From f33c5e02ba1a9d389d23ce18a791d5b5dd7dd6e8 Mon Sep 17 00:00:00 2001
From: Abhishek Bansal <abhibansal593@gmail.com>
Date: Thu, 5 Mar 2026 02:41:14 +0530
Subject: [PATCH] MDEV-36929: Warning: Memory not freed: 32 on SELECT
 COLUMN_JSON()

Item_func_dyncol_json::val_str() used an internal DYNAMIC_STRING
without ensuring it was freed when mariadb_dyncol_json failed.

Fixed by freeing the string in the failure case.
---
 mysql-test/main/dyncol.result | 6 ++++++
 mysql-test/main/dyncol.test   | 8 ++++++++
 sql/item_strfunc.cc           | 3 +--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/mysql-test/main/dyncol.result b/mysql-test/main/dyncol.result
index 13c0e18f63afa..7b09a5efa851f 100644
--- a/mysql-test/main/dyncol.result
+++ b/mysql-test/main/dyncol.result
@@ -1974,3 +1974,9 @@ var	{"jsn":"\u0000\u0005\u0000l\u0000'\u0000\u0002\u0000)\u0000\u0002\u0000+\u00
 zzz	{"jsn":"\u0000\u0009\u0000�\u0000C\u0000\u0002\u0000E\u0000\u0002\u0000G\u0000\u0003\u0000J\u0000\u0004\u0000N\u0000\u0005\u0000S\u0000\u0005\u0000X\u0000\u0005\u0000]\u0000\u0005\u0000b\u0000\u0005\u0000\u000Cg\u0000\u000Cj\u0000\u000Cm\u0000\u000Cp\u0000\u0005,\u0000\u0005\u001B\u0000\u0005,\u0000\u000C�\u0000\u0007�\u0000f8f9f10pic2box_cbox_gbox_kbox_vf5_id\u000244\u000244\u000232Ahttp://oss.hdb88.com/0/photo/078ee7e7c6464ab68a0483733266a52a.gif\u00080.052272$O\u001E\u0000","volume":193.6}
 drop table t1;
 # End of 10.5 tests
+#
+# MDEV-36929: COLUMN_JSON() does not free an internal dynamic string
+#
+SELECT COLUMN_JSON(1000);
+ERROR HY000: Encountered illegal format of dynamic column string
+# End of 10.6 tests
diff --git a/mysql-test/main/dyncol.test b/mysql-test/main/dyncol.test
index 693c768768f8b..7f38c82f5fbcc 100644
--- a/mysql-test/main/dyncol.test
+++ b/mysql-test/main/dyncol.test
@@ -1026,3 +1026,11 @@ select c1,column_json(d1) as not_crashing from t1 order by c1;
 drop table t1;
 
 --echo # End of 10.5 tests
+
+--echo #
+--echo # MDEV-36929: COLUMN_JSON() does not free an internal dynamic string
+--echo #
+--error ER_DYN_COL_WRONG_FORMAT
+SELECT COLUMN_JSON(1000);
+
+--echo # End of 10.6 tests
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
index d06a076e9de97..c725873523882 100644
--- a/sql/item_strfunc.cc
+++ b/sql/item_strfunc.cc
@@ -4796,9 +4796,9 @@ String *Item_func_dyncol_json::val_str(String *str)
   if ((rc= mariadb_dyncol_json(&col, &json)))
   {
     dynamic_column_error_message(rc);
+    dynstr_free(&json);
     goto null;
   }
-  bzero(&col, sizeof(col));
   {
     /* Move result from DYNAMIC_COLUMN to str */
     char *ptr;
@@ -4811,7 +4811,6 @@ String *Item_func_dyncol_json::val_str(String *str)
   return str;
 
 null:
-  bzero(&col, sizeof(col));
   null_value= TRUE;
   return NULL;
 }