[MDEV-37806] SIGFPE in Json_schema_multiple_of::validate|Item_func_json_schema_valid::val_bool - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.8, 12.1, 12.2
Fix Version/s: 11.8, 12.1
Component/s: JSON, Stored routines
Labels:
None

Description

DELIMITER //;

CREATE PROCEDURE p0 (a JSON DEFAULT JSON_SCHEMA_VALID (@schema,0)) BEGIN SELECT a;END; //

DELIMITER ;//

SET @schema='{ "multipleOf":0}';

CALL p0();

Leads to:

CS 12.2.0 b8a77289639a3b10ada64cf892f02b5cecdb1603 (Debug, Clang 18.1.3-11) Build 29/09/2025
Core was generated by `/test/MD290925-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGFPE, Arithmetic exception.
#0 0x000058ade0568a16 in Json_schema_multiple_of::validate (this=0x79597004faf0, je=0x795970025600, current_mem_root=0x79709c2386f0, k_start=0x0, k_end=0x0) at /test/12.2_dbg/sql/json_schema.cc:842

[Current thread is 1 (LWP 3469657)]
(gdb) bt
#0 0x000058ade0568a16 in Json_schema_multiple_of::validate (this=0x79597004faf0, je=0x795970025600, current_mem_root=0x79709c2386f0, k_start=0x0, k_end=0x0) at /test/12.2_dbg/sql/json_schema.cc:842
#1 0x000058ade05573aa in Item_func_json_schema_valid::val_bool (this=0x795970025408) at /test/12.2_dbg/sql/item_jsonfunc.cc:5433
#2 0x000058ade074d068 in Item::save_bool_in_field (this=0x795970025408, field=0x79597001be28, no_conversions=false)at /test/12.2_dbg/sql/item.cc:7277
#3 0x000058ade05b4c50 in Type_handler_bool::Item_save_in_field (this=0x58ade1f92260 <type_handler_bool>, item=0x795970025408, field=0x79597001be28, no_conversions=false)at /test/12.2_dbg/sql/sql_type.cc:4455
#4 0x000058ade074d115 in Item::save_in_field (this=0x795970025408, field=0x79597001be28, no_conversions=false)at /test/12.2_dbg/sql/item.cc:7287
#5 0x000058ade06cf23f in Field::sp_prepare_and_store_item (this=0x79597001be28, thd=0x795970000d58, value=0x795970025750)at /test/12.2_dbg/sql/field.cc:1527
#6 0x000058ade01af1c8 in THD::sp_eval_expr (this=0x795970000d58, result_field=0x79597001be28, expr_item_ptr=0x795970025750)at /test/12.2_dbg/sql/sp_head.cc:448
#7 0x000058ade01c888e in sp_rcontext::set_variable (this=0x79597001b240, thd=0x795970000d58, idx=0, value=0x795970025750)at /test/12.2_dbg/sql/sp_rcontext.cc:682
#8 0x000058ade0598a22 in sp_instr_set::exec_core (this=0x7959700256b8, thd=0x795970000d58, nextp=0x79709c238748)at /test/12.2_dbg/sql/sp_instr.cc:1301
#9 0x000058ade0595d76 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7959700256f8, thd=0x795970000d58, nextp=0x79709c238748, open_tables=true, instr=0x7959700256b8, rerun_the_same_instr=false)at /test/12.2_dbg/sql/sp_instr.cc:418
#10 0x000058ade05964fc in sp_lex_keeper::validate_lex_and_exec_core (this=0x7959700256f8, thd=0x795970000d58, nextp=0x79709c238748, open_tables=true, instr=0x7959700256b8)at /test/12.2_dbg/sql/sp_instr.cc:597
#11 0x000058ade0598c21 in sp_instr_set_default_param::execute (this=0x7959700256b8, thd=0x795970000d58, nextp=0x79709c238748)at /test/12.2_dbg/sql/sp_instr.cc:1346
#12 0x000058ade01b1fac in sp_head::execute (this=0x795970024358, thd=0x795970000d58, merge_da_on_success=true)at /test/12.2_dbg/sql/sp_head.cc:1294
#13 0x000058ade01b493e in sp_head::execute_procedure (this=0x795970024358, thd=0x795970000d58, args=0x7959700060f8)at /test/12.2_dbg/sql/sp_head.cc:2328
#14 0x000058ade02d7507 in do_execute_sp (thd=0x795970000d58, sp=0x795970024358)at /test/12.2_dbg/sql/sql_parse.cc:3056
#15 0x000058ade02d7034 in Sql_cmd_call::execute (this=0x795970019f28, thd=0x795970000d58) at /test/12.2_dbg/sql/sql_parse.cc:3279
#16 0x000058ade02e33ad in mysql_execute_command (thd=0x795970000d58, is_called_from_prepared_stmt=false) at /test/12.2_dbg/sql/sql_parse.cc:5857
#17 0x000058ade02d2704 in mysql_parse (thd=0x795970000d58, rawbuf=0x795970019e80 "CALL p0()", length=9, parser_state=0x79709c23aa10)at /test/12.2_dbg/sql/sql_parse.cc:7883
#18 0x000058ade02cfad8 in dispatch_command (command=COM_QUERY, thd=0x795970000d58, packet=0x79597000b1f9 "CALL p0()", packet_length=9, blocking=true) at /test/12.2_dbg/sql/sql_parse.cc:1878
#19 0x000058ade02d32b3 in do_command (thd=0x795970000d58, blocking=true)at /test/12.2_dbg/sql/sql_parse.cc:1417
#20 0x000058ade04c0539 in do_handle_one_connection (connect=0x58ae051219c8, put_in_cache=true) at /test/12.2_dbg/sql/sql_connect.cc:1414
#21 0x000058ade04c02de in handle_one_connection (arg=0x58ae0504d3a8)at /test/12.2_dbg/sql/sql_connect.cc:1326
#22 0x000079748529caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#23 0x0000797485329c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 061025 d891d23ec33fb8432b7cd9bf90b8a5b41fdbab42 No bug found
CS 10.6 opt 061025 d891d23ec33fb8432b7cd9bf90b8a5b41fdbab42 No bug found
CS 10.11 dbg 061025 b1c29632565a594074d9b6c9f3a33dcaca4f508d No bug found
CS 10.11 opt 061025 b1c29632565a594074d9b6c9f3a33dcaca4f508d No bug found
CS 11.4 dbg 061025 5b72e95a8c6f8d11854472ada393d248c20e253b No bug found
CS 11.4 opt 061025 5b72e95a8c6f8d11854472ada393d248c20e253b No bug found
CS 11.8 dbg 061025 8916aeed28af19a7f4d6ff2ab5f33190a2c9fcd2 SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Type_handler_bool::Item_save_in_field
CS 11.8 opt 061025 8916aeed28af19a7f4d6ff2ab5f33190a2c9fcd2 SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Item::save_in_field
CS 11.8 opt 290925 d203a8a5df95e2c5778a304a885fb7aedfbc095e SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Item::save_in_field
CS 12.1 dbg 290925 667c5e0b002a24bc595d60955950200a588f4fb7 SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Type_handler_bool::Item_save_in_field
CS 12.2 dbg 290925 b8a77289639a3b10ada64cf892f02b5cecdb1603 SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Type_handler_bool::Item_save_in_field
CS 12.2 opt 290925 b8a77289639a3b10ada64cf892f02b5cecdb1603 SIGFPE\|Json_schema_multiple_of::validate\|Item_func_json_schema_valid::val_bool\|Item::save_bool_in_field\|Item::save_in_field
ES 10.5 dbg 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
ES 10.5 opt 040825 70586522eacf09d04d49962072e14325a75d8155 No bug found
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found

UBSAN Unique ID

UBSAN|division by zero|sql/json_schema.cc|Json_schema_multiple_of::validate|Item_func_json_schema_valid::val_bool|Item::save_bool_in_field|Item::save_in_field

SIGFPE in Json_schema_multiple_of::validate|Item_func_json_schema_valid::val_bool

Details

Description

Attachments

Activity

People

Dates

Git Integration