From b62672af720560e40336c86fbe63151e1095f421 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Wed, 30 Jun 2021 21:17:57 +0200
Subject: [PATCH] MDEV-26054 Server crashes in
 Item_func_json_arrayagg::get_str_from_field

Revert "fix JSON_ARRAYAGG not to over-quote json in joins"
This removes 8711adb7863 but keeps the test case.
A different fix is coming up.

Because args can be Item_field's that are later
replaced by Item_direct_view_ref to the actual field.
While Item_field preserved in orig_args will stay unfixed
with item->field==NULL and no metadata
---
 mysql-test/main/func_json.result | 11 +++++++++++
 mysql-test/main/func_json.test   | 11 +++++++++++
 sql/item_jsonfunc.cc             |  4 ++--
 3 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result
index d9a797477ae..cfe15eafa10 100644
--- a/mysql-test/main/func_json.result
+++ b/mysql-test/main/func_json.result
@@ -1382,5 +1382,16 @@ id	materials
 DROP TABLE t1;
 DROP TABLE t2;
 #
+# MDEV-26054 Server crashes in Item_func_json_arrayagg::get_str_from_field
+#
+CREATE TABLE t (a VARCHAR(8));
+CREATE VIEW v AS SELECT * FROM t;
+INSERT INTO t VALUES ('foo'),('bar');
+SELECT JSON_ARRAYAGG(a) AS f FROM v;
+f
+["foo","bar"]
+DROP VIEW v;
+DROP TABLE t;
+#
 # End of 10.5 tests
 #
diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test
index d598809adf5..f96f2be1dea 100644
--- a/mysql-test/main/func_json.test
+++ b/mysql-test/main/func_json.test
@@ -873,6 +873,17 @@ SELECT t1.id, JSON_ARRAYAGG(JSON_OBJECT('id',t2.id) ORDER BY t2.id) as materials
 DROP TABLE t1;
 DROP TABLE t2;
 
+--echo #
+--echo # MDEV-26054 Server crashes in Item_func_json_arrayagg::get_str_from_field
+--echo #
+
+CREATE TABLE t (a VARCHAR(8));
+CREATE VIEW v AS SELECT * FROM t;
+INSERT INTO t VALUES ('foo'),('bar');
+SELECT JSON_ARRAYAGG(a) AS f FROM v;
+DROP VIEW v;
+DROP TABLE t;
+
 --echo #
 --echo # End of 10.5 tests
 --echo #
diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc
index 60c0e4cc2fe..4b63b119a83 100644
--- a/sql/item_jsonfunc.cc
+++ b/sql/item_jsonfunc.cc
@@ -3723,12 +3723,12 @@ String *Item_func_json_arrayagg::get_str_from_item(Item *i, String *tmp)
 }
 
 
-String *Item_func_json_arrayagg::get_str_from_field(Item *, Field *f,
+String *Item_func_json_arrayagg::get_str_from_field(Item *i,Field *f,
     String *tmp, const uchar *key, size_t offset)
 {
   m_tmp_json.length(0);
 
-  if (append_json_value_from_field(&m_tmp_json, *orig_args, f, key, offset, tmp))
+  if (append_json_value_from_field(&m_tmp_json, i, f, key, offset, tmp))
     return NULL;
 
   return &m_tmp_json;