[MDEV-27415] main.json_normalize and main.json_equals fail with UBSAN runtime error Created: 2022-01-03  Updated: 2022-05-11  Resolved: 2022-05-11

Status: Closed
Project: MariaDB Server
Component/s: JSON, Tests
Affects Version/s: 10.7
Fix Version/s: 10.7.5, 10.8.2

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: UBSAN
Environment:

cmake /data/src/10.7 -DCMAKE_INSTALL_PREFIX=/data/bld/10.7-ubsan-nightly -DPLUGIN_TOKUDB=NO -DPLUGIN_COLUMNSTORE=NO -DPLUGIN_XPAND=NO -DPLUGIN_OQGRAPH=NO -DPLUGIN_MROONGA=NO -DCMAKE_C_COMPILER=gcc -DCMAKE_CXX_COMPILER=g++ -DCMAKE_BUILD_TYPE=Debug -DWITH_UBSAN=YES -DPLUGIN_SPIDER=NO -DMYSQL_MAINTAINER_MODE=WARN -DWITH_SAFEMALLOC=OFF -DWITH_ZLIB=bundled -DWITH_SSL=bundled -DWITH_PCRE=bundled "-DCMAKE_C_FLAGS=-Og -march=native -mtune=native" "-DCMAKE_CXX_FLAGS=-Og -march=native -mtune=native" -DCMAKE_C_COMPILER=gcc -DCMAKE_CXX_COMPILER=g++ && make -j6 && make install


 Description   

The tests only exist in 10.7+. I have no information whether the root cause affects earlier versions.

10.7 9f2a6bbe

 
main.json_equals                         [ fail ]  Found warnings/errors in server log file!
 
        Test ended at 2022-01-03 18:03:07
 
line
 
/data/src/10.7/strings/json_lib.c:844:25: runtime error: index 200 out of bounds for type 'json_string_char_classes [128]'
 
/data/src/10.7/strings/json_lib.c:844:25: runtime error: load of address 0x564204a58e20 with insufficient space for an object of type 'json_string_char_classes'
 
^ Found warnings in /mnt8t/bld/10.7-ubsan-nightly/mysql-test/var/log/mysqld.1.err
 
ok
 
 
 
/data/src/10.7/strings/json_lib.c:844:25: runtime error: index 200 out of bounds for type 'json_string_char_classes [128]'
 
/data/src/10.7/strings/json_lib.c:844:25: runtime error: load of address 0x55ffc5b46e20 with insufficient space for an object of type 'json_string_char_classes'
 
0x55ffc5b46e20: note: pointer points here
 
 0c 00 00 00  0c 00 00 00 0c 00 00 00  0c 00 00 00 0c 00 00 00  0c 00 00 00 0c 00 00 00  0c 00 00 00
 
              ^

Also happens on 10.8 branch.
Generated at Thu Feb 08 09:52:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.