diff options
| author | Rucha Deodhar <rucha.deodhar@mariadb.com> | 2023-04-17 17:51:34 +0530 |
|---|---|---|
| committer | Rucha Deodhar <rucha.deodhar@mariadb.com> | 2023-04-26 15:15:47 +0530 |
| commit | 7321c71aa187ac55a248e68142df5606249a556e (patch) | |
| tree | 9dbb584bc5a111ec2cbb5744368e5ef73b59d678 | |
| parent | 4b67ff3b256a78994cb23dc4aa2ba531bbb06070 (diff) | |
| download | mariadb-git-7321c71aa187ac55a248e68142df5606249a556e.tar.gz | |
MDEV-31032: UBSAN|downcast of address X which does not point to an
object of type 'Item_string' in sql/json_schema.cc
Analysis: make_string_literal() returns pointer of type
Item_basic_constant which is converted to pointer of type Item_string. Now,
Item_string is base class of Item_basic_constant, so the error about
downcasting.
Fix: using constructor of Item_string type directly instead of
downcasting would be more appropriate.
| -rw-r--r-- | mysql-test/main/func_json.result | 19 | ||||
| -rw-r--r-- | mysql-test/main/func_json.test | 20 | ||||
| -rw-r--r-- | sql/json_schema.cc | 29 | ||||
| -rw-r--r-- | sql/json_schema.h | 2 | ||||
| -rw-r--r-- | sql/json_schema_helper.cc | 4 |
5 files changed, 45 insertions, 29 deletions
diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result index ec70e8b47bf..24581926040 100644 --- a/mysql-test/main/func_json.result +++ b/mysql-test/main/func_json.result @@ -4649,4 +4649,23 @@ JSON_SCHEMA_VALID(@schema, '9007900000000060') SELECT JSON_SCHEMA_VALID(@schema, '9007900000000061'); JSON_SCHEMA_VALID(@schema, '9007900000000061') 0 +# +# MDEV-31032: UBSAN|downcast of address X which does not point to an object of type +# Item_string' in sql/json_schema.cc +# +SET @old_sql_mode= @@sql_mode; +SET @schema='{ "type":"object","patternProperties": { "^I_": {"type":"number"},"^S_" : {"type":"string"} } }'; +SET SESSION sql_mode='empty_string_is_null'; +SELECT JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}'); +JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}') +1 +SET @@sql_mode= @old_sql_mode; +SET @property_names='{ "PropertyNames":{ "pattern": "^I_" } }'; +SET GLOBAL sql_mode=17179869183; +SET @@sql_mode=DEFAULT; +SELECT JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}'); +JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}') +1 +SET @@sql_mode= @old_sql_mode; +set global sql_mode=default; # End of 11.1 test diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test index d5631c1578c..d0588655dff 100644 --- a/mysql-test/main/func_json.test +++ b/mysql-test/main/func_json.test @@ -3543,5 +3543,25 @@ SELECT JSON_SCHEMA_VALID(@schema, '9007900000000001'); SELECT JSON_SCHEMA_VALID(@schema, '9007900000000060'); SELECT JSON_SCHEMA_VALID(@schema, '9007900000000061'); +--echo # +--echo # MDEV-31032: UBSAN|downcast of address X which does not point to an object of type +--echo # Item_string' in sql/json_schema.cc +--echo # + +SET @old_sql_mode= @@sql_mode; + +SET @schema='{ "type":"object","patternProperties": { "^I_": {"type":"number"},"^S_" : {"type":"string"} } }'; +SET SESSION sql_mode='empty_string_is_null'; +SELECT JSON_SCHEMA_VALID (@schema,'{"key1":"val0","key2":0,"I_int":0,"S_":"abc","prop0":"str0"}'); + +SET @@sql_mode= @old_sql_mode; + +SET @property_names='{ "PropertyNames":{ "pattern": "^I_" } }'; +SET GLOBAL sql_mode=17179869183; +SET @@sql_mode=DEFAULT; +SELECT JSON_SCHEMA_VALID(@property_names, '{"I_int1":3, "I_ob1":{"key1":"val1"}}'); + +SET @@sql_mode= @old_sql_mode; +set global sql_mode=default; --echo # End of 11.1 test diff --git a/sql/json_schema.cc b/sql/json_schema.cc index c49a11633af..8f818abc9bb 100644 --- a/sql/json_schema.cc +++ b/sql/json_schema.cc @@ -416,7 +416,7 @@ bool Json_schema_const::validate(const json_engine_t *je, json_engine_t temp_je= *je; json_engine_t temp_je_2; String a_res("", 0, curr_je.s.cs); - int err; + int err= 0; if (type != curr_je.value_type) return true; @@ -774,20 +774,8 @@ bool Json_schema_multiple_of::validate(const json_engine_t *je, if (je->num_flags & JSON_NUM_FRAC_PART) return true; -<<<<<<< HEAD - double val= je->s.cs->strntod((char *) je->value, - je->value_len, &end, &err); - double temp= val / multiple_of; - bool res= (temp - (long long int)temp) == 0; -||||||| parent of 628ce9d4f44... MDEV-30705: JSON_SCHEMA_VALID: schema with multipleOf for big value - double val= je->s.cs->strntod((char *) je->value, - je->value_len, &end, &err); - double temp= val / this->value; - bool res= (temp - (long long int)temp) == 0; -======= longlong val= je->s.cs->strntoll((char *) je->value, je->value_len, 10, &end, &err); ->>>>>>> 628ce9d4f44... MDEV-30705: JSON_SCHEMA_VALID: schema with multipleOf for big value return val % multiple_of; } @@ -881,17 +869,9 @@ bool Json_schema_min_len::handle_keyword(THD *thd, json_engine_t *je, if (val < 0) { my_error(ER_JSON_INVALID_VALUE_FOR_KEYWORD, MYF(0), "minLength"); -<<<<<<< HEAD - return true; - } - value= val; -||||||| parent of 203f63d7bf1... MDEV-30704: JSON_SCHEMA_VALID: multipleOf must be greater than zero - value= val; -======= return true; } value= (int)val; ->>>>>>> 203f63d7bf1... MDEV-30704: JSON_SCHEMA_VALID: multipleOf must be greater than zero return false; } @@ -949,8 +929,7 @@ bool Json_schema_pattern::handle_keyword(THD *thd, json_engine_t *je, my_repertoire_t repertoire= my_charset_repertoire(je->s.cs); pattern= thd->make_string_literal((const char*)je->value, je->value_len, repertoire); - str= (Item_string*)current_thd->make_string_literal((const char*)"", - 0, repertoire); + str= new (thd->mem_root) Item_string(thd, "", (uint) 0, je->s.cs); re.init(je->s.cs, 0); re.unset_flag(PCRE2_CASELESS); @@ -2272,9 +2251,7 @@ bool Json_schema_pattern_properties::handle_keyword(THD *thd, return true; } - str= (Item_string*)thd->make_string_literal((const char*)"", - 0, - my_charset_repertoire(je->s.cs)); + str= new (thd->mem_root) Item_string(thd, "", (uint) 0, je->s.cs); int level= je->stack_p; while (json_scan_next(je)==0 && level <= je->stack_p) diff --git a/sql/json_schema.h b/sql/json_schema.h index fd5f55f5fdc..96e5f8f6719 100644 --- a/sql/json_schema.h +++ b/sql/json_schema.h @@ -362,7 +362,7 @@ class Json_schema_contains : public Json_schema_keyword const char* key_start, const char* key_end, List<Json_schema_keyword> *all_keywords) override; - void set_dependents(Json_schema_keyword *min, Json_schema_keyword *max) + void set_dependents(Json_schema_keyword *min, Json_schema_keyword *max) override { min_contains= min; max_contains= max; diff --git a/sql/json_schema_helper.cc b/sql/json_schema_helper.cc index e843b34b6b2..1b75b15699b 100644 --- a/sql/json_schema_helper.cc +++ b/sql/json_schema_helper.cc @@ -61,8 +61,8 @@ uchar* get_key_name(const char *key_name, size_t *length, void json_get_normalized_string(json_engine_t *je, String *res, int *error) { - char *val_begin= (char*)je->value, *val_end; - String val; + char *val_begin= (char*)je->value, *val_end= NULL; + String val("",0,je->s.cs); DYNAMIC_STRING a_res; if (init_dynamic_string(&a_res, NULL, 0, 0)) |