Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
12.3.1
-
None
-
ubunt22.04
-
Not for Release Notes
Description
Summary
Using JSON_ARRAY_INTERSECT with JSON_ARRAYAGG as the first argument in a grouped query causes a deterministic server crash (SIGSEGV). The same constant second argument works with non-aggregate expressions, and JSON_ARRAYAGG alone works in the same GROUP BY query shape.
Reproducible on MariaDB 12.3.1-MariaDB-asan-log.
Minimal Reproducer
PoC file: poc_json_array_intersect_arrayagg_crash.sql
DROP TABLE IF EXISTS t; |
CREATE TABLE t (g INT, v INT) ENGINE=InnoDB; |
|
|
INSERT INTO t VALUES |
(1, 1), (1, 2), (1, 3),
|
(2, 3), (2, 4);
|
|
|
-- CRASH (SIGSEGV)
|
SELECT g, |
JSON_ARRAY_INTERSECT(JSON_ARRAYAGG(v), '[2,3,4]') AS ix |
FROM t |
GROUP BY g; |
|
|
-- Control: JSON_ARRAYAGG alone — OK
|
SELECT g, JSON_ARRAYAGG(v) FROM t GROUP BY g; |
|
|
DROP TABLE t; |
Expected Result
The query should complete without crashing.
For the sample data, the expected result is:
| g | JSON_ARRAYAGG(v) | JSON_ARRAY_INTERSECT(..., '[2,3,4]') |
|---|---|---|
| 1 | [1,2,3] | [2, 3] |
| 2 | [3,4] | [3, 4] |
Exact JSON formatting may follow MariaDB JSON output formatting rules, but the server should not crash.
Environment
| Item | Value |
|---|---|
| Version | 12.3.1-MariaDB-asan-log |
| Revision | 21a0714a118614982d20bfa504763d7247800091 |
| OS | Linux x86_64, RHEL 8.10 kernel 4.18 |
| Build | ASAN |