Bug#25518504: SOME BIG NUMBERS IN JSON DOCUMENTS BECOME ZERO

Some very large floating-point numbers were silently changed to zero
in JSON documents.

The problem was that RapidJSON returned positive or negative infinity
for these values instead of raising an error, and non-finite values
were not expected in the MySQL code.

Fix: Make Rapid_json_handler::Double() check if the double value is
finite, and raise an error if it is not.

Change-Id: I753f0d4a7a92020a18998ea9ef1d5746e40d0af6

Author: kahatlen

mysql-test/suite/json/r/json_no_table.result

@@ -3338,3 +3338,14 @@ c1	c2	c3	c4
 SELECT SUM(CAST('5.45' AS JSON));
 SUM(CAST('5.45' AS JSON))
 5.45
+#
+# Bug#25518504: SOME BIG NUMBERS IN JSON DOCUMENTS BECOME ZERO
+#
+SELECT CAST('2e308' AS JSON);
+ERROR 22032: Invalid JSON text in argument 1 to function cast_as_json: "Terminate parsing due to Handler error." at position 0.
+SELECT CAST('-2e308' AS JSON);
+ERROR 22032: Invalid JSON text in argument 1 to function cast_as_json: "Terminate parsing due to Handler error." at position 0.
+SELECT CAST('2e309' AS JSON);
+ERROR 22032: Invalid JSON text in argument 1 to function cast_as_json: "Number too big to be stored in double." at position 0.
+SELECT CAST('-2e309' AS JSON);
+ERROR 22032: Invalid JSON text in argument 1 to function cast_as_json: "Number too big to be stored in double." at position 0.

mysql-test/suite/json/t/json_no_table.test

@@ -2334,3 +2334,17 @@ SELECT JSON_SEARCH('["a", "a"]', CAST('one' AS CHAR CHARSET utf16), 'a') AS c1,
 --echo # Bug#25530204: THE RESULT OF SUM ON JSON_EXTRACT LOST THE DECIMAL PART
 --echo #
 SELECT SUM(CAST('5.45' AS JSON));
+
+--echo #
+--echo # Bug#25518504: SOME BIG NUMBERS IN JSON DOCUMENTS BECOME ZERO
+--echo #
+# These statements returned zero instead of raising an error.
+--error ER_INVALID_JSON_TEXT_IN_PARAM
+SELECT CAST('2e308' AS JSON);
+--error ER_INVALID_JSON_TEXT_IN_PARAM
+SELECT CAST('-2e308' AS JSON);
+# These statements correctly returned an error even before the fix.
+--error ER_INVALID_JSON_TEXT_IN_PARAM
+SELECT CAST('2e309' AS JSON);
+--error ER_INVALID_JSON_TEXT_IN_PARAM
+SELECT CAST('-2e309' AS JSON);

sql/json_dom.cc

@@ -15,6 +15,7 @@
 
 #include "json_dom.h"
 
+#include <cmath>                // std::isfinite
 #include <errno.h>
 #include <limits.h>
 #include <math.h>
@@ -574,6 +575,12 @@ class Rapid_json_handler
   bool Double(double d)
   {
     DUMP_CALLBACK("double", state);
+    /*
+      We only accept finite values. RapidJSON normally stops non-finite values
+      from getting here, but sometimes +/-inf values could end up here anyway.
+    */
+    if (!std::isfinite(d))
+      return false;
     return seeing_value(new (std::nothrow) Json_double(d));
   }