Commit f1a20ec3 authored by Alexey Botchkov's avatar Alexey Botchkov

MDEV-12311 Insufficient check for argument validity in JSON functions.

        Check validity to the end of the JSON in the json_length
        function.
parent 1f6ada8d
...@@ -446,6 +446,11 @@ json_length('{"a": 1, "b": {"c": 30}}', '$.b') ...@@ -446,6 +446,11 @@ json_length('{"a": 1, "b": {"c": 30}}', '$.b')
select json_length('{"a": 1, "b": {"c": 30}}'); select json_length('{"a": 1, "b": {"c": 30}}');
json_length('{"a": 1, "b": {"c": 30}}') json_length('{"a": 1, "b": {"c": 30}}')
2 2
select json_length('{}{');
json_length('{}{')
NULL
Warnings:
Warning 4038 Syntax error in JSON text in argument 1 to function 'json_length' at position 3
create table json (j INT); create table json (j INT);
show create table json; show create table json;
Table Create Table Table Create Table
......
...@@ -180,6 +180,7 @@ select json_length('{}'); ...@@ -180,6 +180,7 @@ select json_length('{}');
select json_length('[1, 2, {"a": 3}]'); select json_length('[1, 2, {"a": 3}]');
select json_length('{"a": 1, "b": {"c": 30}}', '$.b'); select json_length('{"a": 1, "b": {"c": 30}}', '$.b');
select json_length('{"a": 1, "b": {"c": 30}}'); select json_length('{"a": 1, "b": {"c": 30}}');
select json_length('{}{');
create table json (j INT); create table json (j INT);
show create table json; show create table json;
......
...@@ -2130,6 +2130,7 @@ longlong Item_func_json_length::val_int() ...@@ -2130,6 +2130,7 @@ longlong Item_func_json_length::val_int()
json_engine_t je; json_engine_t je;
uint length= 0; uint length= 0;
uint array_counters[JSON_DEPTH_LIMIT]; uint array_counters[JSON_DEPTH_LIMIT];
int err;
if ((null_value= args[0]->null_value)) if ((null_value= args[0]->null_value))
return 0; return 0;
...@@ -2171,7 +2172,7 @@ longlong Item_func_json_length::val_int() ...@@ -2171,7 +2172,7 @@ longlong Item_func_json_length::val_int()
if (json_value_scalar(&je)) if (json_value_scalar(&je))
return 1; return 1;
while (json_scan_next(&je) == 0 && while (!(err= json_scan_next(&je)) &&
je.state != JST_OBJ_END && je.state != JST_ARRAY_END) je.state != JST_OBJ_END && je.state != JST_ARRAY_END)
{ {
switch (je.state) switch (je.state)
...@@ -2190,6 +2191,12 @@ longlong Item_func_json_length::val_int() ...@@ -2190,6 +2191,12 @@ longlong Item_func_json_length::val_int()
}; };
} }
if (!err)
{
/* Parse to the end of the JSON just to check it's valid. */
while (json_scan_next(&je) == 0) {}
}
if (!je.s.error) if (!je.s.error)
return length; return length;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment