[#MDEV-12365] Server crashes in in sf_malloc_usable_size / my_free / String::free upon UPDATE with JSON

10.2 1ca8637ae3506
#3 <signal handler called>
#4 0x00007f2872aa58d7 in sf_malloc_usable_size (ptr=0x8, is_thread_specific=0x7f2873212ca7 "") at /data/src/10.2/mysys/safemalloc.c:215
#5 0x00007f2872a9334a in my_free (ptr=0x8) at /data/src/10.2/mysys/my_malloc.c:215
#6 0x00007f2871ff5e7d in String::free (this=0x7f2866c65a48) at /data/src/10.2/sql/sql_string.h:351
#7 0x00007f287217d4ab in String::real_alloc (this=0x7f2866c65a48, length=8) at /data/src/10.2/sql/sql_string.cc:44
#8 0x00007f28720022b3 in String::alloc (this=0x7f2866c65a48, arg_length=8) at /data/src/10.2/sql/sql_string.h:361
#9 0x00007f287217d992 in String::copy (this=0x7f2866c65a48, str=0x7f2866daffd0 "$.foobar", arg_length=8, cs=0x7f28734eabc0 <my_charset_latin1>) at /data/src/10.2/sql/sql_string.cc:185
#10 0x00007f28723b740c in user_var_entry::val_str (this=0x7f2866de0330, null_value=0x7f2866c64d22, str=0x7f2866c65a48, decimals=39) at /data/src/10.2/sql/item_func.cc:4962
#11 0x00007f28723b89c8 in Item_func_get_user_var::val_str (this=0x7f2866c64cb0, str=0x7f2866c65a48) at /data/src/10.2/sql/item_func.cc:5392
#12 0x00007f2872516288 in Item_func_json_search::val_str (this=0x7f2866c64dc0, str=0x7f2866c64df0) at /data/src/10.2/sql/item_jsonfunc.cc:2901
#13 0x00007f2872355259 in Item::save_in_field (this=0x7f2866c64dc0, field=0x7f2866c27ab8, no_conversions=false) at /data/src/10.2/sql/item.cc:6376
#14 0x00007f2872062efa in fill_record (thd=0x7f2866c16070, table_arg=0x7f2866cd7870, fields=..., values=..., ignore_errors=false, update=true) at /data/src/10.2/sql/sql_base.cc:7908
#15 0x00007f2872063495 in fill_record_n_invoke_before_triggers (thd=0x7f2866c16070, table=0x7f2866cd7870, fields=..., values=..., ignore_errors=false, event=TRG_EVENT_UPDATE) at /data/src/10.2/sql/sql_base.cc:8050
#16 0x00007f28721af090 in mysql_update (thd=0x7f2866c16070, table_list=0x7f2866c641d0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f2873214450, updated_return=0x7f2873214500) at /data/src/10.2/sql/sql_update.cc:746
#17 0x00007f28720c8e91 in mysql_execute_command (thd=0x7f2866c16070) at /data/src/10.2/sql/sql_parse.cc:4241
#18 0x00007f28720d452c in mysql_parse (thd=0x7f2866c16070, rawbuf=0x7f2866c64088 "UPDATE t1 SET f = JSON_SEARCH( '{\"foo\":\"bar\"}', 'all' , @str , '%' , @path )", length=76, parser_state=0x7f2873214dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7858
#19 0x00007f28720c25f2 in dispatch_command (command=COM_QUERY, thd=0x7f2866c16070, packet=0x7f2866c58071 "UPDATE t1 SET f = JSON_SEARCH( '{\"foo\":\"bar\"}', 'all' , @str , '%' , @path )", packet_length=76, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1812
#20 0x00007f28720c0f62 in do_command (thd=0x7f2866c16070) at /data/src/10.2/sql/sql_parse.cc:1362
#21 0x00007f2872209f3f in do_handle_one_connection (connect=0x7f286ec654f0) at /data/src/10.2/sql/sql_connect.cc:1358
#22 0x00007f2872209ccc in handle_one_connection (arg=0x7f286ec654f0) at /data/src/10.2/sql/sql_connect.cc:1264
#23 0x00007f2872622658 in pfs_spawn_thread (arg=0x7f286ec4d5f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f28716eb064 in start_thread (arg=0x7f2873216300) at pthread_create.c:309
#25 0x00007f286f8a362d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

[MDEV-12365] Server crashes in in sf_malloc_usable_size / my_free / String::free upon UPDATE with JSON_SEARCH and binlog enabled Created: 2017-03-26 Updated: 2017-05-02 Resolved: 2017-05-02
Status:	Closed
Project:	MariaDB Server
Component/s:	JSON
Affects Version/s:	10.2
Fix Version/s:	10.2.6

[MDEV-12365] Server crashes in in sf_malloc_usable_size / my_free / String::free upon UPDATE with JSON_SEARCH and binlog enabled Created: 2017-03-26 Updated: 2017-05-02 Resolved: 2017-05-02