Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
10.11
Description
CLI:
LOCK TABLES mysql.time_zone WRITE;
|
FLUSH PRIVILEGES; |
LOCK TABLE nonexisting WRITE; |
GRANT SELECT ON *.* TO PUBLIC; |
MTR:
USE test; |
GRANT SELECT ON *.* TO PUBLIC; |
LOCK TABLES mysql.time_zone WRITE,mysql.proc WRITE;
|
--error 1100
|
FLUSH PRIVILEGES; |
--error 1146
|
LOCK TABLE nonexisting WRITE; |
--error 1100
|
GRANT SELECT ON *.* TO PUBLIC; |
Leads to:
10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug) |
mysqld: /test/10.11_dbg/sql/sql_acl.cc:3469: void acl_update_role(const char*, privilege_t): Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed.
|
10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug) |
Core was generated by `/test/MD291122-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
[Current thread is 1 (Thread 0x15430a0b0700 (LWP 4172589))]
|
(gdb) bt
|
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
|
#1 0x0000154326c3f859 in __GI_abort () at abort.c:79
|
#2 0x0000154326c3f729 in __assert_fail_base (fmt=0x154326dd5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55587bedc660 "strcasecmp(rolename, public_name.str) || acl_public == role", file=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=3469, function=<optimized out>) at assert.c:92
|
#3 0x0000154326c50fd6 in __GI___assert_fail (assertion=assertion@entry=0x55587bedc660 "strcasecmp(rolename, public_name.str) || acl_public == role", file=file@entry=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=line@entry=3469, function=function@entry=0x55587bedc630 "void acl_update_role(const char*, privilege_t)") at assert.c:101
|
#4 0x000055587b293c90 in acl_update_role (privileges=SELECT_ACL, rolename=0x55587beddead "PUBLIC") at /test/10.11_dbg/sql/sql_acl.cc:3469
|
#5 replace_user_table (thd=thd@entry=0x1542d4000d48, user_table=<optimized out>, combo=combo@entry=0x1542d4013308, rights=rights@entry=SELECT_ACL, revoke_grant=revoke_grant@entry=false, can_create_user=<optimized out>, no_auto_create=false) at /test/10.11_dbg/sql/sql_acl.cc:4936
|
#6 0x000055587b2a2999 in mysql_grant (thd=thd@entry=0x1542d4000d48, db=0x0, list=@0x1542d4005e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1542d4013248, last = 0x1542d4013248, elements = 1}, <No data fields>}, rights=SELECT_ACL, revoke_grant=false, is_proxy=is_proxy@entry=false) at /test/10.11_dbg/sql/sql_acl.cc:2058
|
#7 0x000055587b2a3230 in Sql_cmd_grant_table::execute_table_mask (this=0x1542d4013258, thd=0x1542d4000d48) at /test/10.11_dbg/sql/sql_acl.h:319
|
#8 0x000055587b2a330f in Sql_cmd_grant_table::execute (this=<optimized out>, thd=<optimized out>) at /test/10.11_dbg/sql/sql_acl.cc:12396
|
#9 0x000055587b33ca03 in mysql_execute_command (thd=thd@entry=0x1542d4000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:5999
|
#10 0x000055587b3255a6 in mysql_parse (thd=thd@entry=0x1542d4000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15430a0af300) at /test/10.11_dbg/sql/sql_parse.cc:7998
|
#11 0x000055587b332ae1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1542d4000d48, packet=packet@entry=0x1542d400adf9 "GRANT SELECT ON *.* TO PUBLIC", packet_length=packet_length@entry=29, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
|
#12 0x000055587b334f1f in do_command (thd=0x1542d4000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
|
#13 0x000055587b48fb27 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55587ec543c8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1415
|
#14 0x000055587b48fff6 in handle_one_connection (arg=0x55587ec543c8) at /test/10.11_dbg/sql/sql_connect.cc:1317
|
#15 0x0000154327150609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#16 0x0000154326d3c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Bug confirmed present in:
MariaDB: 10.11.2 (dbg)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.28 (dbg), 10.4.28 (opt), 10.5.19 (dbg), 10.5.19 (opt), 10.6.12 (dbg), 10.6.12 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.7 (dbg), 10.8.7 (opt), 10.9.5 (dbg), 10.9.5 (opt), 10.10.3 (dbg), 10.10.3 (opt), 10.11.2 (opt)
Attachments
Issue Links
- is caused by
-
MDEV-5215 Granted to PUBLIC
-
- Closed
-
Interestingly, using the final
MDEV-5215implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we see stack rendering issues (MTR output):10.11.1 b4e7803a6f4c734fc5f06a0b0d78285510ae0f48
Program terminated with signal SIGABRT, Aborted.
#0 0x000014722399e00b in ?? ()
[Current thread is 1 (LWP 2075610)]
#0 0x000014722399e00b in ?? ()
#1 0x0000000000087007 in ?? ()
#2 0x00001472239f56d0 in ?? ()
#3 0x00001472fbad8000 in ?? ()
#4 0x0000147210114d10 in ?? ()
#5 0x0000147210114d75 in ?? ()
#6 0x0000147210114d10 in ?? ()
#7 0x0000147210114d10 in ?? ()
#8 0x0000147210114dca in ?? ()
#9 0x0000147210114e3c in ?? ()
#10 0x0000147210114d10 in ?? ()
#11 0x0000147210114e3c in ?? ()
#12 0x0000000000000000 in ?? ()
And, as expected, in the commit just before the
MDEV-5215patches, the syntax is invalid:10.11.1 2bd41fc5bf765bb9b1b2caa872070b271fc7c039
mysqltest: At line 2: query 'GRANT SELECT ON *.* TO PUBLIC' failed: ER_INVALID_ROLE (1959): Invalid role specification `PUBLIC`
This issue is thus caused by
MDEV-5215, however, there are some intersting things to observe:1. Stack smashing was present originally, but (it looks like) not anymore now.
2. Using the final
MDEV-5215implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we need to add GRANT SELECT ON . TO PUBLIC; to the start of the CLI testcase (leading to the same crash), but this is no longer necessary in more recent 10.11 builds.As such, it looks like one or more changes (affecting the feature) were applied after commit b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 which change the outcomes.