{noformat:title=11.0 3ef111610b7f8a6a323975cfdf4a4257feb9dcd9}
CURRENT_TEST: main.func_json
mysqltest: At line 2480: query 'INSERT INTO num_table values('15')' failed: <Unknown> (2013): Lost connection to server during query
…
==44786==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x564a01b5fdef in json_normalize_number /mariadb/11/strings/json_normalize.c:155:22
#1 0x564a01b634b8 in json_norm_value_number_init /mariadb/11/strings/json_normalize.c:517:8
#2 0x564a01b634b8 in json_norm_value_init /mariadb/11/strings/json_normalize.c:586:10
#3 0x564a01b605ef in json_norm_build /mariadb/11/strings/json_normalize.c:771:8
#4 0x564a01b605ef in json_normalize /mariadb/11/strings/json_normalize.c:835:8
#5 0x564a000021ab in json_get_normalized_string(st_json_engine_t*, String*, int*) /mariadb/11/sql/json_schema_helper.cc:85:9
#6 0x5649fffe1a78 in Json_schema_const::validate(st_json_engine_t const*, unsigned char const*, unsigned char const*) /mariadb/11/sql/json_schema.cc:447:7
#7 0x5649fffb8bfc in Item_func_json_schema_valid::val_int() /mariadb/11/sql/item_jsonfunc.cc:4757:25
#8 0x5649ffc185b7 in TABLE::verify_constraints(bool) /mariadb/11/sql/table.cc:6447:26
#9 0x5649ffc18053 in TABLE_LIST::view_check_option(THD*, bool) /mariadb/11/sql/table.cc:6420:17
#10 0x5649ff57af73 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /mariadb/11/sql/sql_insert.cc:1130:29
#11 0x5649ff6c4e90 in mysql_execute_command(THD*, bool) /mariadb/11/sql/sql_parse.cc:4449:10
#12 0x5649ff69dd01 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/11/sql/sql_parse.cc:7760:18
#13 0x5649ff694454 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/11/sql/sql_parse.cc:1892:7
#14 0x5649ff69f4ca in do_command(THD*, bool) /mariadb/11/sql/sql_parse.cc:1405:17
#15 0x5649ffd662cc in do_handle_one_connection(CONNECT*, bool) /mariadb/11/sql/sql_connect.cc:1416:11
#16 0x5649ffd658a7 in handle_one_connection /mariadb/11/sql/sql_connect.cc:1318:5
#17 0x564a00625167 in pfs_spawn_thread /mariadb/11/storage/perfschema/pfs.cc:2201:3
#18 0x7f5d1dc10fd3 in start_thread nptl/pthread_create.c:442:8
#19 0x7f5d1dc9081f in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Memory was marked as uninitialized
#0 0x5649fe71c90d in __msan_allocated_memory (/dev/shm/11/sql/mariadbd+0x10dc90d) (BuildId: 1237e4b564f291c6)
#1 0x564a019118da in my_malloc /mariadb/11/mysys/my_malloc.c:114:7
{noformat}
There are two buffer overflows in the function, on the 2-octet input {{15}}. The following patch fixes it:
{code:diff}
diff --git a/strings/json_normalize.c b/strings/json_normalize.c
index 0b7f172dae6..2c66c712e81 100644
--- a/strings/json_normalize.c
+++ b/strings/json_normalize.c
@@ -147,13 +147,16 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
magnitude = (long)(j - 1);
- /* skip the . */
- if (str[i] == '.')
- ++i;
+ if (i < str_len)
+ {
+ /* skip the . */
+ if (str[i] == '.')
+ ++i;
- /* grab rest of digits before the E */
- for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
- buf[j++] = str[i];
+ /* grab rest of digits before the E */
+ for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
+ buf[j++] = str[i];
+ }
/* trim trailing zeros */
for (k = j - 1; k && buf[k] == '0'; --k, --j)
@@ -187,7 +190,7 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
#13 0x55a9601e53cd in mysql_execute_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:4568:10
#14 0x55a9601bd0f1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.8/sql/sql_parse.cc:8034:18
#15 0x55a9601b3876 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.8/sql/sql_parse.cc:1894:7
#16 0x55a9601be809 in do_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:1407:17
#17 0x55a96087401c in do_handle_one_connection(CONNECT*, bool) /mariadb/10.8/sql/sql_connect.cc:1416:11
#18 0x55a9608735f7 in handle_one_connection /mariadb/10.8/sql/sql_connect.cc:1318:5
#19 0x55a9610f3f47 in pfs_spawn_thread /mariadb/10.8/storage/perfschema/pfs.cc:2201:3
#20 0x7fb5bbca7fd3 in start_thread nptl/pthread_create.c:442:8
#21 0x7fb5bbd2781f in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Memory was marked as uninitialized
#0 0x55a95f20cb7d in __msan_allocated_memory (/dev/shm/10.8msan/sql/mariadbd+0x1006b7d) (BuildId: 147dce102f777951)
#1 0x55a96244443a in my_malloc /mariadb/10.8/mysys/my_malloc.c:114:7
The above patch fixes it. The code has not been changed since the time Eric_Herman added JSON_NORMALIZE to MariaDB Server 10.7 (which reached EOL already).
Marko Mäkelä
added a comment - rucha174 provided a test that reproduces this on earlier releases:
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test
index 9f6c51cbc27..1f61f9abd13 100644
--- a/mysql-test/main/func_json.test
+++ b/mysql-test/main/func_json.test
@@ -1112,3 +1112,16 @@ DROP TABLE t;
--echo #
--echo # End of 10.6 tests
--echo #
+
+--echo #
+--echo # MDEV-31147 json_normalize does not work correctly with MSAN build
+--echo #
+CREATE TABLE t1 (val JSON);
+ALTER TABLE t1 ADD COLUMN normalized_json JSON AS (JSON_NORMALIZE(val));
+INSERT INTO t1 (val) VALUES ('15');
+SELECT * FROM t1;
+DROP TABLE t1;
+
+--echo #
+--echo # End of 10.8 tests
+--echo #
10.8 5028b7c7c8beb428d9f36f1da1a1300ec2de9d7b
CURRENT_TEST: main.func_json
mysqltest: At line 1121: query 'INSERT INTO t1 (val) VALUES ('15')' failed: <Unknown> (2013): Lost connection to server during query
…
==66762==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a96268ddaf in json_normalize_number /mariadb/10.8/strings/json_normalize.c:155:22
#1 0x55a962691478 in json_norm_value_number_init /mariadb/10.8/strings/json_normalize.c:517:8
#2 0x55a962691478 in json_norm_value_init /mariadb/10.8/strings/json_normalize.c:586:10
#3 0x55a96268e5af in json_norm_build /mariadb/10.8/strings/json_normalize.c:771:8
#4 0x55a96268e5af in json_normalize /mariadb/10.8/strings/json_normalize.c:835:8
#5 0x55a960ab67a4 in Item_func_json_normalize::val_str(String*) /mariadb/10.8/sql/item_jsonfunc.cc:4183:7
#6 0x55a95f5dc41c in Item::save_str_in_field(Field*, bool) /mariadb/10.8/sql/item.cc:6796:10
#7 0x55a960b7397c in Type_handler_string_result::Item_save_in_field(Item*, Field*, bool) const /mariadb/10.8/sql/sql_type.cc:4332:16
#8 0x55a95f5dd5c4 in Item::save_in_field(Field*, bool) /mariadb/10.8/sql/item.cc:6844:30
#9 0x55a960744268 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /mariadb/10.8/sql/table.cc:8854:24
#10 0x55a95fdf8754 in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /mariadb/10.8/sql/sql_base.cc:8718:18
#11 0x55a95fdf9516 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type) /mariadb/10.8/sql/sql_base.cc:8846:11
#12 0x55a96009b823 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /mariadb/10.8/sql/sql_insert.cc:1044:13
#13 0x55a9601e53cd in mysql_execute_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:4568:10
#14 0x55a9601bd0f1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.8/sql/sql_parse.cc:8034:18
#15 0x55a9601b3876 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.8/sql/sql_parse.cc:1894:7
#16 0x55a9601be809 in do_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:1407:17
#17 0x55a96087401c in do_handle_one_connection(CONNECT*, bool) /mariadb/10.8/sql/sql_connect.cc:1416:11
#18 0x55a9608735f7 in handle_one_connection /mariadb/10.8/sql/sql_connect.cc:1318:5
#19 0x55a9610f3f47 in pfs_spawn_thread /mariadb/10.8/storage/perfschema/pfs.cc:2201:3
#20 0x7fb5bbca7fd3 in start_thread nptl/pthread_create.c:442:8
#21 0x7fb5bbd2781f in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Memory was marked as uninitialized
#0 0x55a95f20cb7d in __msan_allocated_memory (/dev/shm/10.8msan/sql/mariadbd+0x1006b7d) (BuildId: 147dce102f777951)
#1 0x55a96244443a in my_malloc /mariadb/10.8/mysys/my_malloc.c:114:7
The above patch fixes it. The code has not been changed since the time Eric_Herman added JSON_NORMALIZE to MariaDB Server 10.7 (which reached EOL already).
I notice that the first "if (i < str_len)" is broader than it needs to be, as the for loop which follows also contains that check; thus some indentation could be saved in that case, but it's probably not worth changing.
Eric Herman
added a comment - Thanks for finding and fixing that!
I notice that the first "if (i < str_len)" is broader than it needs to be, as the for loop which follows also contains that check; thus some indentation could be saved in that case, but it's probably not worth changing.
People
Marko Mäkelä
Rucha Deodhar
Votes:
0Vote for this issue
Watchers:
3Start watching this issue
Dates
Created:
Updated:
Resolved:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":1242.699999988079,"ttfb":413.5,"pageVisibility":"visible","entityId":121443,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":0.5,"journeyId":"8af706e4-41f1-481f-88a5-5a7e30350e58","navigationType":0,"readyForUser":1327.8999999761581,"redirectCount":0,"resourceLoadedEnd":1531.699999988079,"resourceLoadedStart":419.39999997615814,"resourceTiming":[{"duration":293.60000002384186,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bu7/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":419.39999997615814,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":419.39999997615814,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":713,"responseStart":0,"secureConnectionStart":0},{"duration":293.69999998807907,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bu7/820016/12ta74/8679b4946efa1a0bb029a3a22206fb5d/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":419.69999998807907,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":419.69999998807907,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":713.3999999761581,"responseStart":0,"secureConnectionStart":0},{"duration":343,"initiatorType":"script","name":"https://jira.mariadb.org/s/fbf975c0cce4b1abf04784eeae9ba1f4-CDN/lu2bu7/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":419.89999997615814,"connectEnd":419.89999997615814,"connectStart":419.89999997615814,"domainLookupEnd":419.89999997615814,"domainLookupStart":419.89999997615814,"fetchStart":419.89999997615814,"redirectEnd":0,"redirectStart":0,"requestStart":419.89999997615814,"responseEnd":762.8999999761581,"responseStart":762.8999999761581,"secureConnectionStart":419.89999997615814},{"duration":403.89999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/s/099b33461394b8015fc36c0a4b96e19f-CDN/lu2bu7/820016/12ta74/8679b4946efa1a0bb029a3a22206fb5d/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":420.10000002384186,"connectEnd":420.10000002384186,"connectStart":420.10000002384186,"domainLookupEnd":420.10000002384186,"domainLookupStart":420.10000002384186,"fetchStart":420.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":420.10000002384186,"responseEnd":824,"responseStart":824,"secureConnectionStart":420.10000002384186},{"duration":407.19999998807907,"initiatorType":"script","name":"https://jira.mariadb.org/s/94c15bff32baef80f4096a08aceae8bc-CDN/lu2bu7/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":420.30000001192093,"connectEnd":420.30000001192093,"connectStart":420.30000001192093,"domainLookupEnd":420.30000001192093,"domainLookupStart":420.30000001192093,"fetchStart":420.30000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":420.30000001192093,"responseEnd":827.5,"responseStart":827.5,"secureConnectionStart":420.30000001192093},{"duration":407.39999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":420.60000002384186,"connectEnd":420.60000002384186,"connectStart":420.60000002384186,"domainLookupEnd":420.60000002384186,"domainLookupStart":420.60000002384186,"fetchStart":420.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":420.60000002384186,"responseEnd":828,"responseStart":828,"secureConnectionStart":420.60000002384186},{"duration":407.5999999642372,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":420.80000001192093,"connectEnd":420.80000001192093,"connectStart":420.80000001192093,"domainLookupEnd":420.80000001192093,"domainLookupStart":420.80000001192093,"fetchStart":420.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":420.80000001192093,"responseEnd":828.3999999761581,"responseStart":828.3999999761581,"secureConnectionStart":420.80000001192093},{"duration":484.30000001192093,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bu7/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":421,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":421,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":905.3000000119209,"responseStart":0,"secureConnectionStart":0},{"duration":407.4000000357628,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":421.39999997615814,"connectEnd":421.39999997615814,"connectStart":421.39999997615814,"domainLookupEnd":421.39999997615814,"domainLookupStart":421.39999997615814,"fetchStart":421.39999997615814,"redirectEnd":0,"redirectStart":0,"requestStart":421.39999997615814,"responseEnd":828.8000000119209,"responseStart":828.8000000119209,"secureConnectionStart":421.39999997615814},{"duration":483.89999997615814,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bu7/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":421.60000002384186,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":421.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":905.5,"responseStart":0,"secureConnectionStart":0},{"duration":407.5999999642372,"initiatorType":"script","name":"https://jira.mariadb.org/s/3339d87fa2538a859872f2df449bf8d0-CDN/lu2bu7/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":421.80000001192093,"connectEnd":421.80000001192093,"connectStart":421.80000001192093,"domainLookupEnd":421.80000001192093,"domainLookupStart":421.80000001192093,"fetchStart":421.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":421.80000001192093,"responseEnd":829.3999999761581,"responseStart":829.3999999761581,"secureConnectionStart":421.80000001192093},{"duration":665.1999999880791,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":422.60000002384186,"connectEnd":422.60000002384186,"connectStart":422.60000002384186,"domainLookupEnd":422.60000002384186,"domainLookupStart":422.60000002384186,"fetchStart":422.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":422.60000002384186,"responseEnd":1087.800000011921,"responseStart":1087.800000011921,"secureConnectionStart":422.60000002384186},{"duration":1075.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":428.80000001192093,"connectEnd":428.80000001192093,"connectStart":428.80000001192093,"domainLookupEnd":428.80000001192093,"domainLookupStart":428.80000001192093,"fetchStart":428.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":428.80000001192093,"responseEnd":1504.300000011921,"responseStart":1504.300000011921,"secureConnectionStart":428.80000001192093},{"duration":170.80000001192093,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":917.3000000119209,"connectEnd":917.3000000119209,"connectStart":917.3000000119209,"domainLookupEnd":917.3000000119209,"domainLookupStart":917.3000000119209,"fetchStart":917.3000000119209,"redirectEnd":0,"redirectStart":0,"requestStart":917.3000000119209,"responseEnd":1088.1000000238419,"responseStart":1088.1000000238419,"secureConnectionStart":917.3000000119209},{"duration":331.39999997615814,"initiatorType":"link","name":"https://jira.mariadb.org/s/d5715adaadd168a9002b108b2b039b50-CDN/lu2bu7/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/css/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":1179.800000011921,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":1179.800000011921,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":1511.199999988079,"responseStart":0,"secureConnectionStart":0},{"duration":346.4000000357628,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/e65b778d185daf5aee24936755b43da6/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-project.issue.navigator,-jira.view.issue,-atl.general/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":1180.8999999761581,"connectEnd":1180.8999999761581,"connectStart":1180.8999999761581,"domainLookupEnd":1180.8999999761581,"domainLookupStart":1180.8999999761581,"fetchStart":1180.8999999761581,"redirectEnd":0,"redirectStart":0,"requestStart":1180.8999999761581,"responseEnd":1527.300000011921,"responseStart":1527.300000011921,"secureConnectionStart":1180.8999999761581},{"duration":350.39999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/s/f51ef5507eea4c158f257c66c93b2a3f-CDN/lu2bu7/820016/12ta74/be4b45e9cec53099498fa61c8b7acba4/_/download/contextbatch/js/jira.project.sidebar,-_super,-project.issue.navigator,-jira.general,-jira.browse.project,-jira.view.issue,-jira.global,-atl.general,-com.atlassian.jira.projects.sidebar.init/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":1181.300000011921,"connectEnd":1181.300000011921,"connectStart":1181.300000011921,"domainLookupEnd":1181.300000011921,"domainLookupStart":1181.300000011921,"fetchStart":1181.300000011921,"redirectEnd":0,"redirectStart":0,"requestStart":1181.300000011921,"responseEnd":1531.699999988079,"responseStart":1531.699999988079,"secureConnectionStart":1181.300000011921}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":215,"responseStart":413,"responseEnd":420,"domLoading":417,"domInteractive":1551,"domContentLoadedEventStart":1551,"domContentLoadedEventEnd":1603,"domComplete":1918,"loadEventStart":1918,"loadEventEnd":1919,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":1512.1000000238419},{"name":"bigPipe.sidebar-id.end","time":1512.8999999761581},{"name":"bigPipe.activity-panel-pipe-id.start","time":1513.1000000238419},{"name":"bigPipe.activity-panel-pipe-id.end","time":1518.6000000238419},{"name":"activityTabFullyLoaded","time":1619.5}],"measures":[],"correlationId":"6bf5fb4653172d","effectiveType":"4g","downlink":10,"rtt":0,"serverDuration":130,"dbReadsTimeInMs":14,"dbConnsTimeInMs":21,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Major
rucha174 provided a test that reproduces this on earlier releases:
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.testindex 9f6c51cbc27..1f61f9abd13 100644--- a/mysql-test/main/func_json.test+++ b/mysql-test/main/func_json.test@@ -1112,3 +1112,16 @@ DROP TABLE t;--echo #--echo # End of 10.6 tests--echo #++--echo #+--echo # MDEV-31147 json_normalize does not work correctly with MSAN build+--echo #+CREATE TABLE t1 (val JSON);+ALTER TABLE t1 ADD COLUMN normalized_json JSON AS (JSON_NORMALIZE(val));+INSERT INTO t1 (val) VALUES ('15');+SELECT * FROM t1;+DROP TABLE t1;++--echo #+--echo # End of 10.8 tests10.8 5028b7c7c8beb428d9f36f1da1a1300ec2de9d7b
CURRENT_TEST: main.func_jsonmysqltest: At line 1121: query 'INSERT INTO t1 (val) VALUES ('15')' failed: <Unknown> (2013): Lost connection to server during query…==66762==WARNING: MemorySanitizer: use-of-uninitialized-value#0 0x55a96268ddaf in json_normalize_number /mariadb/10.8/strings/json_normalize.c:155:22#1 0x55a962691478 in json_norm_value_number_init /mariadb/10.8/strings/json_normalize.c:517:8#2 0x55a962691478 in json_norm_value_init /mariadb/10.8/strings/json_normalize.c:586:10#3 0x55a96268e5af in json_norm_build /mariadb/10.8/strings/json_normalize.c:771:8#4 0x55a96268e5af in json_normalize /mariadb/10.8/strings/json_normalize.c:835:8#5 0x55a960ab67a4 in Item_func_json_normalize::val_str(String*) /mariadb/10.8/sql/item_jsonfunc.cc:4183:7#6 0x55a95f5dc41c in Item::save_str_in_field(Field*, bool) /mariadb/10.8/sql/item.cc:6796:10#7 0x55a960b7397c in Type_handler_string_result::Item_save_in_field(Item*, Field*, bool) const /mariadb/10.8/sql/sql_type.cc:4332:16#8 0x55a95f5dd5c4 in Item::save_in_field(Field*, bool) /mariadb/10.8/sql/item.cc:6844:30#9 0x55a960744268 in TABLE::update_virtual_fields(handler*, enum_vcol_update_mode) /mariadb/10.8/sql/table.cc:8854:24#10 0x55a95fdf8754 in fill_record(THD*, TABLE*, List<Item>&, List<Item>&, bool, bool) /mariadb/10.8/sql/sql_base.cc:8718:18#11 0x55a95fdf9516 in fill_record_n_invoke_before_triggers(THD*, TABLE*, List<Item>&, List<Item>&, bool, trg_event_type) /mariadb/10.8/sql/sql_base.cc:8846:11#12 0x55a96009b823 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /mariadb/10.8/sql/sql_insert.cc:1044:13#13 0x55a9601e53cd in mysql_execute_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:4568:10#14 0x55a9601bd0f1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mariadb/10.8/sql/sql_parse.cc:8034:18#15 0x55a9601b3876 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /mariadb/10.8/sql/sql_parse.cc:1894:7#16 0x55a9601be809 in do_command(THD*, bool) /mariadb/10.8/sql/sql_parse.cc:1407:17#17 0x55a96087401c in do_handle_one_connection(CONNECT*, bool) /mariadb/10.8/sql/sql_connect.cc:1416:11#18 0x55a9608735f7 in handle_one_connection /mariadb/10.8/sql/sql_connect.cc:1318:5#19 0x55a9610f3f47 in pfs_spawn_thread /mariadb/10.8/storage/perfschema/pfs.cc:2201:3#20 0x7fb5bbca7fd3 in start_thread nptl/pthread_create.c:442:8#21 0x7fb5bbd2781f in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100Memory was marked as uninitialized#0 0x55a95f20cb7d in __msan_allocated_memory (/dev/shm/10.8msan/sql/mariadbd+0x1006b7d) (BuildId: 147dce102f777951)#1 0x55a96244443a in my_malloc /mariadb/10.8/mysys/my_malloc.c:114:7The above patch fixes it. The code has not been changed since the time Eric_Herman added JSON_NORMALIZE to MariaDB Server 10.7 (which reached EOL already).