database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

MDEV-28762: recursive call of some json functions without stack control

Browse Source 
Analysis: Some recursive json functions dont check for stack control
Fix: Add check_stack_overrun(). The last argument is NULL because it is not
used
This commit is contained in:
Rucha Deodhar
2022-06-21 19:10:11 +05:30
parent a5dc76a051
commit 5ad14ab272
3 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
mysql-test/main/json_debug_nonembedded.result Normal file
View File

@@ -0,0 +1,13 @@
#
# MDEV-28762: recursive call of some json functions without stack control
#
SET @saved_dbug = @@debug_dbug;
SET debug_dbug='+d,json_check_min_stack_requirement';
SET @json1= '{"key1":"val1"}';
SET @json2= '{"key1":"val1"}';
SELECT JSON_OVERLAPS(@json1, @json2);
ERROR HY000: Thread stack overrun: 'used bytes' used of a 'available' byte stack, and 'X' bytes needed. Consider increasing the thread_stack system variable.
SET @@debug_dbug= @saved_dbug;
#
# End of 10.9 test
#

22
mysql-test/main/json_debug_nonembedded.test Normal file
View File

@@ -0,0 +1,22 @@
-- source include/not_embedded.inc
--source include/have_debug.inc
--echo #
--echo # MDEV-28762: recursive call of some json functions without stack control
--echo #
SET @saved_dbug = @@debug_dbug;
SET debug_dbug='+d,json_check_min_stack_requirement';
SET @json1= '{"key1":"val1"}';
SET @json2= '{"key1":"val1"}';
--replace_regex /overrun: [0-9]* bytes used of a [0-9]* byte stack, and [0-9]* bytes needed/overrun: 'used bytes' used of a 'available' byte stack, and 'X' bytes needed/
--error ER_STACK_OVERRUN_NEED_MORE
SELECT JSON_OVERLAPS(@json1, @json2);
SET @@debug_dbug= @saved_dbug;
--echo #
--echo # End of 10.9 test
--echo #

6
sql/item_jsonfunc.cc
View File

@@ -18,6 +18,7 @@
#include "sql_priv.h"
#include "sql_class.h"
#include "item.h"
#include "sql_parse.h"
/*
@@ -4406,6 +4407,11 @@ int json_find_overlap_with_object(json_engine_t *js, json_engine_t *value,
*/
int check_overlaps(json_engine_t *js, json_engine_t *value, bool compare_whole)
{
DBUG_EXECUTE_IF("json_check_min_stack_requirement",
{alloca(my_thread_stack_size-(STACK_MIN_SIZE));});
if (check_stack_overrun(current_thd, STACK_MIN_SIZE, NULL))
return 0;
switch (js->value_type)
{
case JSON_VALUE_OBJECT: