Bug #108515 Return value of Json_object::get() not get checked
Submitted: 16 Sep 2022 1:13 Modified: 20 Sep 2022 5:23
Reporter: Li Zhong Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: Compiling Severity:S2 (Serious)
Version:8.0.21 OS:Any
Assigned to: CPU Architecture:Any

[16 Sep 2022 1:13] Li Zhong 
Description:
Hi, I'm researcher on static analysis and we find a potential null pointer dereference bug in MySQL-server-8.0.21 code:

In https://github.com/mysql/mysql-server/blob/mysql-cluster-8.0.21/sql/histograms/equi_height..., json_object.get(buckets_str()) could return buckets_dom as nullptr. So when it is used in buckets_dom->json_type(), it's possible to cause null pointer dereference. 

How to repeat:
We find this by our static analysis tool. The analysis result is checked manually.

Suggested fix:
Add nullptr check on buckets_dom
[16 Sep 2022 5:56] MySQL Verification Team 
Hello Li Zhong,

Thank you for the report and feedback.

regards,
Umesh
[19 Sep 2022 9:14] Tor Didriksen 
Posted by developer:
 
Fixed by

commit a9f89bd42a40cb2c6cda96fe562476426180802f
Author: Priyanka Sangam <priyanka.sangam@oracle.com>
Date:   Tue Jun 28 12:09:43 2022 +0530

    WL#15123 User defined histograms
    
    Contributed by casa zhang
[20 Sep 2022 5:23] Li Zhong 
Thanks for confirmation!