From e8c419570f7980f123028eb7cc2c226b2bd814f5 Mon Sep 17 00:00:00 2001
From: Alexey Botchkov <holyfoot@askmonty.org>
Date: Sat, 3 Dec 2016 11:02:28 +0400
Subject: [PATCH] MDEV-11442 Server crashes in String::length /
 parse_one_or_all /Item_func_json_contains_path::val_int

        Didn't expect 'one_or_all' parameter to be NULL.
---
 mysql-test/r/func_json.result | 3 +++
 mysql-test/t/func_json.test   | 1 +
 sql/item_jsonfunc.cc          | 3 ++-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/mysql-test/r/func_json.result b/mysql-test/r/func_json.result
index 826514e89f3..fe5c390d88f 100644
--- a/mysql-test/r/func_json.result
+++ b/mysql-test/r/func_json.result
@@ -88,6 +88,9 @@ json_contains_path('{"key1":1, "key2":[2,3]}', "aLl", "$.key1", "$.ma")
 select json_contains_path('{"key1":1, "key2":[2,3]}', "aLl", "$.key1", "$.key2");
 json_contains_path('{"key1":1, "key2":[2,3]}', "aLl", "$.key1", "$.key2")
 1
+select json_contains_path('{ "a": true }', NULL, '$.a' );
+json_contains_path('{ "a": true }', NULL, '$.a' )
+NULL
 select json_extract('{"key1":"asd", "key2":[2,3]}', "$.key1");
 json_extract('{"key1":"asd", "key2":[2,3]}', "$.key1")
 "asd"
diff --git a/mysql-test/t/func_json.test b/mysql-test/t/func_json.test
index 6505c6e5909..85f9d2e2270 100644
--- a/mysql-test/t/func_json.test
+++ b/mysql-test/t/func_json.test
@@ -35,6 +35,7 @@ select json_contains_path('{"key1":1, "key2":[2,3]}', "one", "$.key1");
 select json_contains_path('{"key1":1, "key2":[2,3]}', "one", "$.key1", "$.ma");
 select json_contains_path('{"key1":1, "key2":[2,3]}', "aLl", "$.key1", "$.ma");
 select json_contains_path('{"key1":1, "key2":[2,3]}', "aLl", "$.key1", "$.key2");
+select json_contains_path('{ "a": true }', NULL, '$.a' );
  
 select json_extract('{"key1":"asd", "key2":[2,3]}', "$.key1");
 select json_extract('{"key1":"asd", "key2":[2,3]}', "$.keyX", "$.keyY");
diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc
index 71042021fbd..42ad5470965 100644
--- a/sql/item_jsonfunc.cc
+++ b/sql/item_jsonfunc.cc
@@ -725,7 +725,8 @@ static int parse_one_or_all(Item *ooa_arg,
   {
     char buff[20];
     String *res, tmp(buff, sizeof(buff), &my_charset_bin);
-    res= ooa_arg->val_str(&tmp);
+    if ((res= ooa_arg->val_str(&tmp)) == NULL)
+      return TRUE;
     *mode_one=eq_ascii_string(res->charset(), "one",
                              res->ptr(), res->length());
     if (!*mode_one)