MDEV-28762: recursive call of some json functions without stack control

Analysis: Some recursive json functions dont check for stack control Fix: Add check_stack_overrun(). The last argument is NULL because it is not used
2025-07-24 19:42:23 +03:00 · 2022-06-21 14:58:34 +05:30
parent 1848804840
commit dbe39f14fe
4 changed files with 196 additions and 101 deletions
--- a/strings/json_lib.c
+++ b/strings/json_lib.c
@ -1751,104 +1751,3 @@ int json_get_path_next(json_engine_t *je, json_path_t *p)

  return 1;
 }
-
-
-int json_path_parts_compare(
-    const json_path_step_t *a, const json_path_step_t *a_end,
-    const json_path_step_t *b, const json_path_step_t *b_end,
-    enum json_value_types vt)
-{
-  int res, res2;
-
-  while (a <= a_end)
-  {
-    if (b > b_end)
-    {
-      while (vt != JSON_VALUE_ARRAY &&
-             (a->type & JSON_PATH_ARRAY_WILD) == JSON_PATH_ARRAY &&
-             a->n_item == 0)
-      {
-        if (++a > a_end)
-          return 0;
-      }
-      return -2;
-    }
-
-    DBUG_ASSERT((b->type & (JSON_PATH_WILD | JSON_PATH_DOUBLE_WILD)) == 0);
-
-    
-    if (a->type & JSON_PATH_ARRAY)
-    {
-      if (b->type & JSON_PATH_ARRAY)
-      {
-        if ((a->type & JSON_PATH_WILD) || a->n_item == b->n_item)
-          goto step_fits;
-        goto step_failed;
-      }
-      if ((a->type & JSON_PATH_WILD) == 0 && a->n_item == 0)
-        goto step_fits_autowrap;
-      goto step_failed;
-    }
-    else /* JSON_PATH_KEY */
-    {
-      if (!(b->type & JSON_PATH_KEY))
-        goto step_failed;
-    
-      if (!(a->type & JSON_PATH_WILD) &&
-          (a->key_end - a->key != b->key_end - b->key ||
-           memcmp(a->key, b->key, a->key_end - a->key) != 0))
-        goto step_failed;
-
-      goto step_fits;
-    }
-step_failed:
-    if (!(a->type & JSON_PATH_DOUBLE_WILD))
-      return -1;
-    b++;
-    continue;
-
-step_fits:
-    b++;
-    if (!(a->type & JSON_PATH_DOUBLE_WILD))
-    {
-      a++;
-      continue;
-    }
-
-    /* Double wild handling needs recursions. */
-    res= json_path_parts_compare(a+1, a_end, b, b_end, vt);
-    if (res == 0)
-      return 0;
-
-    res2= json_path_parts_compare(a, a_end, b, b_end, vt);
-
-    return (res2 >= 0) ? res2 : res;
-
-step_fits_autowrap:
-    if (!(a->type & JSON_PATH_DOUBLE_WILD))
-    {
-      a++;
-      continue;
-    }
-
-    /* Double wild handling needs recursions. */
-    res= json_path_parts_compare(a+1, a_end, b+1, b_end, vt);
-    if (res == 0)
-      return 0;
-
-    res2= json_path_parts_compare(a, a_end, b+1, b_end, vt);
-
-    return (res2 >= 0) ? res2 : res;
-
-  }
-
-  return b <= b_end;
-}
-
-
-int json_path_compare(const json_path_t *a, const json_path_t *b,
-                      enum json_value_types vt)
-{
-  return json_path_parts_compare(a->steps+1, a->last_step,
-                                 b->steps+1, b->last_step, vt);
-}