Bug #113668 Bug#35513196 in 8.0 (Assertion failed: this_type != enum_json_type::J_ERROR).
Submitted: 17 Jan 18:18 Modified: 18 Jan 13:08
Reporter: Jean-François Gagné Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: JSON Severity:S6 (Debug Builds)
Version:8.0.36 OS:Any
Assigned to: CPU Architecture:Any

[17 Jan 18:18] Jean-François Gagné 
Description:
Hi,

In 8.3.0 release notes, I see that Bug#35513196 is fixed (Assertion failed: this_type != enum_json_type::J_ERROR).  I did not find a reference to this in 8.0.36 release notes, so I took the test in Bug#35513196 commit [1], and ran it on a debug build of 8.0.36 and it crashes.

[1]: https://github.com/mysql/mysql-server/commit/3b081ed1eed68a98ea2fb33c6ceceb846f13609c

Even thought this does not affect release build, I flagged this as S1 (Critical) and not S6 (Debug build) because the consequence might be important (unclear if it is).

Many thanks for looking into this,

Jean-François Gagné

How to repeat:
Use debug binaries of 8.0.36,
run the test for Bug#35513196.
[18 Jan 4:55] MySQL Verification Team 
Hello Jean-François,

Thank you for the back-port(Bug#35513196) request to 8.0.
Confirmed that 8.0.36 debug build is affected.

-
 ./mtr --nocheck-testcases bug113668 --debug-server
Logging: ./mtr  --nocheck-testcases bug113668 --debug-server
MySQL Version 8.0.36
Checking supported features
 - Binaries are debug compiled
Using 'all' suites
Collecting tests
Checking leftover processes
Removing old var directory
Creating var directory '/export/home/tmp/ushastry/mysql-8.0.36/mysql-test/var'
Installing system database
Using parallel: 1

==============================================================================
                  TEST NAME                       RESULT  TIME (ms) COMMENT
------------------------------------------------------------------------------
do
ifnull((mbrcontains(st_pointfromtext(st_aswkt(multipolygon(multilinestring(
linestring( point(8117,-31186), point(31282,20992)), linestring(
point(-10280,-15814),
point(13662,-12122), point(12677,16556)))  )   ,'axis-order=long-lat'))
,point(-12204,-6984)  )  ),(aes_encrypt(bit_length('b ** '   )  ,
benchmark(2,(((version()  )>>((not(
json_objectagg('{"ab":2}'  ,'[{"a":"3"},{"a":2},{"b":1},{"a":0},{"a":[1,2]}]'
)  ))  ))  ))  )  ));
[ 50%] main.bug113668                            [ fail ]
        Test ended at 2024-01-18 05:51:38

CURRENT_TEST: main.bug113668
mysqltest: At line 1: Query 'do
ifnull((mbrcontains(st_pointfromtext(st_aswkt(multipolygon(multilinestring(
linestring( point(8117,-31186), point(31282,20992)), linestring(
point(-10280,-15814),
point(13662,-12122), point(12677,16556)))  )   ,'axis-order=long-lat'))
,point(-12204,-6984)  )  ),(aes_encrypt(bit_length('b ** '   )  ,
benchmark(2,(((version()  )>>((not(
json_objectagg('{"ab":2}'  ,'[{"a":"3"},{"a":2},{"b":1},{"a":0},{"a":[1,2]}]'
)  ))  ))  ))  )  ))' failed.
ERROR 2013 (HY000): Lost connection to MySQL server during query

-bt
Thread 1 (Thread 0x7f11fc2f8700 (LWP 9874)):
#0  0x00007f1241588aa1 in pthread_kill () from /lib64/libpthread.so.0
#1  0x00000000040303c2 in my_write_core(int) ()
#2  0x00000000032d6bc6 in handle_fatal_signal ()
#3  <signal handler called>
#4  0x00007f123f8d3387 in raise () from /lib64/libc.so.6
#5  0x00007f123f8d4a78 in abort () from /lib64/libc.so.6
#6  0x00007f123f8cc1a6 in __assert_fail_base () from /lib64/libc.so.6
#7  0x00007f123f8cc252 in __assert_fail () from /lib64/libc.so.6
#8  0x00000000032b81f8 in Json_wrapper::compare(Json_wrapper const&, CHARSET_INFO const*) const [clone .localalias] ()
#9  0x000000000343b70c in Arg_comparator::compare_json() ()
#10 0x0000000003448275 in Arg_comparator::compare() ()
#11 0x00000000034371d1 in Item_func_eq::val_int() ()
#12 0x00000000030a224d in Item::val_uint() ()
#13 0x00000000034942b9 in long long Item_func_shift::eval_int_op<false>() ()
#14 0x0000000003303e45 in Item_func_shift_right::int_op() ()
#15 0x0000000003477ec3 in Item_func_bit::val_int() ()
#16 0x0000000003489bec in Item_func_benchmark::val_int() ()
#17 0x0000000003476b1d in Item_int_func::val_str(String*) ()
#18 0x00000000034c3b2a in Item_func_aes_encrypt::val_str(String*) ()
#19 0x0000000003435c21 in Item_func_ifnull::str_op(String*) ()
#20 0x000000000347904e in Item_func_numhybrid::val_str(String*) ()
#21 0x000000000341dffc in Item::evaluate(THD*, String*) ()
#22 0x000000000361e4e2 in Query_result_do::send_data(THD*, mem_root_deque<Item*> const&) ()
#23 0x00000000032315eb in Query_expression::ExecuteIteratorQuery(THD*) ()
#24 0x000000000323174a in Query_expression::execute(THD*) ()
#25 0x00000000031bb570 in Sql_cmd_dml::execute_inner(THD*) ()
#26 0x00000000031c4f69 in Sql_cmd_dml::execute(THD*) ()
#27 0x00000000031655ad in mysql_execute_command(THD*, bool) ()
#28 0x00000000031669ef in dispatch_sql_command(THD*, Parser_state*) ()
#29 0x0000000003168022 in dispatch_command(THD*, COM_DATA const*, enum_server_command) ()
#30 0x0000000003169cb9 in do_command(THD*) ()
#31 0x00000000032c8bf0 in handle_connection ()
#32 0x00000000047f0b59 in pfs_spawn_thread ()
#33 0x00007f1241583ea5 in start_thread () from /lib64/libpthread.so.0
#34 0x00007f123f99bb2d in clone () from /lib64/libc.so.6

regards,
Umesh
[18 Jan 5:01] MySQL Verification Team 
Removed "Security Vulnerability" flag and set Severity as per the base bug Bug#35513196.
[18 Jan 13:08] Jean-François Gagné 
Thanks Umesh.  If this is not a security bug and a S6, can we make this bug public ?  Thanks, J-F
[13 Jun 22:09] Jon Stephens 
Fixed in MySQL 8.0.38, 8.4.1, and 9.0.0 by BUG#35513196.

See same for more info.

Closed.