From d555f38af819db8b051c4f754358041f146e83f4 Mon Sep 17 00:00:00 2001 From: Rucha Deodhar Date: Thu, 2 Mar 2023 17:50:19 +0530 Subject: MDEV-30690: Server crashed on function JSON_SCHEMA_VALID with incorrect input json schema Analysis: In case of syntax error while scanning json schema, true is returned inspite of it being wanring and not error. Fix: return true instead of false. --- mysql-test/main/func_json.result | 37 +++++++++++++++++++++++++++++++++++-- mysql-test/main/func_json.test | 25 +++++++++++++++++++++++++ sql/item_jsonfunc.cc | 18 +++++++++++++++--- sql/json_schema.cc | 12 ++++++------ 4 files changed, 81 insertions(+), 11 deletions(-) diff --git a/mysql-test/main/func_json.result b/mysql-test/main/func_json.result index da8cb3008bf..8b4c98ae9fd 100644 --- a/mysql-test/main/func_json.result +++ b/mysql-test/main/func_json.result @@ -3344,9 +3344,9 @@ SET @invalid_schema= '{"type":"object" }'; SELECT JSON_SCHEMA_VALID(@invalid_schema, '{"number1":3, "obj2":{"key1":3}}'); JSON_SCHEMA_VALID(@invalid_schema, '{"number1":3, "obj2":{"key1":3}}') -1 +NULL Warnings: -Warning 4038 Syntax error in JSON text in argument 2 to function 'json_schema_valid' at position 45 +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_schema_valid' at position 45 SET @invalid_json= '{"type":"array", "maxItems": 4, "minItems": 2, @@ -4557,4 +4557,37 @@ JSON_SCHEMA_VALID(@schema_pattern_properties, '{"i_": 50}') SELECT JSON_SCHEMA_VALID(@schema_pattern_properties, '{"i_": 150}'); JSON_SCHEMA_VALID(@schema_pattern_properties, '{"i_": 150}') 1 +# +# MDEV-30690: Server crashed on function JSON_SCHEMA_VALID with incorrect input json schema +# +SET @schema = '{""}'; +SELECT JSON_SCHEMA_VALID(@schema, '1'); +JSON_SCHEMA_VALID(@schema, '1') +NULL +Warnings: +Warning 4037 Unexpected end of JSON text in argument 1 to function 'json_schema_valid' +SET @schema = '{ + "type": "string", + "format" + }'; +SELECT JSON_SCHEMA_VALID(@schema, '1'); +JSON_SCHEMA_VALID(@schema, '1') +NULL +Warnings: +Warning 4037 Unexpected end of JSON text in argument 1 to function 'json_schema_valid' +SET @invalid_schema= '{"type":"object" + "properties":{ + "number1": {"type":"number"}, + "obj2": {"type":"object", + "properties": { + "key1": {"type":"number"} + } + } + } + }'; +SELECT JSON_SCHEMA_VALID(@invalid_schema, '{"number1":3, "obj2":{"key1":3}}'); +JSON_SCHEMA_VALID(@invalid_schema, '{"number1":3, "obj2":{"key1":3}}') +NULL +Warnings: +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_schema_valid' at position 45 # End of 11.1 test diff --git a/mysql-test/main/func_json.test b/mysql-test/main/func_json.test index 4a400f1de90..c417a8ea4f8 100644 --- a/mysql-test/main/func_json.test +++ b/mysql-test/main/func_json.test @@ -3449,4 +3449,29 @@ SELECT JSON_SCHEMA_VALID(@schema_pattern_properties, '{"I_": 150}'); SELECT JSON_SCHEMA_VALID(@schema_pattern_properties, '{"i_": 50}'); SELECT JSON_SCHEMA_VALID(@schema_pattern_properties, '{"i_": 150}'); +--echo # +--echo # MDEV-30690: Server crashed on function JSON_SCHEMA_VALID with incorrect input json schema +--echo # + +SET @schema = '{""}'; +SELECT JSON_SCHEMA_VALID(@schema, '1'); + +SET @schema = '{ + "type": "string", + "format" + }'; +SELECT JSON_SCHEMA_VALID(@schema, '1'); + +SET @invalid_schema= '{"type":"object" + "properties":{ + "number1": {"type":"number"}, + "obj2": {"type":"object", + "properties": { + "key1": {"type":"number"} + } + } + } + }'; +SELECT JSON_SCHEMA_VALID(@invalid_schema, '{"number1":3, "obj2":{"key1":3}}'); + --echo # End of 11.1 test diff --git a/sql/item_jsonfunc.cc b/sql/item_jsonfunc.cc index af0167b5d7e..bea2f697622 100644 --- a/sql/item_jsonfunc.cc +++ b/sql/item_jsonfunc.cc @@ -4729,7 +4729,10 @@ longlong Item_func_json_schema_valid::val_int() int is_valid= 1; if (!schema_parsed) + { + null_value= 1; return 0; + } val= args[1]->val_json(&tmp_val); @@ -4798,10 +4801,19 @@ bool Item_func_json_schema_valid::fix_length_and_dec(THD *thd) &all_keywords)) schema_parsed= true; else - res= true; + schema_parsed= false; - if (je.s.error) - report_json_error(js, &je, 1); + /* + create_object_and_handle_keyword fails when either the json value for + keyword is invalid or when there is syntax error. Return NULL in both + these cases. + */ + if (!schema_parsed) + { + if (je.s.error) + report_json_error(js, &je, 0); + set_maybe_null(); + } return res || Item_bool_func::fix_length_and_dec(thd); } diff --git a/sql/json_schema.cc b/sql/json_schema.cc index dcfae1d8205..a358ef735d0 100644 --- a/sql/json_schema.cc +++ b/sql/json_schema.cc @@ -392,7 +392,7 @@ bool Json_schema_type::handle_keyword(THD *thd, json_engine_t *je, return true; json_assign_type(&type, je); } - return false; + return je->s.error ? true : false; } else if (je->value_type == JSON_VALUE_STRING) { @@ -591,7 +591,7 @@ bool Json_schema_enum::handle_keyword(THD *thd, json_engine_t *je, } } } - return false; + return je->s.error ? true : false; } else { @@ -1595,7 +1595,7 @@ bool Json_schema_required::handle_keyword(THD *thd, json_engine_t *je, this->required_properties.push_back(str, thd->mem_root); } } - return false; + return je->s.error ? true : false; } bool Json_schema_dependent_required::validate(const json_engine_t *je, @@ -1758,7 +1758,7 @@ bool Json_schema_dependent_required::handle_keyword(THD *thd, json_engine_t *je, my_error(ER_JSON_INVALID_VALUE_FOR_KEYWORD, MYF(0), "dependentRequired"); return true; } - return false; + return je->s.error ? true : false; } bool Json_schema_property_names::validate(const json_engine_t *je, @@ -2120,7 +2120,7 @@ bool Json_schema_properties::handle_keyword(THD *thd, json_engine_t *je, } } } - return false; + return je->s.error ? true : false; } bool Json_schema_pattern_properties:: @@ -2806,7 +2806,7 @@ bool create_object_and_handle_keyword(THD *thd, json_engine_t *je, if (add_schema_interdependence(thd, &temporary_list, keyword_list)) return true; - return false; + return je->s.error ? true : false; } uchar* get_key_name_for_property(const char *key_name, size_t *length, -- cgit v1.2.1