MDEV-31599: Assertion `0' failed in Item_param::can_return_value

from Item::val_json, UBSAN: member access within null pointer of type 'struct String' in sql/item_jsonfunc.cc Analysis: The first argument of json_schema_valid() needs to be a constant. Fix: Parse the schema if the item is constant otherwise set it to return null.
MariaDB · Nov 2, 2023 · 5d3e14d · 5d3e14d
1 parent 855356c
commit 5d3e14d
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result
@@ -4762,4 +4762,11 @@ NULL
 SELECT JSON_SCHEMA_VALID(NULL, NULL);
 JSON_SCHEMA_VALID(NULL, NULL)
 NULL
+#
+# MDEV-31599: Assertion `0' failed in Item_param::can_return_value from Item::val_json,
+#             UBSAN: member access within null pointer of type 'struct String' in
+#             sql/item_jsonfunc.cc
+#
+PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL';
+ERROR HY000: Variable schema is not supported.
 # End of 11.1 test
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test
@@ -3647,4 +3647,13 @@ SELECT JSON_SCHEMA_VALID('{}', NULL);
 SELECT JSON_SCHEMA_VALID(NULL, '{}');
 SELECT JSON_SCHEMA_VALID(NULL, NULL);
 
+--echo #
+--echo # MDEV-31599: Assertion `0' failed in Item_param::can_return_value from Item::val_json,
+--echo #             UBSAN: member access within null pointer of type 'struct String' in
+--echo #             sql/item_jsonfunc.cc
+--echo #
+
+--error ER_JSON_NO_VARIABLE_SCHEMA
+PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL';
+
 --echo # End of 11.1 test
diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc
@@ -4798,15 +4798,21 @@ If any of them fails, return false, else return true.
 bool Item_func_json_schema_valid::fix_length_and_dec(THD *thd)
 {
   json_engine_t je;
-  bool res= 0;
+  bool res= 0, is_schema_constant= args[0]->const_item();
 
-  String *js= args[0]->val_json(&tmp_js);
+  String *js= NULL;
 
-  if ((null_value= args[0]->null_value))
+  if (!is_schema_constant || (null_value= args[0]->null_value))
   {
+    if (!is_schema_constant)
+    {
+      my_error(ER_JSON_NO_VARIABLE_SCHEMA, MYF(0));
+    }
     null_value= 1;
     return 0;
   }
+  js= args[0]->val_json(&tmp_js);
+
   json_scan_start(&je, js->charset(), (const uchar *) js->ptr(),
                   (const uchar *) js->ptr() + js->length());
   if (!create_object_and_handle_keyword(thd, &je, &keyword_list,

diff --git a/sql/share/errmsg-utf8.txt b/sql/share/errmsg-utf8.txt
@@ -11972,3 +11972,5 @@ ER_JSON_INVALID_VALUE_FOR_KEYWORD
 ER_JSON_SCHEMA_KEYWORD_UNSUPPORTED
         eng "%s keyword is not supported"
         sw "%s neno kuu halitumiki"
+ER_JSON_NO_VARIABLE_SCHEMA
+        eng "Variable schema is not supported."