From eca15790514f5907add11fff6c91e68d92fbde64 Mon Sep 17 00:00:00 2001 From: Alexey Botchkov Date: Sat, 3 Dec 2016 11:32:47 +0400 Subject: [PATCH] MDEV-11444 Server crashes in String::ptr / Item_func_json_depth::val_int. CAST AS JSON didn't set the null_value mark properly. --- mysql-test/r/func_json.result | 3 +++ mysql-test/t/func_json.test | 2 ++ sql/item_jsonfunc.cc | 7 +++++++ sql/item_jsonfunc.h | 6 +----- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/func_json.result b/mysql-test/r/func_json.result index d0ed75e726c..4e03a867d8d 100644 --- a/mysql-test/r/func_json.result +++ b/mysql-test/r/func_json.result @@ -223,3 +223,6 @@ json_object("a", '{"b": "abcd"}') select json_object("a", cast('{"b": "abcd"}' as json)); json_object("a", cast('{"b": "abcd"}' as json)) {"a": {"b": "abcd"}} +select json_depth(cast(NULL as JSON)); +json_depth(cast(NULL as JSON)) +NULL diff --git a/mysql-test/t/func_json.test b/mysql-test/t/func_json.test index 0245cf382ee..017a9c4e84b 100644 --- a/mysql-test/t/func_json.test +++ b/mysql-test/t/func_json.test @@ -98,3 +98,5 @@ select json_object("a", json_object("b", "abcd")); select json_object("a", '{"b": "abcd"}'); select json_object("a", cast('{"b": "abcd"}' as json)); +select json_depth(cast(NULL as JSON)); + diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc index c22881620ff..fff467c92ae 100644 --- a/sql/item_jsonfunc.cc +++ b/sql/item_jsonfunc.cc @@ -2073,3 +2073,10 @@ void Item_json_typecast::fix_length_and_dec() } +String *Item_json_typecast::val_str(String *str) +{ + String *vs= args[0]->val_str(str); + null_value= args[0]->null_value; + return vs; +} + diff --git a/sql/item_jsonfunc.h b/sql/item_jsonfunc.h index d2d68b4c391..e8d677158ed 100644 --- a/sql/item_jsonfunc.h +++ b/sql/item_jsonfunc.h @@ -420,11 +420,7 @@ public: const char *func_name() const { return "cast_as_json"; } bool is_json_type() { return true; } void fix_length_and_dec(); - String *val_str(String *str) - { - return args[0]->val_str(str); - } - + String *val_str(String *str); Item *get_copy(THD *thd, MEM_ROOT *mem_root) { return get_item_copy(thd, mem_root, this); } };