Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26054

Server crashes in Item_func_json_arrayagg::get_str_from_field

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 10.6
    • Fix Version/s: 10.6.3
    • Component/s: JSON, Views
    • Labels:
      None

      Description

      CREATE TABLE t (a VARCHAR(8));
      CREATE VIEW v AS SELECT * FROM t;
      INSERT INTO t VALUES ('foo'),('bar');
      SELECT JSON_ARRAYAGG(a) AS f FROM v;
       
      # Cleanup
      DROP VIEW v;
      DROP TABLE t;
      

      10.6 8711adb7863b

      #3  <signal handler called>
      #4  Item_field::type_handler (this=0x7f2f58015ae8) at /data/src/10.6-bug/sql/item.h:3598
      #5  0x0000559223ce74fa in append_json_value_from_field (str=0x7f2f58016098, i=0x7f2f58015ae8, f=0x7f2f58060cb0, key=0x7f2f58060d90 "\375\003foo", offset=1, tmp_val=0x7f2f69ebebf0) at /data/src/10.6-bug/sql/item_jsonfunc.cc:1503
      #6  0x0000559223cf07b0 in Item_func_json_arrayagg::get_str_from_field (this=0x7f2f58015c48, f=0x7f2f58060cb0, tmp=0x7f2f69ebebf0, key=0x7f2f58060d90 "\375\003foo", offset=1) at /data/src/10.6-bug/sql/item_jsonfunc.cc:3731
      #7  0x0000559223bc3f78 in dump_leaf_key (key_arg=0x7f2f58060d90, count=1, item_arg=0x7f2f58015c48) at /data/src/10.6-bug/sql/item_sum.cc:3847
      #8  0x0000559223bc561b in Item_func_group_concat::add (this=0x7f2f58015c48, exclude_nulls=false) at /data/src/10.6-bug/sql/item_sum.cc:4220
      #9  0x0000559223bc9d32 in Item_func_group_concat::add (this=0x7f2f58015c48) at /data/src/10.6-bug/sql/item_sum.h:2043
      #10 0x0000559223bc74e6 in Aggregator_simple::add (this=0x7f2f5805c500) at /data/src/10.6-bug/sql/item_sum.h:720
      #11 0x00005592237cd2ab in Item_sum::aggregator_add (this=0x7f2f58015c48) at /data/src/10.6-bug/sql/item_sum.h:564
      #12 0x00005592237cd182 in Item_sum::reset_and_add (this=0x7f2f58015c48) at /data/src/10.6-bug/sql/item_sum.h:445
      #13 0x00005592237beb4c in init_sum_functions (func_ptr=0x7f2f5801b470, end_ptr=0x7f2f5801b478) at /data/src/10.6-bug/sql/sql_select.cc:26123
      #14 0x00005592237b5059 in end_send_group (join=0x7f2f5801aa20, join_tab=0x7f2f5805bd00, end_of_records=false) at /data/src/10.6-bug/sql/sql_select.cc:22428
      #15 0x00005592237b1b0a in evaluate_join_record (join=0x7f2f5801aa20, join_tab=0x7f2f5805b950, error=0) at /data/src/10.6-bug/sql/sql_select.cc:21214
      #16 0x00005592237b13c1 in sub_select (join=0x7f2f5801aa20, join_tab=0x7f2f5805b950, end_of_records=false) at /data/src/10.6-bug/sql/sql_select.cc:20991
      #17 0x00005592237b08cc in do_select (join=0x7f2f5801aa20, procedure=0x0) at /data/src/10.6-bug/sql/sql_select.cc:20538
      #18 0x000055922378411f in JOIN::exec_inner (this=0x7f2f5801aa20) at /data/src/10.6-bug/sql/sql_select.cc:4726
      #19 0x0000559223783195 in JOIN::exec (this=0x7f2f5801aa20) at /data/src/10.6-bug/sql/sql_select.cc:4504
      #20 0x0000559223784acf in mysql_select (thd=0x7f2f58000db8, tables=0x7f2f58016120, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f2f5801a9f8, unit=0x7f2f58005130, select_lex=0x7f2f58015668) at /data/src/10.6-bug/sql/sql_select.cc:4982
      #21 0x0000559223773d7b in handle_select (thd=0x7f2f58000db8, lex=0x7f2f58005068, result=0x7f2f5801a9f8, setup_tables_done_option=0) at /data/src/10.6-bug/sql/sql_select.cc:544
      #22 0x0000559223734ad0 in execute_sqlcom_select (thd=0x7f2f58000db8, all_tables=0x7f2f58016120) at /data/src/10.6-bug/sql/sql_parse.cc:6254
      #23 0x000055922372bd67 in mysql_execute_command (thd=0x7f2f58000db8, is_called_from_prepared_stmt=false) at /data/src/10.6-bug/sql/sql_parse.cc:3949
      #24 0x000055922373991f in mysql_parse (thd=0x7f2f58000db8, rawbuf=0x7f2f580155c0 "SELECT JSON_ARRAYAGG(a) AS f FROM v", length=35, parser_state=0x7f2f69ec0480) at /data/src/10.6-bug/sql/sql_parse.cc:8028
      #25 0x0000559223725d59 in dispatch_command (command=COM_QUERY, thd=0x7f2f58000db8, packet=0x7f2f5800b879 "", packet_length=35, blocking=true) at /data/src/10.6-bug/sql/sql_parse.cc:1898
      #26 0x00005592237246f5 in do_command (thd=0x7f2f58000db8, blocking=true) at /data/src/10.6-bug/sql/sql_parse.cc:1406
      #27 0x00005592238e13cb in do_handle_one_connection (connect=0x559227d11c28, put_in_cache=true) at /data/src/10.6-bug/sql/sql_connect.cc:1410
      #28 0x00005592238e1127 in handle_one_connection (arg=0x559227d0ef88) at /data/src/10.6-bug/sql/sql_connect.cc:1312
      #29 0x0000559223e5131d in pfs_spawn_thread (arg=0x559227d11778) at /data/src/10.6-bug/storage/perfschema/pfs.cc:2201
      #30 0x00007f2f6fb7e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #31 0x00007f2f6f751293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      The failure appeared in 10.6 after this commit

      commit 8711adb7863b10fd868cc2b1c84c3416e715b539 (HEAD)
      Author: Sergei Golubchik
      Date:   Wed Jun 30 01:00:50 2021 +0200
       
          fix JSON_ARRAYAGG not to over-quote json in joins
      

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration