[MDEV-21915] Server crashes in copy_fields,Item_func_group_concat::add while using json_arrayagg() as a window function Created: 2020-03-11  Updated: 2020-05-20  Resolved: 2020-04-29

Status: Closed
Project: MariaDB Server
Component/s: JSON
Affects Version/s: 10.5.2, 10.5.3
Fix Version/s: 10.5.3

Type: Bug Priority: Blocker
Reporter: Alice Sherepa Assignee: Alexey Botchkov
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2, not-10.3, not-10.4, regression

Issue Links:
Duplicate
is duplicated by MDEV-22318 SIGSEGV in copy_fields on JSON SELECT... Closed
Relates
relates to MDEV-16620 Add support for JSON_ARRAYAGG and JSO... Closed
relates to MDEV-22640 SIGSEGV in Item_func_group_concat::ad... Closed

 Description   

KB says that JSON_ARRAYAGG and JSON_OBJECTAGG can be used as as a window function https://mariadb.com/kb/en/json_objectagg/.
While using JSON_OBJECTAGG returns error

MariaDB [test]> SELECT JSON_OBJECTAGG(a,b) over () FROM (select 1 a, 2 b from dual) t;
 
ERROR 1235 (42000): This version of MariaDB doesn't yet support 'GROUP_CONCAT() aggregate as window function'

and JSON_ARRAYAGG:

select json_arrayagg(a) over () from (select 1 a) t;


#4  0x00005628808894d4 in copy_fields (param=0x0) at /10.5/sql/sql_select.cc:25194
 
#5  0x0000562880c494f7 in Item_func_group_concat::add (this=0x7f1e68014250, exclude_nulls=false) at /10.5/sql/item_sum.cc:3998
 
#6  0x0000562880d63183 in Item_func_json_arrayagg::add (this=0x7f1e68014250) at /10.5/sql/item_jsonfunc.h:561
 
#7  0x0000562880a5d3b3 in Frame_cursor::add_value_to_items (this=0x7f1e681b1b60) at /10.5/sql/sql_window.cc:1104
 
#8  0x0000562880a5f4ba in Frame_scan_cursor::compute_values_for_current_row (this=0x7f1e681b1b60) at /10.5/sql/sql_window.cc:2211
 
#9  0x0000562880a5f31e in Frame_scan_cursor::next_partition (this=0x7f1e681b1b60, rownum=0) at /10.5/sql/sql_window.cc:2168
 
#10 0x0000562880a5d5c1 in Cursor_manager::notify_cursors_partition_changed (this=0x7f1e68088d60, rownum=0) at /10.5/sql/sql_window.cc:1167
 
#11 0x0000562880a5b646 in compute_window_func (thd=0x7f1e68000d78, window_functions=..., cursor_managers=..., tbl=0x7f1e681a3290, filesort_result=0x7f1e681acf20) at /10.5/sql/sql_window.cc:2845
 
#12 0x0000562880a5ba85 in Window_func_runner::exec (this=0x7f1e68019298, thd=0x7f1e68000d78, tbl=0x7f1e681a3290, filesort_result=0x7f1e681acf20) at /10.5/sql/sql_window.cc:2968
 
#13 0x0000562880a5bb74 in Window_funcs_sort::exec (this=0x7f1e68019290, join=0x7f1e680165f0, keep_filesort_result=true) at /10.5/sql/sql_window.cc:2996
 
#14 0x0000562880a5c112 in Window_funcs_computation::exec (this=0x7f1e68019270, join=0x7f1e680165f0, keep_last_filesort_result=true) at /10.5/sql/sql_window.cc:3122
 
#15 0x0000562880894240 in AGGR_OP::end_send (this=0x7f1e68019100) at /10.5/sql/sql_select.cc:28786
 
#16 0x000056288087cf2e in sub_select_postjoin_aggr (join=0x7f1e680165f0, join_tab=0x7f1e68018610, end_of_records=true) at /10.5/sql/sql_select.cc:20239
 
#17 0x000056288087c9b9 in do_select (join=0x7f1e680165f0, procedure=0x0) at /10.5/sql/sql_select.cc:20065
 
#18 0x0000562880850ea7 in JOIN::exec_inner (this=0x7f1e680165f0) at /10.5/sql/sql_select.cc:4456
 
#19 0x000056288084ffd3 in JOIN::exec (this=0x7f1e680165f0) at /10.5/sql/sql_select.cc:4237
 
#20 0x00005628808516f4 in mysql_select (thd=0x7f1e68000d78, tables=0x7f1e68015610, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f1e680165c8, unit=0x7f1e68004d80, select_lex=0x7f1e68013c50) at /10.5/sql/sql_select.cc:4661
 
#21 0x0000562880841432 in handle_select (thd=0x7f1e68000d78, lex=0x7f1e68004cb8, result=0x7f1e680165c8, setup_tables_done_option=0) at /10.5/sql/sql_select.cc:415
 
#22 0x000056288080704f in execute_sqlcom_select (thd=0x7f1e68000d78, all_tables=0x7f1e68015610) at /10.5/sql/sql_parse.cc:6147
 
#23 0x00005628807fdd32 in mysql_execute_command (thd=0x7f1e68000d78) at /10.5/sql/sql_parse.cc:3899
 
#24 0x000056288080bee0 in mysql_parse (thd=0x7f1e68000d78, rawbuf=0x7f1e68013b80 "select json_arrayagg(a) over () from (select 1 a) t", length=51, parser_state=0x7f1e79b6c510, is_com_multi=false, is_next_command=false) at /10.5/sql/sql_parse.cc:7926
 
#25 0x00005628807f7b2e in dispatch_command (command=COM_QUERY, thd=0x7f1e68000d78, packet=0x7f1e68008cf9 "", packet_length=51, is_com_multi=false, is_next_command=false) at /10.5/sql/sql_parse.cc:1839
 
#26 0x00005628807f626c in do_command (thd=0x7f1e68000d78) at /10.5/sql/sql_parse.cc:1358
 
#27 0x000056288099532e in do_handle_one_connection (connect=0x5628836d6c38, put_in_cache=true) at /10.5/sql/sql_connect.cc:1422
 
#28 0x000056288099505e in handle_one_connection (arg=0x56288373f718) at /10.5/sql/sql_connect.cc:1319
 
#29 0x0000562880eba8a1 in pfs_spawn_thread (arg=0x5628837b7a88) at /10.5/storage/perfschema/pfs.cc:2201
 
#30 0x00007f1e7fc53fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
 
#31 0x00007f1e7f2844cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95



 Comments   
Comment by Roel Van de Paar [ 2020-04-21 ]

Please fix together with MDEV-22318

Comment by Alexey Botchkov [ 2020-04-29 ]

https://github.com/MariaDB/server/commit/ffc5e00e9c64d64b773178be4a4750ac1613879c

Comment by Alexey Botchkov [ 2020-04-29 ]

So at the moment we can't use JSON_ARRAYAGG and JSON_OBJECTAGG as window functions (just as the GROUP_CONCAT is not allowed there).
Fixed the documentation.

Comment by Roel Van de Paar [ 2020-04-30 ]

Note to self; one more query to test on patch (opt+dbg);

SELECT 0 &(JSON_ARRAYAGG(1)OVER w) FROM (select 1) as dt WINDOW w as ();

Comment by Roel Van de Paar [ 2020-05-04 ]

One additional testcase with somewhat different codepath

CREATE TABLE t1(c1 INT);
 
INSERT INTO t1 VALUES(CONVERT(_ucs2 0x064506480631062F USING utf8));
 
SELECT JSON_ARRAYAGG(null)FROM t1;

Comment by Roel Van de Paar [ 2020-05-04 ]

All testcases pass post-fix. Thank you.

Generated at Thu Feb 08 09:10:48 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.