0x0000145cf0974609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#30 0x0000145cf0560133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.5.17 (dbg), 10.6.9 (dbg), 10.7.5 (dbg), 10.8.4 (dbg), 10.9.2 (dbg), 10.10.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (opt), 10.5.17 (opt), 10.6.9 (opt), 10.7.5 (opt), 10.8.4 (opt), 10.9.2 (opt), 10.10.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)
Two additional stacks with this testcase:
SET @@sql_mode='real_as_float,pipes_as_concat,ansi_quotes,IGNORE_space,IGNORE_bad_table_options,only_full_group_by,no_unsigned_subtraction,no_dir_in_create,POSTGRESQL,ORACLE,MSSQL,DB2,MAXDB,no_key_options,no_table_options,no_field_options,MYSQL323,MYSQL40,ANSI,no_auto_value_on_zero,no_backslash_escapes,strict_trans_tables,strict_all_tables,no_zero_in_date,no_zero_date,allow_invalid_dates,error_for_division_by_zero,TRADITIONAL,no_auto_create_user,high_not_precedence,no_engine_substitution,pad_char_to_full_length,simultaneous_assignment'; |
SET collation_connection=ucs2_general_ci; |
SELECT CONCAT (0,JSON_VALUE ('"1"','$')); |
Leads in some versions to these new stacks:
0|SIGABRT|json_find_path|Item_func_json_value::val_str|Item_func_concat_operator_oracle::val_str|Type_handler::Item_send_str
|
0|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Item_func_concat_operator_oracle::val_str
|
Found another crash with a different unique ID, the crash only occurs in versions 10.9+
SET @json='{ "A": [ [{"k":"v"},[15]], true], "B": {"C": 1} }'; |
SELECT JSON_VALUE(@json, '$.A[last-1][last-1].key1'); |
Leads to
SIGSEGV|my_mb_wc_utf8mb3_quick|my_utf8mb3_uni|json_read_string_const_chr|json_key_matches
|
|
10.9.2 a5dc76a051ff908a5f506ed12e8d05311752e5fb (Optimized) |
Core was generated by `/test/MD190722-mariadb-10.9.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_mb_wc_utf8mb3_quick (
|
e=0x55f9c6c268c0 <my_charset_utf8mb3_general_ci> "!", s=0x0,
|
pwc=0x1524280abee0) at /test/10.9_opt/strings/ctype-utf8.h:102
|
[Current thread is 1 (Thread 0x1524280ae700 (LWP 3496637))]
|
(gdb) bt
|
#0 my_mb_wc_utf8mb3_quick (e=0x55f9c6c268c0 <my_charset_utf8mb3_general_ci> "!", s=0x0, pwc=0x1524280abee0) at /test/10.9_opt/strings/ctype-utf8.h:102
|
#1 my_utf8mb3_uni (cs=0x55f9c6c268c0 <my_charset_utf8mb3_general_ci>, pwc=0x1524280abee0, s=0x0, e=0x55f9c6c268c0 <my_charset_utf8mb3_general_ci> "!") at /test/10.9_opt/strings/ctype-utf8.c:5087
|
#2 0x000055f9c6308ac6 in json_read_string_const_chr (js=0x1524280abed0) at /test/10.9_opt/strings/json_lib.c:359
|
#3 0x000055f9c630a0ad in json_key_matches (je=0x1524280abfe0, k=0x1524280abed0) at /test/10.9_opt/strings/json_lib.c:1408
|
#4 0x000055f9c630a291 in json_find_path (je=je@entry=0x1524280abfe0, p=p@entry=0x1523e8010f50, p_cur_step=p_cur_step@entry=0x1523e8011398, array_counters=array_counters@entry=0x1524280abf60) at /test/10.9_opt/strings/json_lib.c:1436
|
#5 0x000055f9c5d0f6f5 in Json_path_extractor::extract (this=this@entry=0x1523e8010f48, str=str@entry=0x1524280ac1b0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/10.9_opt/sql/item_jsonfunc.cc:561
|
#6 0x000055f9c5d1b68d in Item_func_json_value::val_str (this=0x1523e8010ea0, to=0x1524280ac1b0) at /test/10.9_opt/sql/item_jsonfunc.h:194
|
#7 0x000055f9c5d45938 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1523e80011d8, buf=<optimized out>) at /test/10.9_opt/sql/sql_type.cc:7463
|
#8 0x000055f9c5ad49d6 in Protocol::send_result_set_row (this=this@entry=0x1523e80011d8, row_items=row_items@entry=0x1523e8010a68) at /test/10.9_opt/sql/protocol.cc:1328
|
#9 0x000055f9c5b4d037 in select_send::send_data (this=0x1523e8011d10, items=@0x1523e8010a68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523e80113e0, last = 0x1523e80113e0, elements = 1}, <No data fields>}) at /test/10.9_opt/sql/sql_class.cc:3101
|
#10 0x000055f9c5c1b54f in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/10.9_opt/sql/sql_class.h:5697
|
#11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.9_opt/sql/sql_class.h:5687
|
#12 JOIN::exec_inner (this=0x1523e8011d38) at /test/10.9_opt/sql/sql_select.cc:4653
|
#13 0x000055f9c5c1b978 in JOIN::exec (this=this@entry=0x1523e8011d38) at /test/10.9_opt/sql/sql_select.cc:4565
|
#14 0x000055f9c5c19b91 in mysql_select (thd=0x1523e8000c58, tables=0x0, fields=@0x1523e8010a68: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523e80113e0, last = 0x1523e80113e0, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1523e8011d10, unit=0x1523e8004cb8, select_lex=0x1523e80107c8) at /test/10.9_opt/sql/sql_select.cc:5045
|
#15 0x000055f9c5c1a2c7 in handle_select (thd=thd@entry=0x1523e8000c58, lex=lex@entry=0x1523e8004be0, result=result@entry=0x1523e8011d10, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_opt/sql/sql_select.cc:579
|
#16 0x000055f9c5b9c8ae in execute_sqlcom_select (thd=0x1523e8000c58, all_tables=0x0) at /test/10.9_opt/sql/sql_parse.cc:6260
|
#17 0x000055f9c5baa5d1 in mysql_execute_command (thd=0x1523e8000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:3944
|
#18 0x000055f9c5b97a45 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1523e8000c58) at /test/10.9_opt/sql/sql_parse.cc:8036
|
#19 mysql_parse (thd=0x1523e8000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7958
|
#20 0x000055f9c5ba3652 in dispatch_command (command=COM_QUERY, thd=0x1523e8000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
|
#21 0x000055f9c5ba5598 in do_command (thd=0x1523e8000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1407
|
#22 0x000055f9c5cbdf9f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55f9c8a58cc8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
|
#23 0x000055f9c5cbe28d in handle_one_connection (arg=0x55f9c8a58cc8) at /test/10.9_opt/sql/sql_connect.cc:1312
|
#24 0x000015243fd6a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#25 0x000015243f956133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Another 10.9+ only stack, and new assertion:
SET collation_connection=eucjpms_bin; |
SET @json='{ "A": [ [{"k":"v"},[1]],true],"B": {"C": 1} }'; |
SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1'); |
Leads to:
|
10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Optimized) |
Core was generated by `/test/MD171222-mariadb-10.11.2-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_mb_wc_eucjpms (cs=0x5579767cb080 <my_charset_eucjpms_bin>,
|
pwc=0x1462cebc3e70, s=0x0, e=0x5579767cb080 <my_charset_eucjpms_bin> "b")
|
at /test/10.11_opt/strings/ctype-eucjpms.c:67367
|
67367 if ((hi= s[0]) < 0x80) /* ASCII code set: [00..7F] -> [U+0000..U+007F] */
|
[Current thread is 1 (Thread 0x1462cebc6700 (LWP 862996))]
|
(gdb) bt
|
#0 my_mb_wc_eucjpms (cs=0x5579767cb080 <my_charset_eucjpms_bin>, pwc=0x1462cebc3e70, s=0x0, e=0x5579767cb080 <my_charset_eucjpms_bin> "b") at /test/10.11_opt/strings/ctype-eucjpms.c:67367
|
#1 0x0000557975e5fca6 in json_read_string_const_chr (js=0x1462cebc3e60) at /test/10.11_opt/strings/json_lib.c:359
|
#2 0x0000557975e6126d in json_key_matches (je=0x1462cebc3f70, k=0x1462cebc3e60) at /test/10.11_opt/strings/json_lib.c:1408
|
#3 0x0000557975e61461 in json_find_path (je=je@entry=0x1462cebc3f70, p=p@entry=0x14629c010fb8, p_cur_step=p_cur_step@entry=0x14629c011400, array_counters=array_counters@entry=0x1462cebc3ef0) at /test/10.11_opt/strings/json_lib.c:1436
|
#4 0x00005579758728e8 in Json_path_extractor::extract (this=this@entry=0x14629c010fb0, str=str@entry=0x1462cebc4140, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/10.11_opt/sql/item_jsonfunc.cc:706
|
#5 0x000055797587e27d in Item_func_json_value::val_str (this=0x14629c010f08, to=0x1462cebc4140) at /test/10.11_opt/sql/item_jsonfunc.h:194
|
#6 0x00005579758a8898 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x14629c0011e0, buf=<optimized out>) at /test/10.11_opt/sql/sql_type.cc:7454
|
#7 0x0000557975633f6e in Protocol::send_result_set_row (this=this@entry=0x14629c0011e0, row_items=row_items@entry=0x14629c010ac8) at /test/10.11_opt/sql/protocol.cc:1332
|
#8 0x00005579756af8a7 in select_send::send_data (this=0x14629c011da8, items=@0x14629c010ac8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14629c011448, last = 0x14629c011448, elements = 1}, <No data fields>}) at /test/10.11_opt/sql/sql_class.cc:3103
|
#9 0x000055797577eaff in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/10.11_opt/sql/sql_class.h:5721
|
#10 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_opt/sql/sql_class.h:5711
|
#11 JOIN::exec_inner (this=0x14629c011dd0) at /test/10.11_opt/sql/sql_select.cc:4688
|
#12 0x000055797577ef28 in JOIN::exec (this=this@entry=0x14629c011dd0) at /test/10.11_opt/sql/sql_select.cc:4600
|
#13 0x000055797577d111 in mysql_select (thd=0x14629c000c58, tables=0x0, fields=@0x14629c010ac8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14629c011448, last = 0x14629c011448, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14629c011da8, unit=0x14629c004cd8, select_lex=0x14629c010828) at /test/10.11_opt/sql/sql_select.cc:5080
|
#14 0x000055797577d857 in handle_select (thd=thd@entry=0x14629c000c58, lex=lex@entry=0x14629c004c00, result=result@entry=0x14629c011da8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
|
#15 0x00005579756febe1 in execute_sqlcom_select (thd=0x14629c000c58, all_tables=0x0) at /test/10.11_opt/sql/sql_parse.cc:6265
|
#16 0x000055797570c748 in mysql_execute_command (thd=0x14629c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3949
|
#17 0x00005579756f9c25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14629c000c58) at /test/10.11_opt/sql/sql_parse.cc:8000
|
#18 mysql_parse (thd=0x14629c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7922
|
#19 0x000055797570596a in dispatch_command (command=COM_QUERY, thd=0x14629c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1346
|
#20 0x0000557975707752 in do_command (thd=0x14629c000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
|
#21 0x0000557975820f7f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55797803c548, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1416
|
#22 0x000055797582125d in handle_one_connection (arg=0x55797803c548) at /test/10.11_opt/sql/sql_connect.cc:1318
|
#23 0x00001462fbc66609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#24 0x00001462fb852133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Debug) |
mysqld: /test/10.11_dbg/strings/json_lib.c:1448: json_find_path: Assertion `cur_step->type & JSON_PATH_ARRAY' failed.
|
|
10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Debug) |
Core was generated by `/test/MD171222-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x14a6b556f700 (LWP 863275))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x000014a6d2cf6859 in __GI_abort () at abort.c:79
|
#2 0x000014a6d2cf6729 in __assert_fail_base (fmt=0x14a6d2e8c588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5584bd207768 "cur_step->type & JSON_PATH_ARRAY", file=0x5584bd207720 "/test/10.11_dbg/strings/json_lib.c", line=1448, function=<optimized out>) at assert.c:92
|
#3 0x000014a6d2d07fd6 in __GI___assert_fail (assertion=assertion@entry=0x5584bd207768 "cur_step->type & JSON_PATH_ARRAY", file=file@entry=0x5584bd207720 "/test/10.11_dbg/strings/json_lib.c", line=line@entry=1448, function=function@entry=0x5584bd206678 <__PRETTY_FUNCTION__.16680> "json_find_path") at assert.c:101
|
#4 0x00005584bcb03898 in json_find_path (je=je@entry=0x14a6b556ce40, p=p@entry=0x14a660013978, p_cur_step=p_cur_step@entry=0x14a660013dc0, array_counters=array_counters@entry=0x14a6b556cdc0) at /test/10.11_dbg/strings/json_lib.c:1448
|
#5 0x00005584bc268fc6 in Json_path_extractor::extract (this=this@entry=0x14a660013970, str=str@entry=0x14a6b556d040, item_js=<optimized out>, item_jp=0x14a6600137a8, cs=0x5584bd567700 <my_charset_eucjpms_bin>) at /test/10.11_dbg/sql/item_jsonfunc.cc:706
|
#6 0x00005584bc276901 in Item_func_json_value::val_str (this=0x14a6600138c8, to=0x14a6b556d040) at /test/10.11_dbg/sql/item_jsonfunc.h:194
|
#7 0x00005584bc2acd16 in Type_handler::Item_send_str (this=<optimized out>, item=0x14a6600138c8, protocol=0x14a660001358, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:7454
|
#8 0x00005584bc1e9f93 in Type_handler_string_result::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.11_dbg/sql/sql_type.h:5438
|
#9 0x00005584bbf7e6d2 in Item::send (this=0x14a6600138c8, protocol=0x14a660001358, buffer=0x14a6b556d010) at /test/10.11_dbg/sql/item.h:1235
|
#10 0x00005584bbfb427f in Protocol::send_result_set_row (this=this@entry=0x14a660001358, row_items=row_items@entry=0x14a660013488) at /test/10.11_dbg/sql/protocol.cc:1332
|
#11 0x00005584bc03c8bd in select_send::send_data (this=0x14a660014768, items=@0x14a660013488: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14a660013e08, last = 0x14a660013e08, elements = 1}, <No data fields>}) at /test/10.11_dbg/sql/sql_class.cc:3103
|
#12 0x00005584bc12b775 in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.11_dbg/sql/sql_class.h:5721
|
#13 JOIN::exec_inner (this=this@entry=0x14a660014790) at /test/10.11_dbg/sql/sql_select.cc:4688
|
#14 0x00005584bc12c6aa in JOIN::exec (this=this@entry=0x14a660014790) at /test/10.11_dbg/sql/sql_select.cc:4600
|
#15 0x00005584bc12a6ba in mysql_select (thd=thd@entry=0x14a660000d48, tables=0x0, fields=@0x14a660013488: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14a660013e08, last = 0x14a660013e08, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x14a660014768, unit=0x14a660004f88, select_lex=0x14a6600131e8) at /test/10.11_dbg/sql/sql_select.cc:5080
|
#16 0x00005584bc12ae2d in handle_select (thd=thd@entry=0x14a660000d48, lex=lex@entry=0x14a660004eb0, result=result@entry=0x14a660014768, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
|
#17 0x00005584bc09836d in execute_sqlcom_select (thd=thd@entry=0x14a660000d48, all_tables=0x0) at /test/10.11_dbg/sql/sql_parse.cc:6265
|
#18 0x00005584bc0a44a2 in mysql_execute_command (thd=thd@entry=0x14a660000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3949
|
#19 0x00005584bc0927f4 in mysql_parse (thd=thd@entry=0x14a660000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a6b556e300) at /test/10.11_dbg/sql/sql_parse.cc:8000
|
#20 0x00005584bc09fd2f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14a660000d48, packet=packet@entry=0x14a66000adf9 "", packet_length=packet_length@entry=51, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
|
#21 0x00005584bc0a216d in do_command (thd=0x14a660000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#22 0x00005584bc1fd013 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5584c02203c8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
|
#23 0x00005584bc1fd4e2 in handle_one_connection (arg=0x5584c02203c8) at /test/10.11_dbg/sql/sql_connect.cc:1318
|
#24 0x000014a6d3207609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#25 0x000014a6d2df3133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.9.5 (dbg), 10.9.5 (opt), 10.10.3 (dbg), 10.10.3 (opt), 10.11.2 (dbg), 10.11.2 (opt)
SIGSEGV|my_mb_wc_eucjpms|json_read_string_const_chr|json_key_matches|json_find_path
|
cur_step->type & JSON_PATH_ARRAY|SIGABRT|json_find_path|Json_path_extractor::extract|Item_func_json_value::val_str|Type_handler::Item_send_str
|
SET collation_connection=utf32_czech_ci; |
SELECT JSON_VALUE ('["foo"]','$**[0]') AS f; |
Similar to a previous testcase. Also present in 10.9+ only.
SET @json='{ "A": [ [{"k":"v"},[1]],true],"B": {"C": 1} }'; |
SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1'); |
Another stack on optimized builds with this testcase:
SET @json='{ "A": [ [{"k":"v"},[1]],true],"B": {"C": 1} }'; |
SET collation_connection='ucs2_bin'; |
SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1'); |
|
11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized) |
Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0,
|
pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27
|
27 *pwc= ((uchar)s[0]) * 256 + ((uchar)s[1]);
|
[Current thread is 1 (Thread 0x150118402640 (LWP 3092039))]
|
(gdb) bt
|
#0 my_mb_wc_ucs2_quick (e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z", s=0x0, pwc=0x1501183ff700) at /test/11.0_opt/strings/ctype-ucs2.h:27
|
#1 my_ucs2_uni (cs=0x55c9e1076ae0 <my_charset_ucs2_bin>, pwc=0x1501183ff700, s=0x0, e=0x55c9e1076ae0 <my_charset_ucs2_bin> "Z") at /test/11.0_opt/strings/ctype-ucs2.c:3089
|
#2 0x000055c9e0793226 in json_read_string_const_chr (js=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:359
|
#3 0x000055c9e07947ad in json_key_matches (je=0x1501183ff800, k=0x1501183ff6f0) at /test/11.0_opt/strings/json_lib.c:1408
|
#4 0x000055c9e07949a1 in json_find_path (je=0x1501183ff800, p=0x1500dc011048, p_cur_step=0x1500dc011490, array_counters=0x1501183ff780) at /test/11.0_opt/strings/json_lib.c:1436
|
#5 0x000055c9e01a0588 in Json_path_extractor::extract (this=this@entry=0x1500dc011040, str=str@entry=0x1501183ff9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706
|
#6 0x000055c9e01abf2d in Item_func_json_value::val_str (this=0x1500dc010f98, to=0x1501183ff9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194
|
#7 0x000055c9e01d65f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1500dc0011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454
|
#8 0x000055c9dff5ceba in Protocol::send_result_set_row (this=this@entry=0x1500dc0011f0, row_items=row_items@entry=0x1500dc010ad8) at /test/11.0_opt/sql/protocol.cc:1332
|
#9 0x000055c9dffd9a17 in select_send::send_data (this=0x1500dc011e38, items=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103
|
#10 0x000055c9e00aa370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721
|
#11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711
|
#12 JOIN::exec_inner (this=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4688
|
#13 0x000055c9e00aab08 in JOIN::exec (this=this@entry=0x1500dc011e60) at /test/11.0_opt/sql/sql_select.cc:4600
|
#14 0x000055c9e00a8c11 in mysql_select (thd=0x1500dc000c68, tables=0x0, fields=@0x1500dc010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1500dc0114d8, last = 0x1500dc0114d8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1500dc011e38, unit=0x1500dc004ce8, select_lex=0x1500dc010838) at /test/11.0_opt/sql/sql_select.cc:5080
|
#15 0x000055c9e00a9354 in handle_select (thd=thd@entry=0x1500dc000c68, lex=lex@entry=0x1500dc004c10, result=result@entry=0x1500dc011e38, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581
|
#16 0x000055c9e0024b25 in execute_sqlcom_select (thd=0x1500dc000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265
|
#17 0x000055c9e0033870 in mysql_execute_command (thd=0x1500dc000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
|
#18 0x000055c9e0035104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1500dc000c68) at /test/11.0_opt/sql/sql_parse.cc:8000
|
#19 mysql_parse (thd=0x1500dc000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922
|
#20 0x000055c9e00376e2 in dispatch_command (command=COM_QUERY, thd=0x1500dc000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
|
#21 0x000055c9e0038e80 in do_command (thd=0x1500dc000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
|
#22 0x000055c9e014eab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c9e2ab9028, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
|
#23 0x000055c9e014ed8d in handle_one_connection (arg=0x55c9e2ab9028) at /test/11.0_opt/sql/sql_connect.cc:1318
|
#24 0x00001501312cbb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#25 0x000015013135da00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Again, 10.9+ only. Both debug and optimized builds affected.
Another stack on optimized builds with this testcase:
SET @json='{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }'; |
SET sql_mode=0,character_set_connection=utf32; |
SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1'); |
|
11.0.1 b075191ba8598af6aff5549e6e19f6255aef258a (Optimized) |
Core was generated by `/test/MD090123-mariadb-11.0.1-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<",
|
s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29
|
29 *pwc= MY_UTF32_WC4(s[0], s[1], s[2], s[3]);
|
[Current thread is 1 (Thread 0x151a240ad640 (LWP 808313))]
|
(gdb) bt
|
#0 my_mb_wc_utf32_quick (e=0x564dd727c020 <my_charset_utf32_general_ci> "<", s=0x0, pwc=0x151a240aa700) at /test/11.0_opt/strings/ctype-utf32.h:29
|
#1 my_utf32_uni (cs=0x564dd727c020 <my_charset_utf32_general_ci>, pwc=0x151a240aa700, s=0x0, e=0x564dd727c020 <my_charset_utf32_general_ci> "<") at /test/11.0_opt/strings/ctype-ucs2.c:2181
|
#2 0x0000564dd6998226 in json_read_string_const_chr (js=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:359
|
#3 0x0000564dd69997ad in json_key_matches (je=0x151a240aa800, k=0x151a240aa6f0) at /test/11.0_opt/strings/json_lib.c:1408
|
#4 0x0000564dd69999a1 in json_find_path (je=0x151a240aa800, p=0x1519e80110e0, p_cur_step=0x1519e8011528, array_counters=0x151a240aa780) at /test/11.0_opt/strings/json_lib.c:1436
|
#5 0x0000564dd63a5588 in Json_path_extractor::extract (this=this@entry=0x1519e80110d8, str=str@entry=0x151a240aa9d0, item_js=<optimized out>, item_jp=<optimized out>, cs=<optimized out>) at /test/11.0_opt/sql/item_jsonfunc.cc:706
|
#6 0x0000564dd63b0f2d in Item_func_json_value::val_str (this=0x1519e8011030, to=0x151a240aa9d0) at /test/11.0_opt/sql/item_jsonfunc.h:194
|
#7 0x0000564dd63db5f8 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x1519e80011f0, buf=<optimized out>) at /test/11.0_opt/sql/sql_type.cc:7454
|
#8 0x0000564dd6161eba in Protocol::send_result_set_row (this=this@entry=0x1519e80011f0, row_items=row_items@entry=0x1519e8010ad8) at /test/11.0_opt/sql/protocol.cc:1332
|
#9 0x0000564dd61dea17 in select_send::send_data (this=0x1519e8011ed0, items=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}) at /test/11.0_opt/sql/sql_class.cc:3103
|
#10 0x0000564dd62af370 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5721
|
#11 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.0_opt/sql/sql_class.h:5711
|
#12 JOIN::exec_inner (this=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4688
|
#13 0x0000564dd62afb08 in JOIN::exec (this=this@entry=0x1519e8011ef8) at /test/11.0_opt/sql/sql_select.cc:4600
|
#14 0x0000564dd62adc11 in mysql_select (thd=0x1519e8000c68, tables=0x0, fields=@0x1519e8010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1519e8011570, last = 0x1519e8011570, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1519e8011ed0, unit=0x1519e8004ce8, select_lex=0x1519e8010838) at /test/11.0_opt/sql/sql_select.cc:5080
|
#15 0x0000564dd62ae354 in handle_select (thd=thd@entry=0x1519e8000c68, lex=lex@entry=0x1519e8004c10, result=result@entry=0x1519e8011ed0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.0_opt/sql/sql_select.cc:581
|
#16 0x0000564dd6229b25 in execute_sqlcom_select (thd=0x1519e8000c68, all_tables=0x0) at /test/11.0_opt/sql/sql_parse.cc:6265
|
#17 0x0000564dd6238870 in mysql_execute_command (thd=0x1519e8000c68, is_called_from_prepared_stmt=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:3949
|
#18 0x0000564dd623a104 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1519e8000c68) at /test/11.0_opt/sql/sql_parse.cc:8000
|
#19 mysql_parse (thd=0x1519e8000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:7922
|
#20 0x0000564dd623c6e2 in dispatch_command (command=COM_QUERY, thd=0x1519e8000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.0_opt/sql/sql_parse.cc:1991
|
#21 0x0000564dd623de80 in do_command (thd=0x1519e8000c68, blocking=blocking@entry=true) at /test/11.0_opt/sql/sql_parse.cc:1407
|
#22 0x0000564dd6353ab7 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x564dd7f6a0c8, put_in_cache=put_in_cache@entry=true) at /test/11.0_opt/sql/sql_connect.cc:1416
|
#23 0x0000564dd6353d8d in handle_one_connection (arg=0x564dd7f6a0c8) at /test/11.0_opt/sql/sql_connect.cc:1318
|
#24 0x0000151a3b39eb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#25 0x0000151a3b430a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Various other combinations likely exist, like my_mb_wc_tis620:
SET @json='{ "A": [ [{"k":"v"},[15]],true],"B": {"C": 1} }'; |
SET sql_mode=0,character_set_connection=utf32; |
SELECT JSON_VALUE(@json,'$.A[last-1][last-1].key1'); |
Patch:
https://github.com/MariaDB/server/tree/bb-10.9-MDEV-23187
https://github.com/MariaDB/server/tree/bb-10.3-MDEV-23187
Leads to:
10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)
mysqld: /test/10.9_dbg/strings/json_lib.c:1478: json_find_path: Assertion `0' failed.10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)
Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.Program terminated with signal SIGABRT, Aborted.#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50[Current thread is 1 (Thread 0x14e6d4f67700 (LWP 2031724))](gdb) bt#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50#1 0x000014e6ee6d4859 in __GI_abort () at abort.c:79#2 0x000014e6ee6d4729 in __assert_fail_base (fmt=0x14e6ee86a588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55b0d131109d "0", file=0x55b0d168abc0 "/test/10.9_dbg/strings/json_lib.c", line=1478, function=<optimized out>) at assert.c:92#3 0x000014e6ee6e6006 in __GI___assert_fail (assertion=assertion@entry=0x55b0d131109d "0", file=file@entry=0x55b0d168abc0 "/test/10.9_dbg/strings/json_lib.c", line=line@entry=1478, function=function@entry=0x55b0d1689b18 <__PRETTY_FUNCTION__.16624> "json_find_path") at assert.c:101#4 0x000055b0d1012713 in json_find_path (je=je@entry=0x14e6d4f64ef0, p=p@entry=0x14e670014350, p_cur_step=p_cur_step@entry=0x14e670014798, array_counters=array_counters@entry=0x14e6d4f64e70) at /test/10.9_dbg/strings/json_lib.c:1478#5 0x000055b0d0745368 in Json_path_extractor::extract (this=this@entry=0x14e670014348, str=str@entry=0x14e6d4f65060, item_js=<optimized out>, item_jp=0x14e670014208, cs=0x55b0d1a0d5c0 <my_charset_utf16le_general_ci>) at /test/10.9_dbg/sql/item_jsonfunc.cc:561#6 0x000055b0d0752ac5 in Item_func_json_value::val_str (this=0x14e6700142a0, to=0x14e6d4f65060) at /test/10.9_dbg/sql/item_jsonfunc.h:194#7 0x000055b0d092e24b in Item_str_func::val_real (this=0x14e6700142a0) at /test/10.9_dbg/sql/item_strfunc.cc:151#8 0x000055b0d08ef1a6 in Item_func_plus::real_op (this=0x14e670014868) at /test/10.9_dbg/sql/item_func.cc:1100#9 0x000055b0d0769876 in Item_func_hybrid_field_type::val_real_from_real_op (this=<optimized out>) at /test/10.9_dbg/sql/item_func.h:853#10 Type_handler_real_result::Item_func_hybrid_field_type_val_real (this=<optimized out>, item=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:5476#11 0x000055b0d08bb237 in Item_func_hybrid_field_type::val_real (this=0x14e670014868) at /test/10.9_dbg/sql/sql_type.h:7441#12 0x000055b0d0787745 in Type_handler::Item_send_double (this=<optimized out>, item=0x14e670014868, protocol=0x14e6700013a0, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.cc:7526#13 0x000055b0d0790577 in Type_handler_double::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.9_dbg/sql/sql_type.h:6040#14 0x000055b0d044ebb0 in Item::send (this=0x14e670014868, protocol=0x14e6700013a0, buffer=0x14e6d4f651c0) at /test/10.9_dbg/sql/item.h:1227#15 0x000055b0d04858eb in Protocol::send_result_set_row (this=this@entry=0x14e6700013a0, row_items=row_items@entry=0x14e670013f38) at /test/10.9_dbg/sql/protocol.cc:1328#16 0x000055b0d05128a3 in select_send::send_data (this=0x14e670015210, items=@0x14e670013f38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14e670014918, last = 0x14e670014918, elements = 1}, <No data fields>}) at /test/10.9_dbg/sql/sql_class.cc:3113#17 0x000055b0d0605ccb in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/10.9_dbg/sql/sql_class.h:5625#18 JOIN::exec_inner (this=this@entry=0x14e670015238) at /test/10.9_dbg/sql/sql_select.cc:4644#19 0x000055b0d0606d2e in JOIN::exec (this=this@entry=0x14e670015238) at /test/10.9_dbg/sql/sql_select.cc:4556#20 0x000055b0d0604ab2 in mysql_select (thd=thd@entry=0x14e670000db8, tables=0x0, fields=@0x14e670013f38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14e670014918, last = 0x14e670014918, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14e670015210, unit=0x14e670004fd8, select_lex=0x14e670013c98) at /test/10.9_dbg/sql/sql_select.cc:5036#21 0x000055b0d06052a8 in handle_select (thd=thd@entry=0x14e670000db8, lex=lex@entry=0x14e670004f00, result=result@entry=0x14e670015210, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.9_dbg/sql/sql_select.cc:570#22 0x000055b0d05716c8 in execute_sqlcom_select (thd=thd@entry=0x14e670000db8, all_tables=0x0) at /test/10.9_dbg/sql/sql_parse.cc:6271#23 0x000055b0d057d935 in mysql_execute_command (thd=thd@entry=0x14e670000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3961#24 0x000055b0d056b67b in mysql_parse (thd=thd@entry=0x14e670000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14e6d4f66470) at /test/10.9_dbg/sql/sql_parse.cc:8046#25 0x000055b0d0578f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14e670000db8, packet=packet@entry=0x14e67000b699 "", packet_length=packet_length@entry=35, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364#26 0x000055b0d057b686 in do_command (thd=0x14e670000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408#27 0x000055b0d06d8d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b0d2b4c9d8, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418#28 0x000055b0d06d920b in handle_one_connection (arg=0x55b0d2b4c9d8) at /test/10.9_dbg/sql/sql_connect.cc:1312#29 0x000014e6eebe5609 in start_thread (arg=<optimized out>) at pthread_create.c:477#30 0x000014e6ee7d1163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.8.3 (dbg), 10.9.0 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt), 10.9.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)