VladPolskiy/MariaDB-open-code
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-25 15:08:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

MDEV-28350: Test failing on buildbot with UBSAN

Browse Source 
Analysis: There were two kinds of failing tests on buildbot with UBSAN.
1) runtime error: signed integer overflow and
2) runtime error: load of value is not valid value for type
Signed integer overflow was occuring because addition of two integers
(size of json array + item number in array) was causing overflow in
json_path_parts_compare. This overflow happens because a->n_item_end
wasn't set.
The second error was occuring because c_path->p.types_used is not
initialized but the value is used later on to check for negative path index.
Fix: For signed integer overflow, use a->n_item_end only in case of range
so that it is set.
This commit is contained in:
Rucha Deodhar
2022-04-19 21:43:31 +05:30
parent 3716eaff4e
commit 4730a6982f
2 changed files with 54 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
strings/json_lib.c
View File

@ -1373,6 +1373,8 @@ static int handle_match(json_engine_t *je, json_path_t *p,
(int) (next_step->type & JSON_PATH_KEY_OR_ARRAY))
return json_skip_level(je);
array_counters[next_step - p->steps]= 0;
if (next_step->type & JSON_PATH_ARRAY)
{
int array_size;
@ -1891,21 +1893,22 @@ int json_path_parts_compare(
{
if (b->type & JSON_PATH_ARRAY)
{
int res= 0, corrected_n_item_a= 0, corrected_n_item_end_a= 0;
int res= 0, corrected_n_item_a= 0;
if (array_sizes)
{
corrected_n_item_a= a->n_item < 0 ? array_sizes[b-temp_b] +
a->n_item :
a->n_item;
corrected_n_item_end_a= a->n_item_end < 0 ? array_sizes[b-temp_b] +
a->n_item_end :
a->n_item_end;
}
corrected_n_item_a= a->n_item < 0 ?
array_sizes[b-temp_b] + a->n_item : a->n_item;
if (a->type & JSON_PATH_ARRAY_RANGE)
{
int corrected_n_item_end_a= 0;
if (array_sizes)
corrected_n_item_end_a= a->n_item_end < 0 ?
array_sizes[b-temp_b] + a->n_item_end :
a->n_item_end;
res= b->n_item >= corrected_n_item_a &&
b->n_item <= corrected_n_item_end_a;
b->n_item <= corrected_n_item_end_a;
}
else
res= corrected_n_item_a == b->n_item;
res= corrected_n_item_a == b->n_item;
if ((a->type & JSON_PATH_WILD) || res)
goto step_fits;