diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result
index 7d60801abec..73cc64d95aa 100644
--- a/mysql-test/main/func_json.result
+++ b/mysql-test/main/func_json.result
@@ -1673,3 +1673,16 @@ DROP TABLE t;
 #
 # End of 10.6 tests
 #
+#
+# MDEV-31147 json_normalize does not work correctly with MSAN build
+#
+CREATE TABLE t1 (val JSON);
+ALTER TABLE t1 ADD COLUMN normalized_json JSON AS (JSON_NORMALIZE(val));
+INSERT INTO t1 (val) VALUES ('15');
+SELECT * FROM t1;
+val	normalized_json
+15	1.5E1
+DROP TABLE t1;
+#
+# End of 10.8 tests
+#
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test
index 9f6c51cbc27..1f61f9abd13 100644
--- a/mysql-test/main/func_json.test
+++ b/mysql-test/main/func_json.test
@@ -1112,3 +1112,16 @@ DROP TABLE t;
 --echo #
 --echo # End of 10.6 tests
 --echo #
+
+--echo #
+--echo # MDEV-31147 json_normalize does not work correctly with MSAN build
+--echo #
+CREATE TABLE t1 (val JSON);
+ALTER TABLE t1 ADD COLUMN normalized_json JSON AS (JSON_NORMALIZE(val));
+INSERT INTO t1 (val) VALUES ('15');
+SELECT * FROM t1;
+DROP TABLE t1;
+
+--echo #
+--echo # End of 10.8 tests
+--echo #
diff --git a/strings/json_normalize.c b/strings/json_normalize.c
index 0b7f172dae6..2c66c712e81 100644
--- a/strings/json_normalize.c
+++ b/strings/json_normalize.c
@@ -147,13 +147,16 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
 
   magnitude = (long)(j - 1);
 
-  /* skip the . */
-  if (str[i] == '.')
-    ++i;
+  if (i < str_len)
+  {
+    /* skip the . */
+    if (str[i] == '.')
+      ++i;
 
-  /* grab rest of digits before the E */
-  for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
-    buf[j++] = str[i];
+    /* grab rest of digits before the E */
+    for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
+      buf[j++] = str[i];
+  }
 
   /* trim trailing zeros */
   for (k = j - 1; k && buf[k] == '0'; --k, --j)
@@ -187,7 +190,7 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
 
   err|= dynstr_append_mem(out, STRING_WITH_LEN("E"));
 
-  if (str[i] == 'e' || str[i] == 'E')
+  if (i < str_len && (str[i] == 'e' || str[i] == 'E'))
   {
     char *endptr = NULL;
     /* skip the [eE] */