Details
Description
The following query:
SELECT JSON_QUERY('{ "A": [0,] }', '$.A[-1]');
|
leads to an assertion failure:
mariadbd: /src/mariadb/strings/json_lib.c:1552: json_find_path: Assertion `cur_step->type & JSON_PATH_ARRAY' failed.
|
with the following stacktrace:
Thread 1 (Thread 0x73b78a4f36c0 (LWP 2297261)):
|
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
|
#1 __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:89
|
#2 __GI___pthread_kill (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:100
|
#3 0x00005af9a3183d79 in my_write_core (sig=6) at /src/mariadb/mysys/stacktrace.c:424
|
#4 0x00005af99fee6ac2 in handle_fatal_signal (sig=6) at /src/mariadb/sql/signal_handler.cc:298
|
#5 <signal handler called>
|
#6 __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at ./nptl/pthread_kill.c:44
|
#7 __pthread_kill_internal (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:89
|
#8 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:100
|
#9 0x000077b79a445e2e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
|
#10 0x000077b79a428888 in __GI_abort () at ./stdlib/abort.c:77
|
#11 0x000077b79a4287f0 in __assert_fail_base (fmt=<optimized out>, assertion=<optimized out>, file=<optimized out>, line=<optimized out>, function=<optimized out>) at ./assert/assert.c:118
|
#12 0x00005af9a33ef951 in json_find_path (je=0x7687996dafc8, p=0x7687996daeb8, p_cur_step=0x73b788ff53c0, array_counters=0x7687996daf48) at /src/mariadb/strings/json_lib.c:1552
|
#13 0x00005af99f2b85c8 in Json_path_extractor::extract (this=0x7687996daeb0, mem_root=0x7677996a6530, str=0x73b7894408d0, item_js=0x7687996dabc0, item_jp=0x7687996dacf8, cs=0x5af9b5319340 <my_charset_latin1>, array_counters=0x7687996daf48, func_name_str=0x7687996db080) at /src/mariadb/sql/item_jsonfunc.cc:838
|
#14 0x00005af99f2b722c in Item_func_json_query::val_str (this=0x7687996dadf8, to=0x73b7894408d0) at /src/mariadb/sql/item_jsonfunc.cc:787
|
#15 0x00005af99f582baa in Type_handler::Item_send_str (this=0x5af9b64a71a0 <type_handler_varchar_json>, item=0x7687996dadf8, protocol=0x7677996a08f8, buf=0x73b7894408a0) at /src/mariadb/sql/sql_type.cc:7573
|
#16 0x00005af99ee42c12 in Type_handler_string_result::Item_send (this=0x5af9b64a71a0 <type_handler_varchar_json>, item=0x7687996dadf8, protocol=0x7677996a08f8, buf=0x73b7894408a0) at /src/mariadb/sql/sql_type.h:5648
|
#17 0x00005af99d6e8e6e in Item::send (this=0x7687996dadf8, protocol=0x7677996a08f8, buffer=0x73b7894408a0) at /src/mariadb/sql/item.h:1231
|
#18 0x00005af99d92f2e6 in Protocol::send_result_set_row (this=0x7677996a08f8, row_items=0x7687996da978) at /src/mariadb/sql/protocol.cc:1359
|
#19 0x00005af99ddeb069 in select_send::send_data (this=0x7687996dba68, items=...) at /src/mariadb/sql/sql_class.cc:3348
|
#20 0x00005af99dde8225 in select_result_sink::send_data_with_check (this=0x7687996dba68, items=..., u=0x7677996a4838, sent=0) at /src/mariadb/sql/sql_class.cc:3246
|
#21 0x00005af99e528f76 in JOIN::exec_inner (this=0x7687996dba98) at /src/mariadb/sql/sql_select.cc:5005
|
#22 0x00005af99e5253a3 in JOIN::exec (this=0x7687996dba98) at /src/mariadb/sql/sql_select.cc:4922
|
#23 0x00005af99e531835 in mysql_select (thd=0x7677996a0218, tables=0x0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x7687996dba68, unit=0x7677996a4838, select_lex=0x7687996da6c0) at /src/mariadb/sql/sql_select.cc:5450
|
#24 0x00005af99e4a7933 in handle_select (thd=0x7677996a0218, lex=0x7677996a4758, result=0x7687996dba68, setup_tables_done_option=0) at /src/mariadb/sql/sql_select.cc:636
|
#25 0x00005af99e281998 in execute_sqlcom_select (thd=0x7677996a0218, all_tables=0x0) at /src/mariadb/sql/sql_parse.cc:6172
|
#26 0x00005af99e24fe4d in mysql_execute_command (thd=0x7677996a0218, is_called_from_prepared_stmt=false) at /src/mariadb/sql/sql_parse.cc:3951
|
#27 0x00005af99e2a130c in mysql_parse (thd=0x7677996a0218, rawbuf=0x7687996da5f8 "SELECT JSON_QUERY('{ \"A\": [0,] }', '$.A[-1]')", length=45, parser_state=0x73b7896d2170) at /src/mariadb/sql/sql_parse.cc:7895
|
#28 0x00005af99e21d686 in dispatch_command (command=COM_QUERY, thd=0x7677996a0218, packet=0x764799892219 "", packet_length=45, blocking=true) at /src/mariadb/sql/sql_parse.cc:1878
|
#29 0x00005af99e2116e4 in do_command (thd=0x7677996a0218, blocking=true) at /src/mariadb/sql/sql_parse.cc:1417
|
#30 0x00005af99ef0da2b in do_handle_one_connection (connect=0x7437995e45b8, put_in_cache=true) at /src/mariadb/sql/sql_connect.cc:1503
|
#31 0x00005af99ef0caba in handle_one_connection (arg=0x7437995e4538) at /src/mariadb/sql/sql_connect.cc:1415
|
#32 0x00005af9a16e1710 in pfs_spawn_thread (arg=0x7527995e7098) at /src/mariadb/storage/perfschema/pfs.cc:2198
|
#33 0x000077b79be5f803 in asan_thread_start (arg=0x73b78a4f4000) at ../../../../src/libsanitizer/asan/asan_interceptors.cpp:239
|
#34 0x000077b79a4a3d64 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:448
|
#35 0x000077b79a5373bc in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
Reproduced on main(e85bc65918)
Attachments
Issue Links
- relates to
-
MDEV-24112 Server crash in json_read_string_const_chr or Assertion `cur_step->type & JSON_PATH_KEY' failure in json_find_path
-
- Confirmed
-