Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Description
SET character_set_connection= utf16le; |
SELECT JSON_ARRAY_APPEND('{"foo":["bar","baz"]}', '$','a','$[1].qux','b') AS f; |
|
10.2 3fe306c8 non-debug |
#3 <signal handler called>
|
#4 my_utf16le_uni (cs=0x56459e519f80 <my_charset_utf16le_general_ci>, pwc=0x7f172ddc8290, s=0x7173796d20202020 <error: Cannot access memory at address 0x7173796d20202020>, e=0x7a5f656d69742e6c <error: Cannot access memory at address 0x7a5f656d69742e6c>) at /data/src/10.2/strings/ctype-ucs2.c:1815
|
#5 0x000056459dea33f6 in json_read_string_const_chr (js=0x7f172ddc8280) at /data/src/10.2/strings/json_lib.c:344
|
#6 0x000056459dea45d9 in json_find_path (je=je@entry=0x7f172ddc83b0, p=p@entry=0x7f171c0106b8, p_cur_step=p_cur_step@entry=0x7f171c010b00, array_counters=array_counters@entry=0x7f172ddc8330) at /data/src/10.2/strings/json_lib.c:1325
|
#7 0x000056459da61432 in Item_func_json_array_append::val_str (this=0x7f171c00f9c8, str=0x7f171c00fa98) at /data/src/10.2/sql/item_jsonfunc.cc:1643
|
#8 0x000056459d8fc337 in Item::send (this=0x7f171c00f9c8, protocol=0x7f171c001178, buffer=0x7f172ddc8560) at /data/src/10.2/sql/item.cc:6898
|
#9 0x000056459d6aa0ac in Protocol::send_result_set_row (this=this@entry=0x7f171c001178, row_items=row_items@entry=0x7f171c004ee8) at /data/src/10.2/sql/protocol.cc:992
|
#10 0x000056459d70b05f in select_send::send_data (this=0x7f171c00fbd8, items=...) at /data/src/10.2/sql/sql_class.cc:2731
|
#11 0x000056459d79ceea in JOIN::exec_inner (this=this@entry=0x7f171c00fbf8) at /data/src/10.2/sql/sql_profile.h:312
|
#12 0x000056459d79cfe7 in JOIN::exec (this=this@entry=0x7f171c00fbf8) at /data/src/10.2/sql/sql_select.cc:3436
|
#13 0x000056459d79d12a in mysql_select (thd=0x7f171c000c48, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f171c00fbd8, unit=0x7f171c004680, select_lex=0x7f171c004dc0) at /data/src/10.2/sql/sql_select.cc:3836
|
#14 0x000056459d79dab7 in handle_select (thd=thd@entry=0x7f171c000c48, lex=lex@entry=0x7f171c0045c0, result=result@entry=0x7f171c00fbd8, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.2/sql/sql_select.cc:361
|
#15 0x000056459d7331a1 in execute_sqlcom_select (thd=0x7f171c000c48, all_tables=0x0) at /data/src/10.2/sql/sql_parse.cc:6249
|
#16 0x000056459d7407f2 in mysql_execute_command (thd=0x7f171c000c48) at /data/src/10.2/sql/sql_parse.cc:3558
|
#17 0x000056459d74374b in mysql_parse (thd=thd@entry=0x7f171c000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f172ddca5b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:7761
|
#18 0x000056459d7469dd in dispatch_command (command=COM_QUERY, thd=0x7f171c000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.2/sql/sql_class.h:1095
|
#19 0x000056459d747b67 in do_command (thd=0x7f171c000c48) at /data/src/10.2/sql/sql_parse.cc:1381
|
#20 0x000056459d8202e6 in do_handle_one_connection (connect=connect@entry=0x5645a02d9ee8) at /data/src/10.2/sql/sql_connect.cc:1336
|
#21 0x000056459d82045f in handle_one_connection (arg=arg@entry=0x5645a02d9ee8) at /data/src/10.2/sql/sql_connect.cc:1241
|
#22 0x000056459ddbba16 in pfs_spawn_thread (arg=0x5645a02960f8) at /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#23 0x00007f1734182609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#24 0x00007f1733d77293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
10.2 3fe306c8 debug |
mysqld: /data/src/10.2/strings/json_lib.c:1321: json_find_path: Assertion `cur_step->type & JSON_PATH_KEY' failed.
|
201104 1:02:42 [ERROR] mysqld got signal 6 ;
|
|
|
#7 0x00007fb5e2508f36 in __GI___assert_fail (assertion=0x561d09cd46e8 "cur_step->type & JSON_PATH_KEY", file=0x561d09cd46a8 "/data/src/10.2/strings/json_lib.c", line=1321, function=0x561d09cd47b0 <__PRETTY_FUNCTION__.12063> "json_find_path") at assert.c:101
|
#8 0x0000561d098b4742 in json_find_path (je=0x7fb5dc660db0, p=0x7fb5cc013a60, p_cur_step=0x7fb5cc013ea8, array_counters=0x7fb5dc660d30) at /data/src/10.2/strings/json_lib.c:1321
|
#9 0x0000561d092d7f8e in Item_func_json_array_append::val_str (this=0x7fb5cc012d70, str=0x7fb5cc012e40) at /data/src/10.2/sql/item_jsonfunc.cc:1643
|
#10 0x0000561d091235b3 in Item::send (this=0x7fb5cc012d70, protocol=0x7fb5cc001348, buffer=0x7fb5dc660fa0) at /data/src/10.2/sql/item.cc:6898
|
#11 0x0000561d08d99fc5 in Protocol::send_result_set_row (this=0x7fb5cc001348, row_items=0x7fb5cc0051f0) at /data/src/10.2/sql/protocol.cc:992
|
#12 0x0000561d08e3119e in select_send::send_data (this=0x7fb5cc012f80, items=...) at /data/src/10.2/sql/sql_class.cc:2731
|
#13 0x0000561d08ec2b4d in JOIN::exec_inner (this=0x7fb5cc012fa0) at /data/src/10.2/sql/sql_select.cc:3517
|
#14 0x0000561d08ec25ba in JOIN::exec (this=0x7fb5cc012fa0) at /data/src/10.2/sql/sql_select.cc:3436
|
#15 0x0000561d08ec377c in mysql_select (thd=0x7fb5cc000d90, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fb5cc012f80, unit=0x7fb5cc004988, select_lex=0x7fb5cc0050c8) at /data/src/10.2/sql/sql_select.cc:3836
|
#16 0x0000561d08eb78f6 in handle_select (thd=0x7fb5cc000d90, lex=0x7fb5cc0048c8, result=0x7fb5cc012f80, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
|
#17 0x0000561d08e82299 in execute_sqlcom_select (thd=0x7fb5cc000d90, all_tables=0x0) at /data/src/10.2/sql/sql_parse.cc:6249
|
#18 0x0000561d08e78be8 in mysql_execute_command (thd=0x7fb5cc000d90) at /data/src/10.2/sql/sql_parse.cc:3558
|
#19 0x0000561d08e86027 in mysql_parse (thd=0x7fb5cc000d90, rawbuf=0x7fb5cc0126f8 "SELECT JSON_ARRAY_APPEND('{\"foo\":[\"bar\",\"baz\"]}', '$','a','$[1].qux','b') AS f", length=78, parser_state=0x7fb5dc6625f0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7761
|
#20 0x0000561d08e742bc in dispatch_command (command=COM_QUERY, thd=0x7fb5cc000d90, packet=0x7fb5cc008b51 "", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1827
|
#21 0x0000561d08e72db7 in do_command (thd=0x7fb5cc000d90) at /data/src/10.2/sql/sql_parse.cc:1381
|
#22 0x0000561d08fcd057 in do_handle_one_connection (connect=0x561d0b951980) at /data/src/10.2/sql/sql_connect.cc:1336
|
#23 0x0000561d08fccdbc in handle_one_connection (arg=0x561d0b951980) at /data/src/10.2/sql/sql_connect.cc:1241
|
#24 0x0000561d097f4ee2 in pfs_spawn_thread (arg=0x561d0b934d40) at /data/src/10.2/storage/perfschema/pfs.cc:1869
|
#25 0x00007fb5e2a18609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#26 0x00007fb5e25f4293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Reproducible on 10.2-10.5, debug and non-debug as described above.
The failure appeared in 10.2 branch after this commit:
commit 5a9df1550f256b7be7aaffbf4cbce13d0ca22566
|
Author: Vicențiu Ciorbaru
|
Date: Mon Oct 12 13:38:59 2020 +0300
|
|
|
MDEV-23941: strings/json_lib.c:893:12: style: Suspicious condition
|
Please also note that before the change which causes the crash, the server was returning NULL with a warning:
SET character_set_connection= utf16le; |
SELECT JSON_ARRAY_APPEND('{"foo":["bar","baz"]}', '$','a','$[1].qux','b') AS f; |
f
|
NULL
|
Warnings:
|
Warning 4038 Syntax error in JSON text in argument 1 to function 'json_array_append' at position 15 |
I am not sure whether it is expected. MySQL 8.0 returns a result:
MySQL [(none)]> SELECT JSON_ARRAY_APPEND('{"foo":["bar","baz"]}', '$','a','$[1].qux','b') AS f; |
+--------------------------------+ |
| f |
|
+--------------------------------+ |
| [{"foo": ["bar", "baz"]}, "a"] | |
+--------------------------------+ |
1 row in set (0.000 sec) |
Besides, the documentation says that if the JSON doc is invalid, an error should be returned.
Attachments
Issue Links
- relates to
-
-
- Confirmed
-