MDEV-12311 Insufficient check for argument validity in JSON functions.

        Check validity to the end of the JSON in the json_length
        function.

mysql-test/r/func_json.result

@@ -446,6 +446,11 @@ json_length('{"a": 1, "b": {"c": 30}}', '$.b')
 select json_length('{"a": 1, "b": {"c": 30}}');
 json_length('{"a": 1, "b": {"c": 30}}')
 2
+select json_length('{}{');
+json_length('{}{')
+NULL
+Warnings:
+Warning	4038	Syntax error in JSON text in argument 1 to function 'json_length' at position 3
 create table json (j INT);
 show create table json;
 Table	Create Table

mysql-test/t/func_json.test

@@ -180,6 +180,7 @@ select json_length('{}');
 select json_length('[1, 2, {"a": 3}]');
 select json_length('{"a": 1, "b": {"c": 30}}', '$.b');
 select json_length('{"a": 1, "b": {"c": 30}}');
+select json_length('{}{');
 
 create table json (j INT);
 show create table json;

sql/item_jsonfunc.cc

@@ -2130,6 +2130,7 @@ longlong Item_func_json_length::val_int()
   json_engine_t je;
   uint length= 0;
   uint array_counters[JSON_DEPTH_LIMIT];
+  int err;
 
   if ((null_value= args[0]->null_value))
     return 0;
@@ -2171,7 +2172,7 @@ longlong Item_func_json_length::val_int()
   if (json_value_scalar(&je))
     return 1;
 
-  while (json_scan_next(&je) == 0 &&
+  while (!(err= json_scan_next(&je)) &&
          je.state != JST_OBJ_END && je.state != JST_ARRAY_END)
   {
     switch (je.state)
@@ -2190,6 +2191,12 @@ longlong Item_func_json_length::val_int()
     };
   }
 
+  if (!err)
+  {
+    /* Parse to the end of the JSON just to check it's valid. */
+    while (json_scan_next(&je) == 0) {}
+  }
+
   if (!je.s.error)
     return length;