MDEV-31032: UBSAN|downcast of address X which does not point to an

object of type 'Item_string' in sql/json_schema.cc Analysis: make_string_literal() returns pointer of type Item_basic_constant which is converted to pointer of type Item_string. Now, Item_string is base class of Item_basic_constant, so the error about downcasting. Fix: using constructor of Item_string type directly instead of downcasting would be more appropriate.
MariaDB · Apr 26, 2023 · 7321c71 · 7321c71
1 parent 4b67ff3
commit 7321c71
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 29 deletions.
diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result
@@ -4649,4 +4649,23 @@ JSON_SCHEMA_VALID(@schema, '9007900000000060')
 SELECT JSON_SCHEMA_VALID(@schema, '9007900000000061');
 JSON_SCHEMA_VALID(@schema, '9007900000000061')
 0
+#
+# MDEV-31032: UBSAN|downcast of address X which does not point to an object of type 
+#             Item_string' in sql/json_schema.cc
+#
+SET @old_sql_mode= @@sql_mode;
+SET @schema='{ "type":"object","patternProperties": { "^I_": {"type":"number"},"^S_" : {"type":"string"} } }';
+SET SESSION sql_mode='empty_string_is_null';
+SELECT JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}');
+JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}')
+1
+SET @@sql_mode= @old_sql_mode;
+SET @property_names='{ "PropertyNames":{ "pattern": "^I_" } }';
+SET GLOBAL sql_mode=17179869183;
+SET @@sql_mode=DEFAULT;
+SELECT JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}');
+JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}')
+1
+SET @@sql_mode= @old_sql_mode;
+set global sql_mode=default;
 # End of 11.1 test
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test
@@ -3543,5 +3543,25 @@ SELECT JSON_SCHEMA_VALID(@schema, '9007900000000001');
 SELECT JSON_SCHEMA_VALID(@schema, '9007900000000060');
 SELECT JSON_SCHEMA_VALID(@schema, '9007900000000061');
 
+--echo #
+--echo # MDEV-31032: UBSAN|downcast of address X which does not point to an object of type 
+--echo #             Item_string' in sql/json_schema.cc
+--echo #
+
+SET @old_sql_mode= @@sql_mode;
+
+SET @schema='{ "type":"object","patternProperties": { "^I_": {"type":"number"},"^S_" : {"type":"string"} } }';
+SET SESSION sql_mode='empty_string_is_null';
+SELECT JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}');
+
+SET @@sql_mode= @old_sql_mode;
+
+SET @property_names='{ "PropertyNames":{ "pattern": "^I_" } }';
+SET GLOBAL sql_mode=17179869183;
+SET @@sql_mode=DEFAULT;
+SELECT JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}');
+
+SET @@sql_mode= @old_sql_mode;
+set global sql_mode=default;
 
 --echo # End of 11.1 test
diff --git a/sql/json_schema.cc b/sql/json_schema.cc
@@ -416,7 +416,7 @@ bool Json_schema_const::validate(const json_engine_t *je,
   json_engine_t temp_je= *je;
   json_engine_t temp_je_2;
   String a_res("", 0, curr_je.s.cs);
-  int err;
+  int err= 0;
 
   if (type != curr_je.value_type)
    return true;
@@ -774,20 +774,8 @@ bool Json_schema_multiple_of::validate(const json_engine_t *je,
   if (je->num_flags & JSON_NUM_FRAC_PART)
     return true;
 
-<<<<<<< HEAD
-  double val= je->s.cs->strntod((char *) je->value,
-                                  je->value_len, &end, &err);
-  double temp= val / multiple_of;
-  bool res= (temp - (long long int)temp) == 0;
-||||||| parent of 628ce9d4f44... MDEV-30705: JSON_SCHEMA_VALID: schema with multipleOf for big value
-  double val= je->s.cs->strntod((char *) je->value,
-                                  je->value_len, &end, &err);
-  double temp= val / this->value;
-  bool res= (temp - (long long int)temp) == 0;
-=======
   longlong val= je->s.cs->strntoll((char *) je->value,
                                   je->value_len, 10, &end, &err);
->>>>>>> 628ce9d4f44... MDEV-30705: JSON_SCHEMA_VALID: schema with multipleOf for big value
 
   return val % multiple_of;
 }
@@ -881,17 +869,9 @@ bool Json_schema_min_len::handle_keyword(THD *thd, json_engine_t *je,
   if (val < 0)
   {
     my_error(ER_JSON_INVALID_VALUE_FOR_KEYWORD, MYF(0), "minLength");
-<<<<<<< HEAD
-    return true;
-  }
-  value= val;
-||||||| parent of 203f63d7bf1... MDEV-30704: JSON_SCHEMA_VALID: multipleOf must be greater than zero
-  value= val;
-=======
     return true;
   }
   value= (int)val;
->>>>>>> 203f63d7bf1... MDEV-30704: JSON_SCHEMA_VALID: multipleOf must be greater than zero
 
   return false;
 }
@@ -949,8 +929,7 @@ bool Json_schema_pattern::handle_keyword(THD *thd, json_engine_t *je,
   my_repertoire_t repertoire= my_charset_repertoire(je->s.cs);
   pattern= thd->make_string_literal((const char*)je->value,
                                              je->value_len, repertoire);
-  str= (Item_string*)current_thd->make_string_literal((const char*)"",
-                                               0, repertoire);
+  str= new (thd->mem_root) Item_string(thd, "", (uint) 0, je->s.cs);
   re.init(je->s.cs, 0);
   re.unset_flag(PCRE2_CASELESS);
 
@@ -2272,9 +2251,7 @@ bool Json_schema_pattern_properties::handle_keyword(THD *thd,
     return true;
   }
 
-  str= (Item_string*)thd->make_string_literal((const char*)"",
-                                                      0,
-                                                      my_charset_repertoire(je->s.cs));
+  str= new (thd->mem_root) Item_string(thd, "", (uint) 0, je->s.cs);
 
   int level= je->stack_p;
   while (json_scan_next(je)==0 && level <= je->stack_p)

diff --git a/sql/json_schema.h b/sql/json_schema.h
@@ -362,7 +362,7 @@ class Json_schema_contains : public Json_schema_keyword
                         const char* key_start,
                         const char* key_end,
                         List<Json_schema_keyword> *all_keywords) override;
-    void set_dependents(Json_schema_keyword *min, Json_schema_keyword *max)
+    void set_dependents(Json_schema_keyword *min, Json_schema_keyword *max) override
     {
       min_contains= min;
       max_contains= max;

diff --git a/sql/json_schema_helper.cc b/sql/json_schema_helper.cc
@@ -61,8 +61,8 @@ uchar* get_key_name(const char *key_name, size_t *length,
 void json_get_normalized_string(json_engine_t *je, String *res,
                                 int *error)
 {
-  char *val_begin= (char*)je->value, *val_end;
-  String val;
+  char *val_begin= (char*)je->value, *val_end= NULL;
+  String val("",0,je->s.cs);
   DYNAMIC_STRING a_res;
 
   if (init_dynamic_string(&a_res, NULL, 0, 0))