MDEV-31147 json_normalize does not work correctly with MSAN build

json_normalize_number(): Avoid accessing str past str_len.
The function would seem to work incorrectly when some digits are
not followed by a decimal point (.) or an exponent (E or e).

1 files changed, 10 insertions, 7 deletions

diff --git a/strings/json_normalize.c b/strings/json_normalize.c
index 0b7f172dae6..2c66c712e81 100644
--- a/strings/json_normalize.c
+++ b/strings/json_normalize.c
@@ -147,13 +147,16 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
 
   magnitude = (long)(j - 1);
 
-  /* skip the . */
-  if (str[i] == '.')
-    ++i;
+  if (i < str_len)
+  {
+    /* skip the . */
+    if (str[i] == '.')
+      ++i;
 
-  /* grab rest of digits before the E */
-  for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
-    buf[j++] = str[i];
+    /* grab rest of digits before the E */
+    for (; i < str_len && str[i] != 'e' && str[i] != 'E'; ++i)
+      buf[j++] = str[i];
+  }
 
   /* trim trailing zeros */
   for (k = j - 1; k && buf[k] == '0'; --k, --j)
@@ -187,7 +190,7 @@ json_normalize_number(DYNAMIC_STRING *out, const char *str, size_t str_len)
 
   err|= dynstr_append_mem(out, STRING_WITH_LEN("E"));
 
-  if (str[i] == 'e' || str[i] == 'E')
+  if (i < str_len && (str[i] == 'e' || str[i] == 'E'))
   {
     char *endptr = NULL;
     /* skip the [eE] */