From 5d3e14d780a227d87ea2831481958ac4d5bbd905 Mon Sep 17 00:00:00 2001 From: Rucha Deodhar Date: Tue, 19 Sep 2023 00:54:19 +0530 Subject: [PATCH] MDEV-31599: Assertion `0' failed in Item_param::can_return_value from Item::val_json, UBSAN: member access within null pointer of type 'struct String' in sql/item_jsonfunc.cc Analysis: The first argument of json_schema_valid() needs to be a constant. Fix: Parse the schema if the item is constant otherwise set it to return null. --- mysql-test/main/func_json.result | 7 +++++++ mysql-test/main/func_json.test | 9 +++++++++ sql/item_jsonfunc.cc | 12 +++++++++--- sql/share/errmsg-utf8.txt | 2 ++ 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result index 23f1bd149fbf6..5cc2b6392bdfd 100644 --- a/mysql-test/main/func_json.result +++ b/mysql-test/main/func_json.result @@ -4762,4 +4762,11 @@ NULL SELECT JSON_SCHEMA_VALID(NULL, NULL); JSON_SCHEMA_VALID(NULL, NULL) NULL +# +# MDEV-31599: Assertion `0' failed in Item_param::can_return_value from Item::val_json, +# UBSAN: member access within null pointer of type 'struct String' in +# sql/item_jsonfunc.cc +# +PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL'; +ERROR HY000: Variable schema is not supported. # End of 11.1 test diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test index d03b744d5d412..5eca4929ca1d4 100644 --- a/mysql-test/main/func_json.test +++ b/mysql-test/main/func_json.test @@ -3647,4 +3647,13 @@ SELECT JSON_SCHEMA_VALID('{}', NULL); SELECT JSON_SCHEMA_VALID(NULL, '{}'); SELECT JSON_SCHEMA_VALID(NULL, NULL); +--echo # +--echo # MDEV-31599: Assertion `0' failed in Item_param::can_return_value from Item::val_json, +--echo # UBSAN: member access within null pointer of type 'struct String' in +--echo # sql/item_jsonfunc.cc +--echo # + +--error ER_JSON_NO_VARIABLE_SCHEMA +PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'') FROM DUAL'; + --echo # End of 11.1 test diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc index fa0a8cbec7f37..284d4fb1813d1 100644 --- a/sql/item_jsonfunc.cc +++ b/sql/item_jsonfunc.cc @@ -4798,15 +4798,21 @@ If any of them fails, return false, else return true. bool Item_func_json_schema_valid::fix_length_and_dec(THD *thd) { json_engine_t je; - bool res= 0; + bool res= 0, is_schema_constant= args[0]->const_item(); - String *js= args[0]->val_json(&tmp_js); + String *js= NULL; - if ((null_value= args[0]->null_value)) + if (!is_schema_constant || (null_value= args[0]->null_value)) { + if (!is_schema_constant) + { + my_error(ER_JSON_NO_VARIABLE_SCHEMA, MYF(0)); + } null_value= 1; return 0; } + js= args[0]->val_json(&tmp_js); + json_scan_start(&je, js->charset(), (const uchar *) js->ptr(), (const uchar *) js->ptr() + js->length()); if (!create_object_and_handle_keyword(thd, &je, &keyword_list, diff --git a/sql/share/errmsg-utf8.txt b/sql/share/errmsg-utf8.txt index 886b20749d744..66414db09923d 100644 --- a/sql/share/errmsg-utf8.txt +++ b/sql/share/errmsg-utf8.txt @@ -11972,3 +11972,5 @@ ER_JSON_INVALID_VALUE_FOR_KEYWORD ER_JSON_SCHEMA_KEYWORD_UNSUPPORTED eng "%s keyword is not supported" sw "%s neno kuu halitumiki" +ER_JSON_NO_VARIABLE_SCHEMA + eng "Variable schema is not supported."